Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
Antonio33

Firefox e Chrome Fechando e abrindo I Explorer

14 posts neste tópico

Solicitação de Análise de Logs

Já fiz todos os procedimentos solicitados no Tópico Oficial...

Quando eu começo a utilizar o firefox ou chrome, esses navegadores se fecham e automaticamente abre-se o Internet Explorer. tenteri ficar utilizando o IE e até o próprio ficou lento.

Já fiz limpeza, escaneei com dois antispywares diferentes (spybot e malwarebytes anti-alware) e busquei erros com ccleaner mas o problema persistiu. Gostaria que os senhores me ajudassem com esse problema.

Segue meu Log para exame:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:12:31, on 18/12/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\ExpressDownloader\EDUpdater.exe

C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe

C:\Users\Antonio\AppData\Roaming\Claro\ouc.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\PROGRA~2\NITROP~1\READER~1\NITROP~2.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Users\Antonio\Desktop\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: DVDomclear Villart GT8 - {10B5B05E-D1AC-476E-9035-3B0FF8BED668} - C:\DVDomcl\marquezan\AcroRToll.dll

O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.8\PriceGongIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

O2 - BHO: (no name) - {61628E2A-4FF9-4454-992D-D92A8CD27399} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

O3 - Toolbar: (no name) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - (no file)

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

O4 - HKCU\..\Run: [installShield] C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut1_289C7D1A2C35454081CC86EC0D39CC25.exe

O4 - HKCU\..\Run: [installShield859] C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut1_289C7D1A2C35454081CC86EC0D39CC25.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Claro] "C:\Program Files (x86)\Claro\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent

O4 - HKCU\..\Run: [igfxTray] C:\Users\Antonio\AppData\Roaming\BSplayer\AC3 Filter\DoolTripp.cpl

O4 - HKCU\..\Run: [msc] C:\Users\Antonio\AppData\Roaming\BSplayer\AC3 Filter\Kaymono.cpl

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB4407D-6F0C-443D-B307-354395003C28}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe

O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 16232 bytes

Editado por Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK, primeiramente desinstale o Spybot, é um Software ultrapassado que mais atrapalha que ajuda......

Poste o resultado que foi encontrado pelo Malwarebytes..

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE:Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Novo resultados do Malwarebytes..

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.12.17.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Antonio :: ANTONIO-PC [administrador]

18/12/2012 16:56:00

mbam-log-2012-12-18 (16-56-00).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 216707

Tempo decorrido: 4 minuto(s), 17 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Editado por Antonio33

''

Compartilhar este post


Link para o post
Compartilhar em outros sites

Após o uso do COMBOFIX a máquina reiniciou mas não aceitou a minha senha no modo normal.

Entrei em modo de segurança e o combofiz gerou um relatório.

Reiniciei tentando entrar em modo normal mas novamente minha senha não foi aceita. Entrei novamente em modo de segurança e restaurei o sistema a um ponto anterior ao uso do combofix e consegui entrar novamente em modo normal.

Após restaurar o sistema o uso do combofix foi inútil? Como devo proceder agora?

Abaixo o log do combofix, caso seja útil. Obrigado

ComboFix 12-12-17.02 - Antonio 18/12/2012 17:06:24.1.3 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3895.2186 [GMT -3:00]

Executando de: c:\users\Antonio\Desktop\ComboFix.exe

AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Amazon.ico

c:\programdata\MercadoLivre.ico

c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut1_289C7D1A2C35454081CC86EC0D39CC25.exe

c:\windows\IsUn0416.exe

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\regobj.dll

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

c:\windows\SysWow64\wpcap.dll

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-18 to 2012-12-18 ))))))))))))))))))))))))))))

.

.

2012-12-17 17:19 . 2012-12-17 17:19 -------- d-----w- C:\tmp

2012-12-17 17:18 . 2012-12-17 17:18 -------- d-----w- C:\DVDomcl

2012-12-12 14:24 . 2012-12-12 14:24 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2012-12-08 11:25 . 2012-12-08 11:25 28672 ----a-r- c:\users\Antonio\AppData\Roaming\Microsoft\Installer\{FF9392D7-F9A0-4030-9B30-F40FBBEFC5D1}\_71135402F516_4B37_899D_0051C8E3119D.exe

2012-12-08 11:25 . 2012-12-14 17:28 -------- d-----w- c:\program files (x86)\BioEstat 5.0

2012-12-07 16:31 . 2012-12-07 16:45 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2012-12-06 12:51 . 2012-12-06 12:51 -------- d-----w- c:\users\Antonio\AppData\Roaming\ExpressDownloader

2012-12-06 12:51 . 2012-12-06 12:51 -------- d-----w- c:\program files (x86)\ExpressDownloader

2012-11-29 09:13 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-29 09:13 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-27 14:49 . 2012-11-27 14:49 -------- d-----w- c:\program files (x86)\PriceGong

2012-11-21 18:00 . 2012-11-21 18:00 -------- d-----w- c:\users\Antonio\AppData\Roaming\VDownloader

