Virus? ww94.btosjs.info...

Olá,

Estava navegando na internet tranquilamente, quando de repente TODAS as paginas que eu entrava eram redirecionadas para a pag: ww94.btosjs.info, então passei o anti-virus e não foi encontrado nenhuma ameaça, depois pesquisei um pouco (por outro computador) e vi em um lugar (http://excluirmalwares.spywareremovalguide.org/excluir-httpww94-btosjs-info-como-excluir-httpww94-btosjs-info-permanentemente) um programa que retirava isso, o SpyHunter, porém após escanear e dar finalidade ao processo aparece que eu preciso comprar o programa completo.

Não sei o que fazer, espero que me ajudem, pois se não vou ter que formatar meu pc.

Obrigado.

Olá elio_hahn

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...da TrendMicro) e salve-o no desktop (Área de Trabalho)

*Execute-o, clique [Do a system scan and save a logfile] e cole o relatório apresentado

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:11:32, on 23/10/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\ARQUIV~1\AVG\AVG2013\avgrsx.exe
C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe
C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\junior\Configurações locais\Dados de aplicativos\Akamai\netsession_win.exe
C:\Documents and Settings\junior\Configurações locais\Dados de aplicativos\Akamai\netsession_win.exe
C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe
C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\junior\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: BHO - {47B614AF-B4CC-485B-B331-BE26F02ED4CC} - C:\Arquivos de programas\Internet Explorer\IEAddon.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: DataMngr - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\ARQUIV~1\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\ARQUIV~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Arquivos de programas\Yontoo\YontooIEClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\ARQUIV~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Arquivos de programas\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\junior\Configurações locais\Dados de aplicativos\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:  c:\arquiv~1\browse~2\sprote~1.dll c:\arquiv~1\websea~1\sprote~1.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

--
End of file - 8698 bytes

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Salve qualquer trabalho aberto e feche o seu navegador

*Execute-o, clique [Examinar] e aguarde o término

*Clique [Limpar] e aguarde o término

*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.

*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Smeenk)

*Extraia o arquivo Zoek.exe para o Desktop (Área de Trabalho)

*Execute o Zoek

*Copie e cole as linhas em marrom no espaço do Zoek

autoclean;
emptyalltemp;

*Feche o seu navegador e clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

*Cole ou anexe o relatório C:\zoek-results.txt

# AdwCleaner v3.010 - Relatório criado 23/10/2013 às 12:48:20
# Atualizado 20/10/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : junior - HAHN-A9DC9A4464
# Executando de : C:\Documents and Settings\junior\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Ask
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\AVG Security Toolbar
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\StarApp
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\BiroWse2esoave
Pasta Deletada : C:\Arquivos de programas\Browser Helper Object
Pasta Deletada : C:\Arquivos de programas\Search Results Toolbar
Pasta Deletada : C:\Arquivos de programas\WebSearch
Pasta Deletada : C:\Arquivos de programas\Yontoo
Pasta Deletada : C:\Documents and Settings\junior\Configurações locais\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\junior\Configurações locais\Dados de aplicativos\Ilivid
Pasta Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\junior\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\junior\Dados de aplicativos\DealPly
Pasta Deletada : C:\Documents and Settings\junior\Dados de aplicativos\eIntaller
Pasta Deletada : C:\Documents and Settings\junior\Dados de aplicativos\ilividtoolbarguid
Pasta Deletada : C:\Documents and Settings\junior\Dados de aplicativos\searchresultstb
Pasta Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\ilividtoolbarguid
Pasta Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\Extensions\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Pasta Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\Extensions\plugin@yontoo.com
Pasta Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\Extensions\gwxq-jy@uoio-.org
[!] Pasta Deletada : C:\Documents and Settings\junior\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
[!] Pasta Deletada : C:\Documents and Settings\junior\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\bjddcmcgjijlmpdliikfbakbkdbjkanp
Arquivo Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Arquivo Deletada : C:\Arquivos de programas\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Arquivo Deletada : C:\WINDOWS\system32\roboot.exe
Arquivo Deletada : C:\DOCUME~1\junior\CONFIG~1\Temp\Uninstall.exe
Arquivo Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\searchplugins\Babylon.xml
Arquivo Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\searchplugins\browsemngr.xml
Arquivo Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\searchplugins\delta.xml
Arquivo Deletada : C:\Arquivos de programas\Mozilla Firefox\searchplugins\portaldosites.xml
Arquivo Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\searchplugins\Search_Results.xml
Arquivo Deletada : C:\Arquivos de programas\Mozilla Firefox\searchplugins\Search_Results.xml
Arquivo Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\searchplugins\WebSearch.xml
Arquivo Deletada : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\user.js
Arquivo Deletada : C:\WINDOWS\Tasks\FindLyrics Update.job