2012-11-21 18:00 . 2012-11-21 18:00 -------- d-----w- c:\program files\WinPcap

2012-11-21 18:00 . 2012-11-22 21:09 -------- d-----w- c:\users\Antonio\AppData\Local\VDownloader

2012-11-21 18:00 . 2010-01-26 14:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2012-11-21 18:00 . 2012-11-26 15:29 -------- d-----w- c:\program files\VDownloader

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 16:40 . 2012-07-30 10:27 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 16:40 . 2011-08-25 14:49 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-12 07:47 . 2012-11-12 07:47 312160 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-11-08 14:06 . 2012-08-29 14:10 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-09-29 22:54 . 2012-10-27 13:35 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{10B5B05E-D1AC-476E-9035-3B0FF8BED668}]

2012-12-17 17:23 950076 ----a-w- c:\dvdomcl\marquezan\AcroRToll.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]

2012-10-21 07:26 450472 ----a-w- c:\program files (x86)\PriceGong\2.6.8\PriceGongIE.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-11-08 14:06 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-06-07 00:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HW_OPENEYE_OUC_Claro"="c:\program files (x86)\Claro\UpdateDog\ouc.exe" [2009-07-27 110592]

"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-10-19 11325376]

"IgfxTray"="c:\users\Antonio\AppData\Roaming\BSplayer\AC3 Filter\DoolTripp.cpl" [2012-12-17 539462]

"msc"="c:\users\Antonio\AppData\Roaming\BSplayer\AC3 Filter\Kaymono.cpl" [2012-12-17 404992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-08 997320]

"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]

"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-29 1022048]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_01\bin\jusched.exe"

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-25 834544]

R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 57696]

R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-12 312160]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]

R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe [2009-03-03 89600]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2009-05-15 2682616]

R2 avgfws;Firewall do AVG;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]

R2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 59904]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Mouse Driver\KMWDSrv.exe [2009-09-01 1821184]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-07-19 216080]

R2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]

R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]

R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-06-03 1932592]

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-09-09 98304]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-09-09 28672]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-09-09 218624]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]

R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 29184]

R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 19504]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-11-27 25136]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-09 87040]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 16:40]

.

2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 18:35]

.

2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 18:35]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2009-08-21 16:06 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2009-08-21 16:06 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-09 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-09 390680]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-09 410136]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-08-25 5107712]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Baixar com Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm

IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 150.161.71.254 150.161.6.1 192.168.0.1

TCP: Interfaces\{9FB4407D-6F0C-443D-B307-354395003C28}: NameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://isearch.avg.com?cid=%7Bf312e46f-c843-4da3-9666-47bdadd8f936%7D&mid=b9ba261ec1f347d1aa3369e52920aff3-0d16cb4c9745d733b5013ce3613875cf063ac5be&ds=AVG&v=12.2.5.32〈=pt-br&pr=pa&d=2011-11-30%2008%3A29%3A20&sap=hp

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf312e46f-c843-4da3-9666-47bdadd8f936%7D&mid=b9ba261ec1f347d1aa3369e52920aff3-0d16cb4c9745d733b5013ce3613875cf063ac5be&ds=AVG&v=13.2.0.5〈=pt-br&pr=pa&d=2011-11-30%2008%3A29%3A20&sap=ku&q=

FF - ExtSQL: 2012-11-09 11:10; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; c:\users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

FF - ExtSQL: 2012-11-12 20:51; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2012-11-27 11:49; {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}; c:\users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

FF - ExtSQL: 2012-12-07 12:17; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

FF - ExtSQL: !HIDDEN! 2011-08-26 18:09; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - ExtSQL: !HIDDEN! 2012-08-15 11:16; 39ffxtbr@MapsGalaxy_39.com; c:\program files (x86)\MapsGalaxy_39\bar\1.bin

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112842&tt=3212_5

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - f22bbc9b00000000000078e400b6b80a

FF - user.js: extensions.BabylonToolbar.instlDay - 15559

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.611:28

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

URLSearchHooks-{e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

Toolbar-{e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

Toolbar-{364ea597-e728-4ce4-bb4a-ed846ef47970} - (no file)

Wow6432Node-HKCU-Run-InstallShield - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut1_289C7D1A2C35454081CC86EC0D39CC25.exe

Wow6432Node-HKCU-Run-InstallShield859 - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut1_289C7D1A2C35454081CC86EC0D39CC25.exe

Wow6432Node-HKCU-Run-DriverMax_RESTART - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{E0301295-AB3E-4AF3-979F-3D453C5F9F48} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-12-18 17:28:42 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-12-18 20:28

ComboFix2.txt 2012-10-28 15:09

.

Pré-execução: 4,605,722,624 bytes disponíveis

Pós execução: 4,055,486,464 bytes disponíveis

.

- - End Of File - - 4D6AD4CC0209F2FA4C7554211AC24B67

Blz, eu repeti o procedimento, rodeio o Combofix no modo de segurança, mas ainda assim não consigo entrar no windows normal, pois a minha senha é rejeitada. O que faço agora?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ja reiniciei mais que duas vezes

Restaurei o sistema e tentei rodar o AVG, pois era o problema de uma pessoa na internet.

Só que meu antivírus tava bloqueado para uso, desinstalei, mas quando tentei instalar outro tive conflitos para descompactar pastas e o computador esquentou (pode ter sido impressão minha) e desligou sozinho.

O que eu faço agora?

Compartilhar este post


Link para o post
Compartilhar em outros sites

pois era o problema de uma pessoa na internet.

Não entendi isto....

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mousesobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log Adware Cleaner

# AdwCleaner v2.101 - Logfile created 12/19/2012 at 11:57:21

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Antonio - ANTONIO-PC

# Boot Mode : Normal

# Running from : C:\Users\Antonio\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Users\Antonio\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

File Deleted : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\searchplugins\Conduit.xml

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\Claro

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\PriceGong

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong

Folder Deleted : C:\Users\Antonio\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Antonio\AppData\Local\Conduit

Folder Deleted : C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Folder Deleted : C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda

Folder Deleted : C:\Users\Antonio\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Antonio\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\Antonio\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Antonio\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Antonio\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Antonio\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Antonio\AppData\LocalLow\SweetIM

Folder Deleted : C:\Users\Antonio\AppData\LocalLow\uTorrentBar_PT

Folder Deleted : C:\Users\Antonio\AppData\Roaming\Claro

Folder Deleted : C:\Users\Antonio\AppData\Roaming\Media Finder

Folder Deleted : C:\Users\Antonio\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Folder Deleted : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\ConduitCommon

Folder Deleted : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\CT2851643

Folder Deleted : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

Folder Deleted : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}

Folder Deleted : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Folder Deleted : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\extensions\toolbar@ask.com

Folder Deleted : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\SweetPacksToolbarData

Folder Deleted : C:\Users\Antonio\AppData\Roaming\OpenCandy

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar_PT

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda

Key Deleted : HKCU\Software\MediaFinder

Key Deleted : HKCU\Software\Microsoft\Babylon

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO

Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl

Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\uTorrentBar_PT

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{830C0BF7-9D90-4BF1-9450-96707BBBCCBF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{926199F5-515D-4AC1-9AA1-04BFDDC8A848}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (pt-BR)

Profile name : default

File : C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\prefs.js

C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\idlei1gl.default\user.js ... Deleted !

Deleted : user_pref("CT2851643..clientLogIsEnabled", false);

Deleted : user_pref("CT2851643..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2851643..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2851643.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2851643.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2851643.AppTrackingLastCheckTime", "Wed Aug 22 2012 13:35:50 GMT-0300 (Hora oficial do [...]

Deleted : user_pref("CT2851643.CTID", "CT2851643");

Deleted : user_pref("CT2851643.CurrentServerDate", "19-12-2012");

Deleted : user_pref("CT2851643.DSInstall", false);

Deleted : user_pref("CT2851643.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2851643.DialogsGetterLastCheckTime", "Wed Dec 19 2012 10:20:51 GMT-0300 (Hora oficial d[...]

Deleted : user_pref("CT2851643.DownloadReferralCookieData", "");

Deleted : user_pref("CT2851643.EMailNotifierPollDate", "Wed Dec 19 2012 10:20:44 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT2851643.FeedLastCount1733423638652034402", 501);

Deleted : user_pref("CT2851643.FeedPollDate2429156812186649977", "Wed Dec 19 2012 10:20:47 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813040823546", "Wed Dec 19 2012 10:20:44 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813130095866", "Wed Dec 19 2012 10:20:44 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813224203613", "Wed Dec 19 2012 10:20:44 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813230837251", "Wed Dec 19 2012 10:20:47 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813454291735", "Wed Dec 19 2012 10:20:44 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813729834876", "Wed Dec 19 2012 10:20:44 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813860870021", "Wed Dec 19 2012 10:20:47 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156814264681793", "Wed Dec 19 2012 10:20:47 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156814863075366", "Wed Dec 19 2012 10:20:44 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156815257761081", "Wed Dec 19 2012 10:20:44 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedTTL2429156813040823546", 15);

Deleted : user_pref("CT2851643.FeedTTL2429156813130095866", 10);

Deleted : user_pref("CT2851643.FeedTTL2429156813454291735", 5);

Deleted : user_pref("CT2851643.FeedTTL2429156814264681793", 5);

Deleted : user_pref("CT2851643.FirstServerDate", "19-7-2012");

Deleted : user_pref("CT2851643.FirstTime", true);

Deleted : user_pref("CT2851643.FirstTimeFF3", true);

Deleted : user_pref("CT2851643.FirstTimeHiddenVer", true);

Deleted : user_pref("CT2851643.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2851643.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2851643.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2851643.HPInstall", false);

Deleted : user_pref("CT2851643.HasUserGlobalKeys", true);