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk
Atalho Desinfectada : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Documents and Settings\junior\Menu Iniciar\Programas\Internet Explorer.lnk
Atalho Desinfectada : C:\Documents and Settings\junior\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk
Atalho Desinfectada : C:\Documents and Settings\junior\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Chave Deletedo : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Chave Deletedo : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Chave Deletedo : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Chave Deletedo : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Chave Deletedo : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Chave Deletedo : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_bbe535ed
Chave Deletedo : HKCU\Software\955888be768ba12
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F34C9277-6577-4DFF-B2D7-7D58092F272F}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe]
Chave Deletedo : HKCU\Software\APN DTX
Chave Deletedo : HKCU\Software\BabylonToolbar
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\findlyrics
Chave Deletedo : HKCU\Software\ilividtoolbarguid
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\StartSearch
Chave Deletedo : HKCU\Software\AppDataLow\SProtector
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\iLividSRTB
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\portaldositesSoftware
Chave Deletedo : HKLM\Software\SP Global
Chave Deletedo : HKLM\Software\SProtector
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Tarma Installer
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Helper Object1.4
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Browser Helper Object1.4
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\findlyrics@findlyrics.co
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\arquiv~1\browse~2\sprote~1.dll
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\arquiv~1\websea~1\sprote~1.dll
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Mozilla Firefox v22.0 (pt-BR)

[ Arquivo : C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\prefs.js ]

Linha deletada : user_pref("aol_toolbar.default.homepage.check", false);
Linha deletada : user_pref("aol_toolbar.default.search.check", false);
Linha deletada : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=NT_ss&mntrId=BCFB001FC6E34E9D");
Linha deletada : user_pref("browser.search.defaultenginename", "portaldosites");
Linha deletada : user_pref("browser.search.defaulturl", "hxxp://websearch.lookforithere.info/?pid=373&r=2013/05/15&hid=2582117210&lg=BR&cc=BR&unqvl=14&l=1&q=");
Linha deletada : user_pref("browser.search.order.1", "portaldosites");
Linha deletada : user_pref("browser.search.selectedEngine", "portaldosites");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=SAMSUNGXHD161HJ_S0V3JDWQ388510&ts=1369750837");
Linha deletada : user_pref("extensions.519410d82bdb8.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};new function(){var a=this;a.domain_storage=\"hxxp://xls.searchfun.in\";a.p[...]
Linha deletada : user_pref("extensions.5194114de1d3e.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};new function(){var a=this;a.domain_storage=\"hxxp://xls.searchfun.in\";a.p[...]
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.id", "bcfbcdfc000000000000001fc6e34e9d");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15666");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=bcfbcdfc000000000000001fc6e34e9d&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Linha deletada : user_pref("extensions.BabylonToolbar_i.newTab", true);
Linha deletada : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119586&babsrc=NT_ss&mntrId=bcfbcdfc000000000000001fc6e34e9d");
Linha deletada : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.814:04:21");
Linha deletada : user_pref("extensions.delta.admin", false);
Linha deletada : user_pref("extensions.delta.aflt", "babsst");
Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
Linha deletada : user_pref("extensions.delta.dfltLng", "en");
Linha deletada : user_pref("extensions.delta.excTlbr", false);
Linha deletada : user_pref("extensions.delta.id", "bcfbcdfc000000000000001fc6e34e9d");
Linha deletada : user_pref("extensions.delta.instlDay", "15768");
Linha deletada : user_pref("extensions.delta.instlRef", "sst");
Linha deletada : user_pref("extensions.delta.newTab", false);
Linha deletada : user_pref("extensions.delta.prdct", "delta");
Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
Linha deletada : user_pref("extensions.delta.rvrt", "false");
Linha deletada : user_pref("extensions.delta.smplGrp", "none");
Linha deletada : user_pref("extensions.delta.tlbrId", "base");
Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linha deletada : user_pref("extensions.delta.vrsn", "1.8.10.0");
Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.10.021:41:36");
Linha deletada : user_pref("extensions.delta.vrsni", "1.8.10.0");
Linha deletada : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Linha deletada : user_pref("extentions.y2layers.installId", "0760cdf8-9c93-4723-af41-9f4f4b01bf94");
Linha deletada : user_pref("keyword.URL", "hxxp://websearch.lookforithere.info/?pid=373&r=2013/05/15&hid=2582117210&lg=BR&cc=BR&unqvl=14&l=1&q=");
Linha deletada : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Linha deletada : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Linha deletada : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Linha deletada : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v30.0.1599.101