Deleted : user_pref("CT2851643.HomePageProtectorEnabled", false);

Deleted : user_pref("CT2851643.HomepageBeforeUnload", "about:home");

Deleted : user_pref("CT2851643.Initialize", true);

Deleted : user_pref("CT2851643.InitializeCommonPrefs", true);

Deleted : user_pref("CT2851643.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2851643.InstallationId", "fftDC72.tmp.exe");

Deleted : user_pref("CT2851643.InstallationType", "XPE");

Deleted : user_pref("CT2851643.InstalledDate", "Thu Jul 19 2012 17:33:39 GMT-0300 (Hora oficial do Brasil)");

Deleted : user_pref("CT2851643.IsAlertDBUpdated", true);

Deleted : user_pref("CT2851643.IsGrouping", false);

Deleted : user_pref("CT2851643.IsInitSetupIni", true);

Deleted : user_pref("CT2851643.IsMulticommunity", false);

Deleted : user_pref("CT2851643.IsOpenThankYouPage", true);

Deleted : user_pref("CT2851643.IsOpenUninstallPage", false);

Deleted : user_pref("CT2851643.LanguagePackLastCheckTime", "Tue Dec 18 2012 12:12:19 GMT-0300 (Hora oficial do[...]

Deleted : user_pref("CT2851643.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2851643.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2851643.LastLogin_3.13.0.6", "Fri Jul 20 2012 12:56:47 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2851643.LastLogin_3.14.1.0", "Mon Aug 27 2012 17:10:21 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2851643.LastLogin_3.15.1.0", "Mon Nov 12 2012 14:27:42 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2851643.LastLogin_3.16.0.3", "Wed Dec 19 2012 10:20:48 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2851643.LatestVersion", "3.16.0.3");

Deleted : user_pref("CT2851643.Locale", "pt");

Deleted : user_pref("CT2851643.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2851643.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2851643.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2851643.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2851643.OriginalFirstVersion", "3.13.0.6");

Deleted : user_pref("CT2851643.SearchCaption", "uTorrentBar_PT Customized Web Search");

Deleted : user_pref("CT2851643.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Deleted : user_pref("CT2851643.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2851643.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]

Deleted : user_pref("CT2851643.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2851643.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2851643.SearchInNewTabLastCheckTime", "Tue Dec 18 2012 10:49:58 GMT-0300 (Hora oficial [...]

Deleted : user_pref("CT2851643.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2851643.SearchProtectorEnabled", false);

Deleted : user_pref("CT2851643.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2851643.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT2851643.ServiceMapLastCheckTime", "Tue Dec 18 2012 12:12:19 GMT-0300 (Hora oficial do B[...]

Deleted : user_pref("CT2851643.SettingsLastCheckTime", "Wed Dec 19 2012 10:20:43 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT2851643.SettingsLastUpdate", "1354706882");

Deleted : user_pref("CT2851643.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851643&SearchSource=13");

Deleted : user_pref("CT2851643.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2851643.ThirdPartyComponentsLastCheck", "Mon Dec 17 2012 14:24:01 GMT-0300 (Hora oficia[...]

Deleted : user_pref("CT2851643.ThirdPartyComponentsLastUpdate", "1331806008");

Deleted : user_pref("CT2851643.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2851643.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851643");

Deleted : user_pref("CT2851643.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2851643.UserID", "UN97197758365583967");

Deleted : user_pref("CT2851643.ValidationData_Search", 2);

Deleted : user_pref("CT2851643.ValidationData_Toolbar", 2);

Deleted : user_pref("CT2851643.WeatherNetwork", "");

Deleted : user_pref("CT2851643.WeatherPollDate", "Wed Dec 19 2012 10:20:47 GMT-0300 (Hora oficial do Brasil)")[...]

Deleted : user_pref("CT2851643.WeatherUnit", "C");

Deleted : user_pref("CT2851643.alertChannelId", "1243677");

Deleted : user_pref("CT2851643.autoDisableScopes", -1);

Deleted : user_pref("CT2851643.backendstorage.cb_experience_000", "313839");

Deleted : user_pref("CT2851643.backendstorage.cb_firstuse0100", "31");

Deleted : user_pref("CT2851643.backendstorage.cb_user_id_000", "43423331373434383538303438345F46697265666F78")[...]

Deleted : user_pref("CT2851643.backendstorage.cbcountry_001", "4252");

Deleted : user_pref("CT2851643.backendstorage.cbfirsttime", "546875204A756C20313920323031322031373A33333A34372[...]

Deleted : user_pref("CT2851643.backendstorage.cbopenmamsettings", "30");

Deleted : user_pref("CT2851643.backendstorage.pairingkey", "41374238414135334330313139453238393236324430423445[...]

Deleted : user_pref("CT2851643.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]

Deleted : user_pref("CT2851643.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3[...]

Deleted : user_pref("CT2851643.backendstorage.uttorrents", "7B226275696C64223A32373536382C226C6162656C223A5B5D[...]

Deleted : user_pref("CT2851643.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2851643.globalFirstTimeInfoLastCheckTime", "Thu Dec 13 2012 11:51:41 GMT-0300 (Hora ofi[...]

Deleted : user_pref("CT2851643.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2851643.initDone", true);

Deleted : user_pref("CT2851643.isAppTrackingManagerOn", false);

Deleted : user_pref("CT2851643.myStuffEnabled", true);

Deleted : user_pref("CT2851643.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2851643.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2851643.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2851643.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2851643.navigateToUrlOnSearch", false);

Deleted : user_pref("CT2851643.oldAppsList", "129351530870587943,129351530870900444,1000234,129791406994403775[...]

Deleted : user_pref("CT2851643.revertSettingsEnabled", true);

Deleted : user_pref("CT2851643.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2851643.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2851643.testingCtid", "");

Deleted : user_pref("CT2851643.toolbarAppMetaDataLastCheckTime", "Tue Dec 18 2012 12:37:51 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.toolbarContextMenuLastCheckTime", "Fri Dec 14 2012 08:27:19 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.usagesFlag", 2);

Deleted : user_pref("CT3196716..clientLogIsEnabled", false);

Deleted : user_pref("CT3196716..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3196716..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3196716.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_129774122767598898", true);

Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_8478564928926792879", true);

Deleted : user_pref("CT3196716.CT3196716", "CT3196716");

Deleted : user_pref("CT3196716.CurrentServerDate", "14-5-2012");

Deleted : user_pref("CT3196716.DSChangedManually", true);

Deleted : user_pref("CT3196716.DSInstall", true);

Deleted : user_pref("CT3196716.DSProtectChoice", true);

Deleted : user_pref("CT3196716.DSProtectCount", 1);

Deleted : user_pref("CT3196716.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3196716.DialogsGetterLastCheckTime", "Fri May 11 2012 16:07:15 GMT-0300 (Hora oficial d[...]

Deleted : user_pref("CT3196716.DownloadReferralCookieData", "");

Deleted : user_pref("CT3196716.EMailNotifierPollDate", "Mon May 14 2012 09:25:47 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT3196716.EnableClickToSearchBox", false);

Deleted : user_pref("CT3196716.EnableSearchHistory", false);

Deleted : user_pref("CT3196716.EnableSearchSuggest", false);

Deleted : user_pref("CT3196716.ExternalComponentPollDate129755756828511878", "Sun May 13 2012 18:47:19 GMT-030[...]

Deleted : user_pref("CT3196716.ExternalComponentPollDate129757581393447276", "Sun May 13 2012 18:47:19 GMT-030[...]

Deleted : user_pref("CT3196716.FirstServerDate", "11-5-2012");

Deleted : user_pref("CT3196716.FirstTime", true);

Deleted : user_pref("CT3196716.FirstTimeFF3", true);

Deleted : user_pref("CT3196716.FirstTimeHiddenVer", true);

Deleted : user_pref("CT3196716.FixPageNotFoundErrors", false);

Deleted : user_pref("CT3196716.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3196716.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3196716.HPInstall", true);

Deleted : user_pref("CT3196716.HPProtectChoice", true);

Deleted : user_pref("CT3196716.HPProtectCount", 1);

Deleted : user_pref("CT3196716.HasUserGlobalKeys", true);

Deleted : user_pref("CT3196716.HomePageProtectorEnabled", true);

Deleted : user_pref("CT3196716.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=[...]

Deleted : user_pref("CT3196716.Initialize", true);

Deleted : user_pref("CT3196716.InitializeCommonPrefs", true);

Deleted : user_pref("CT3196716.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT3196716.InstallationType", "Unknown");

Deleted : user_pref("CT3196716.InstalledDate", "Fri May 11 2012 16:07:17 GMT-0300 (Hora oficial do Brasil)");

Deleted : user_pref("CT3196716.InvalidateCache", false);

Deleted : user_pref("CT3196716.IsAlertDBUpdated", true);

Deleted : user_pref("CT3196716.IsGrouping", false);

Deleted : user_pref("CT3196716.IsInitSetupIni", true);

Deleted : user_pref("CT3196716.IsMulticommunity", false);

Deleted : user_pref("CT3196716.IsOpenThankYouPage", true);

Deleted : user_pref("CT3196716.IsOpenUninstallPage", true);

Deleted : user_pref("CT3196716.IsProtectorsInit", true);

Deleted : user_pref("CT3196716.LanguagePackLastCheckTime", "Sun May 13 2012 19:09:16 GMT-0300 (Hora oficial do[...]