[ Arquivo : C:\Documents and Settings\junior\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

Deletedo : homepage

*************************

AdwCleaner[R0].txt - [27629 octets] - [23/10/2013 12:47:06]
AdwCleaner[S0].txt - [25173 octets] - [23/10/2013 12:48:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25234 octets] ##########




Zoek.exe Version 4.0.0.5 Updated 22-October-2013
Tool run by junior on qua 23/10/2013 at 12:59:21,90.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\junior\Desktop\zoek.exe [Script inserted]

==== System Restore Info ======================

23/10/2013 13:00:20 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default

user.js not found
---- Lines Search removed from prefs.js ----


---- Lines Search modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1367903695828,\"rdfTime\":1232725720000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Arquivos de programas\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1380679749009,\"rdfTime\":1380679748696}}},{\"name\":\"app-profile\",\"addons\":{\"gwxq-jy@uoio-.org\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\gwxq-jy@uoio-.org\",\"mtime\":1368974555839,\"rdfTime\":1368658253000},\"i.3fn@ytcqmthgiuti.net\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\i.3fn@ytcqmthgiuti.net\",\"mtime\":1368974555470,\"rdfTime\":1368658136000},\"plugin@yontoo.com\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\plugin@yontoo.com\",\"mtime\":1366598502640,\"rdfTime\":1366147144000},\"{1FD91A9C-410C-4090-BBCC-55D3450EF433}\":{\"descriptor\":\"C:\\\\Arquivos de programas\\\\Search Results Toolbar\\\\Datamngr\\\\FirefoxExtension\",\"mtime\":1352608595031,\"rdfTime\":1352608593437},\"{f34c9277-6577-4dff-b2d7-7d58092f272f}\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\{f34c9277-6577-4dff-b2d7-7d58092f272f}\",\"mtime\":1352608557328,\"rdfTime\":1348527710000}}}]");

---- Lines yontoo removed from prefs.js ----


---- Lines yontoo modified from prefs.js ----

user_pref("extensions.enabledAddons", "plugin%40yontoo.com:1.20.02,%7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0");
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1367903695828,\"rdfTime\":1232725720000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Arquivos de programas\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1380679749009,\"rdfTime\":1380679748696}}},{\"name\":\"app-profile\",\"addons\":{\"gwxq-jy@uoio-.org\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\gwxq-jy@uoio-.org\",\"mtime\":1368974555839,\"rdfTime\":1368658253000},\"i.3fn@ytcqmthgiuti.net\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\i.3fn@ytcqmthgiuti.net\",\"mtime\":1368974555470,\"rdfTime\":1368658136000},\"plugin@yontoo.com\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\plugin@yontoo.com\",\"mtime\":1366598502640,\"rdfTime\":1366147144000},\"{1FD91A9C-410C-4090-BBCC-55D3450EF433}\":{\"descriptor\":\"C:\\\\Arquivos de programas\\\\disabledResults Toolbar\\\\Datamngr\\\\FirefoxExtension\",\"mtime\":1352608595031,\"rdfTime\":1352608593437},\"{f34c9277-6577-4dff-b2d7-7d58092f272f}\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\{f34c9277-6577-4dff-b2d7-7d58092f272f}\",\"mtime\":1352608557328,\"rdfTime\":1348527710000}}}]");

---- Lines Search Results removed from prefs.js ----


---- Lines Search Results modified from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ----