Deleted : user_pref("CT3196716.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3196716.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3196716.LastLogin_3.12.2.3", "Mon May 14 2012 08:08:49 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT3196716.LatestVersion", "3.12.2.3");

Deleted : user_pref("CT3196716.Locale", "en");

Deleted : user_pref("CT3196716.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3196716.MCDetectTooltipShow", false);

Deleted : user_pref("CT3196716.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3196716.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3196716.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT3196716.OriginalFirstVersion", "3.12.2.3");

Deleted : user_pref("CT3196716.RadioIsPodcast", false);

Deleted : user_pref("CT3196716.RadioLastCheckTime", "Sun May 13 2012 19:09:20 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT3196716.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT3196716.RadioLastUpdateServer", "3");

Deleted : user_pref("CT3196716.RadioMediaID", "9962");

Deleted : user_pref("CT3196716.RadioMediaType", "Media Player");

Deleted : user_pref("CT3196716.RadioMenuSelectedID", "EBRadioMenu_CT3196716_RECENT9962");

Deleted : user_pref("CT3196716.RadioShrinkedFromSetup", false);

Deleted : user_pref("CT3196716.RadioStationName", "California%20Rock");

Deleted : user_pref("CT3196716.RadioStationURL", "hxxp://feedlive.net/california.asx");

Deleted : user_pref("CT3196716.RadioVolume", "100");

Deleted : user_pref("CT3196716.SHRINK_TOOLBAR", 1);

Deleted : user_pref("CT3196716.SavedHomepage", "www.google.com.br");

Deleted : user_pref("CT3196716.SearchBackToDefaultEngine", false);

Deleted : user_pref("CT3196716.SearchCaption", "WiseConvert Customized Web Search");

Deleted : user_pref("CT3196716.SearchEngineBeforeUnload", "Google");

Deleted : user_pref("CT3196716.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]

Deleted : user_pref("CT3196716.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3196716.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3196716.SearchInNewTabLastCheckTime", "Sun May 13 2012 19:09:13 GMT-0300 (Hora oficial [...]

Deleted : user_pref("CT3196716.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3196716.SearchInNewTabUserEnabled", false);

Deleted : user_pref("CT3196716.SearchProtectorEnabled", false);

Deleted : user_pref("CT3196716.SearchProtectorToolbarDisabled", true);

Deleted : user_pref("CT3196716.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT3196716.ServiceMapLastCheckTime", "Sun May 13 2012 19:09:16 GMT-0300 (Hora oficial do B[...]

Deleted : user_pref("CT3196716.SettingsLastCheckTime", "Mon May 14 2012 08:08:40 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT3196716.SettingsLastUpdate", "1336477626");

Deleted : user_pref("CT3196716.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13");

Deleted : user_pref("CT3196716.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Fri May 11 2012 16:07:08 GMT-0300 (Hora oficia[...]

Deleted : user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT3196716.ToolbarDisabled", false);

Deleted : user_pref("CT3196716.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT3196716.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3196716");

Deleted : user_pref("CT3196716.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3196716.UserID", "UN27330227125225996");

Deleted : user_pref("CT3196716.ValidationData_Toolbar", 2);

Deleted : user_pref("CT3196716.WeatherNetwork", "");

Deleted : user_pref("CT3196716.WeatherPollDate", "Mon May 14 2012 09:08:45 GMT-0300 (Hora oficial do Brasil)")[...]

Deleted : user_pref("CT3196716.WeatherUnit", "C");

Deleted : user_pref("CT3196716.alertChannelId", "1613210");

Deleted : user_pref("CT3196716.approveUntrustedApps", true);

Deleted : user_pref("CT3196716.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el8:", "6E6D6E6C6A6B71767370");

Deleted : user_pref("CT3196716.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747374727071777C7976242F4B4947[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cj=j>dm9g?>>si)til-yj", "247E61393F236B25747578772A212C[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cjc<=fbj#ncf'sd", "247E61393F236B25757574752A212C6E414F[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cjg<?=<njpojh(shk,xi", "247E61393F236B25767875722A212C6[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e31;cji5e k@c", "247E61393F236B2573787229202B6D404E434C3179[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Deleted : user_pref("CT3196716.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Deleted : user_pref("CT3196716.backendstorage./9b-0?3g>d", "396A6B3C6A6B73437A714572762049757721254D217B232A53[...]

Deleted : user_pref("CT3196716.backendstorage./9b-0?3g@6:5;", "");

Deleted : user_pref("CT3196716.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");

Deleted : user_pref("CT3196716.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]

Deleted : user_pref("CT3196716.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");

Deleted : user_pref("CT3196716.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...]

Deleted : user_pref("CT3196716.backendstorage./9b5ba==9cjag", "696C6E6A6D3F41427A7047747878497D4E7A4C7D4F");

Deleted : user_pref("CT3196716.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6C6A6B71767276787772");

Deleted : user_pref("CT3196716.backendstorage./9b9643g3/9e", "6A");

Deleted : user_pref("CT3196716.backendstorage./9b<:222h64<", "393F352F3E");

Deleted : user_pref("CT3196716.backendstorage./9b=+03eh8h8j?:", "4443");

Deleted : user_pref("CT3196716.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Deleted : user_pref("CT3196716.backendstorage./9b?b0d:8aj62<h", "6D");

Deleted : user_pref("CT3196716.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Deleted : user_pref("CT3196716.backendstorage.event_data", "253542253544");

Deleted : user_pref("CT3196716.backendstorage.fired_events", "");

Deleted : user_pref("CT3196716.backendstorage.key_date", "3134");

Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.exipres", "576564204D617920313620323031322031363A[...]

Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.geolocation", "6272617A696C");

Deleted : user_pref("CT3196716.components.1000034", false);

Deleted : user_pref("CT3196716.components.1000082", false);

Deleted : user_pref("CT3196716.components.1000234", false);

Deleted : user_pref("CT3196716.components.129755756828511878", false);

Deleted : user_pref("CT3196716.components.129755756829761921", false);

Deleted : user_pref("CT3196716.components.129755756831011964", false);

Deleted : user_pref("CT3196716.components.129755756831793241", false);

Deleted : user_pref("CT3196716.components.129757581393447276", false);

Deleted : user_pref("CT3196716.components.129774122767598898", false);

Deleted : user_pref("CT3196716.components.8478564928926792879", false);

Deleted : user_pref("CT3196716.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Fri May 11 2012 16:07:10 GMT-0300 (Hora ofi[...]

Deleted : user_pref("CT3196716.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3196716.initDone", true);

Deleted : user_pref("CT3196716.isAppTrackingManagerOn", true);

Deleted : user_pref("CT3196716.isFirstRadioInstallation", false);

Deleted : user_pref("CT3196716.isSearchProtectorNotifyChanges", false);

Deleted : user_pref("CT3196716.myStuffEnabled", true);

Deleted : user_pref("CT3196716.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3196716.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3196716.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3196716.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3196716.navigateToUrlOnSearch", false);

Deleted : user_pref("CT3196716.revertSettingsEnabled", true);

Deleted : user_pref("CT3196716.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3196716.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3196716.testingCtid", "");

Deleted : user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Sun May 13 2012 19:09:16 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Fri May 11 2012 16:07:16 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT3196716.usageEnabled", false);

Deleted : user_pref("CT3196716.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3196716&Search[...]

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "WiseConvert Customized Web Search");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851643/CT2851643[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3196716/CT3196716[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243677/1239350/BR", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1613210/1606743/BR", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/31130/30609/BR", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851643", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3196716", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851643",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3196716",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt", "\"48d[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Antonio\\AppData\\Roaming\\Mozilla\[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7Bf31[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3196716,CT2851643");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3196716,CT2851643");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3196716,CT2851643");

Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon May 14 2012 09:31:00 GMT-0300 (Hor[...]

Deleted : user_pref("CommunityToolbar.globalUserId", "41ff1810-4e6c-4f52-85a2-a6140684f13a");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Dec 17 2012 13:14:3[...]

Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jul 21 2012 09:57:35 GMT-030[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Dec 18 2012 13:27:55 GMT-0300 (H[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "2a64643d-60b4-43fd-8d4b-ac903d68ef58");

Deleted : user_pref("CommunityToolbar.originalHomepage", "www.google.com.br");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112842&tt=3212_5&babsrc=NT_ss&mntr[...]

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "WiseConvert Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&Sea[...]

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

Deleted : user_pref("browser.startup.homepage", "hxxps://isearch.avg.com?cid=%7Bf312e46f-c843-4da3-9666-47bdad[...]

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "f22bbc9b00000000000078e400b6b80a");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15559");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112842&tt=3212_5");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112842&tt=3212_[...]

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.611:28:41");

Deleted : user_pref("extensions.toolbar.mindspark._39Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={9088733B-5293-4F98-A312-D9364581C0C5}&m[...]

Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");

Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");

Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");

Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");

Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000.10009");

Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");

Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");

Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");

Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");

Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]

Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");

Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");

Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]

Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");

Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");

Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]

Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");

Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");

Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]

Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");

Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");

Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]

Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");

Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");

Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");

Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");

Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]

Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true");

Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

Deleted : user_pref("sweetim.toolbar.mode.debug", "false");

Deleted : user_pref("sweetim.toolbar.newtab.created", "false");

Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bf312e46f-c84[...]

Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]

Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");

Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");

Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");

Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");

Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "true");

Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");

Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");

Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");

Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");

Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");

Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");

Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");

Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");

Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");

Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]

Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");

Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");

Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");

Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");

Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]

Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]

Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");

Deleted : user_pref("sweetim.toolbar.simapp_id", "{0CF84E35-3FA4-11E2-9EC8-B8AC6FC44600}");

Deleted : user_pref("sweetim.toolbar.version", "1.7.0.3");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_signature":"phw9zpFjYj/Xuu1NADmZ708vJVhe7Sncarfi9gWD8I0=","_version":4,"extensions":{"i[...]