---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1367903695828,\"rdfTime\":1232725720000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Arquivos de programas\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1380679749009,\"rdfTime\":1380679748696}}},{\"name\":\"app-profile\",\"addons\":{\"gwxq-jy@uoio-.org\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\gwxq-jy@uoio-.org\",\"mtime\":1368974555839,\"rdfTime\":1368658253000},\"i.3fn@ytcqmthgiuti.net\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\i.3fn@ytcqmthgiuti.net\",\"mtime\":1368974555470,\"rdfTime\":1368658136000},\"plugin@disabled.com\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\plugin@disabled.com\",\"mtime\":1366598502640,\"rdfTime\":1366147144000},\"{1FD91A9C-410C-4090-BBCC-55D3450EF433}\":{\"descriptor\":\"C:\\\\Arquivos de programas\\\\disabledResults Toolbar\\\\Datamngr\\\\FirefoxExtension\",\"mtime\":1352608595031,\"rdfTime\":1352608593437},\"{f34c9277-6577-4dff-b2d7-7d58092f272f}\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\junior\\\\Dados de aplicativos\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dytgevnr.default\\\\extensions\\\\{f34c9277-6577-4dff-b2d7-7d58092f272f}\",\"mtime\":1352608557328,\"rdfTime\":1348527710000}}}]");

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- Lines browser.startup.page modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs_20132310_1305_.backup

==== Deleting Files \ Folders ======================

C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default\extensions\plugin@yontoo.com not found
C:\Documents and Settings\junior\Dados de aplicativos\YoudaGames deleted
C:\Documents and Settings\All Users\Dados de aplicativos\InstallMate deleted
C:\Documents and Settings\All Users\Dados de aplicativos\WinterSoft deleted
C:\Documents and Settings\junior\AppData\LocalLow\DataMngr deleted
C:\Documents and Settings\junior\Desktop\SoftonicDownloader_para_pokemon-revolution.exe deleted
C:\Documents and Settings\junior\Desktop\AdwCleaner.exe deleted
"C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [07/05/2013 03:14]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default
- Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- BiroWse2esoave - %ProfilePath%\extensions\i.3fn@ytcqmthgiuti.net

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\junior\Dados de aplicativos\Mozilla\Firefox\Profiles\dytgevnr.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Arquivos de programas\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update
69AA47F09AA281C7D3C7716CA7E283B4 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
380F9A643A149B9030142E7171EFA91B - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
C04FCB7EEBEB5097B30468828F20FB9E - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U9
2C82D753EF779945977C82A3908DA20A - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
kkkeikdkpjenmoiicggnnodbkebafgpc - C:\Arquivos de programas\Internet Explorer\cr_addon.crx[22/11/2012 14:03]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{005384A3-0B8F-4AA1-A84A-43ADDBB0A655} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1047E6E5-2C24-F941-F786-E94450B7968F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{19FB6980-7C31-FF8F-2A5B-98A2F8E682FE} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{34FC93B3-B05E-61DE-3187-EC7E5E1A015D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AA769623-DC5C-4DBD-AF56-947E7195B4D5} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DFC2878A-CD93-4601-A4EA-85B10421A57C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skymonk2 deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\junior\Configurações locais\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\junior\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

Clique com o botão direito do mouse no Zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Copie e cole a linha em marrom no espaço do Zoek

jfmjfhklogoienhpfnppmbcbjfjnkonk;chr

*Clique [Run Script]  e cole o relatório C:\zoek-results.txt


Informe se foi resolvido para que possamos remover os programas usados.

não tem como executar como adm, acho q porque meu windows é o xp..

elio_hahn escreveu:não tem como executar como adm, acho q porque meu windows é o xp..

Opa!!

Falha nossa!!...


Execute o Zoek e siga o procedimento.

Agora ficou normal... valeuu nossa d+ esse forum, vou recomendar pra todos meu amigos
Otimo trabalho.


Zoek.exe Version 4.0.0.5 Updated 22-October-2013
Tool run by junior on qui 24/10/2013 at 0:03:12,78.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\junior\Desktop\zoek.exe [Script inserted]

==== Older Logs ======================

C:\zoek-results2013-10-23-150709.log 14901 bytes

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
kkkeikdkpjenmoiicggnnodbkebafgpc - C:\Arquivos de programas\Internet Explorer\cr_addon.crx[22/11/2012 14:03]

==== EOF on qui 24/10/2013 at 0:03:56,09 ======================

Clique com o botão direito do mouse no Zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Copie e cole a linha em marrom no espaço do Zoek

kkkeikdkpjenmoiicggnnodbkebafgpc;chr

*Clique [Run Script]  e cole o relatório C:\zoek-results.txt


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Execute-o, deixe selecionadas as opções Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Run] e cole o relatório apresentado


Um abraço...

CASO RESOLVIDO

Caso o(a) autor(a) do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.