*************************

AdwCleaner[R1].txt - [108023 octets] - [19/12/2012 11:56:20]

AdwCleaner[s1].txt - [56924 octets] - [19/12/2012 11:57:21]

########## EOF - C:\AdwCleaner[s1].txt - [56985 octets] ##########

Log JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.1.8 (12.17.2012:1)

OS: Windows 7 Ultimate x64

Ran by Antonio on 19/12/2012 at 12:01:50.61

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\Internet Explorer\toolbar\webbrowser\\{364ea597-e728-4ce4-bb4a-ed846ef47970}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\Internet Explorer\toolbar\\{364ea597-e728-4ce4-bb4a-ed846ef47970}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\Internet Explorer\searchscopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\Internet Explorer\searchscopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Antonio\appdata\local\mapsgalaxy_39"

Successfully deleted: [Folder] "C:\Users\Antonio\appdata\locallow\mapsgalaxy_39"

Successfully deleted: [Folder] "C:\Program Files (x86)\mapsgalaxy_39"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\idlei1gl.default\extensions\39ffxtbr@MapsGalaxy_39.com

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\39ffxtbr@mapsgalaxy_39.com

Successfully deleted the following from C:\Users\Antonio\AppData\Roaming\mozilla\firefox\profiles\idlei1gl.default\prefs.js

user_pref("extensions.toolbar.mindspark._39Members_.initialized", true);

user_pref("extensions.toolbar.mindspark._39Members_.installation.contextKey", "");

user_pref("extensions.toolbar.mindspark._39Members_.installation.installDate", "2012081610");

user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerId", "^UX^xdm042^LPTBR^br");

user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerSubId", "CMjSudvo6bECFc6a7QodSAEAyw");

user_pref("extensions.toolbar.mindspark._39Members_.installation.success", true);

user_pref("extensions.toolbar.mindspark._39Members_.installation.toolbarId", "3479EA0E-440C-4512-A097-BCCF3819E5AF");

user_pref("extensions.toolbar.mindspark._39Members_.lastActivePing", "1355923242816");

user_pref("extensions.toolbar.mindspark._39Members_.options.defaultSearch", false);

user_pref("extensions.toolbar.mindspark._39Members_.options.homePageEnabled", false);

user_pref("extensions.toolbar.mindspark._39Members_.options.keywordEnabled", false);

user_pref("extensions.toolbar.mindspark._39Members_.options.tabEnabled", false);

user_pref("extensions.toolbar.mindspark._39Members_.searchHistory", "recife");

user_pref("extensions.toolbar.mindspark._39Members_.weather.location", "10001");

user_pref("extensions.toolbar.mindspark.lastInstalled", "mapsgalaxy@mindspark.com");

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Antonio\appdata\local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 19/12/2012 at 12:09:41.58

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Novo Log do HijackThis (Após limpar e corrigir erros)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:13:01, on 19/12/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Users\Antonio\Desktop\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: DVDomclear Villart GT8 - {10B5B05E-D1AC-476E-9035-3B0FF8BED668} - C:\DVDomcl\marquezan\AcroRToll.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {61628E2A-4FF9-4454-992D-D92A8CD27399} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKCU\..\Run: [installShield] C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut1_289C7D1A2C35454081CC86EC0D39CC25.exe

O4 - HKCU\..\Run: [installShield859] C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut1_289C7D1A2C35454081CC86EC0D39CC25.exe

O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent

O4 - HKCU\..\Run: [igfxTray] C:\Users\Antonio\AppData\Roaming\BSplayer\AC3 Filter\DoolTripp.cpl

O4 - HKCU\..\Run: [msc] C:\Users\Antonio\AppData\Roaming\BSplayer\AC3 Filter\Kaymono.cpl

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB4407D-6F0C-443D-B307-354395003C28}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exe

O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe

O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13261 bytes

Ainda anteriormente escaneei com o AVG 2013 (não pegou nada).

Estou usando o Karpesky Virus Removal Tool e detectou "HEUER:Trojan.Win32.Generic". Estou usando a ferramenta para fazer a desinfecção.

Estou procedendo da forma correta?

Obrigado!

Editado por Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • Vídeos do BABOO no YouTube

  • Posts

    • Obrigado pelo comentário,também sanou a minha dúvida da melhor maneira possivel.  Obrigado pelo comentário,também sanou a minha dúvida da melhor maneira.
    • Boa noite galera, comprei um razer kraken 7.1 chroma na Kabum o fone ainda não chegou , saiu a promo na kabum dos Hyperx , queria saber se eu fico com razer ou se pego um hyperx fico entre estes dois fones https://www.kabum.com.br/cgi-local/site/produtos/descricao_ofertas.cgi?codigo=69279 ou https://www.kabum.com.br/cgi-local/site/produtos/descricao_ofertas.cgi?codigo=81132 !!

    • Zoek.exe v5.0.0.1 Updated 27-09-2015
      Tool run by P‚rcio on 29/05/2017 at 18:36:50,46.
      Microsoft Windows 10 Enterprise 10.0.14393  x64
      Running in: Normal Mode No Internet Access Detected
      Launched: C:\Users\PRCIO~1\Documents\Meus Downloads\zoek.exe [Scan all users] [Script inserted]  ==== Older Logs ====================== C:\zoek-results2017-05-29-172506.log    1219 bytes ==== System Restore Info ====================== 29/05/2017 18:42:32 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. 

      # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 

      # This file contains the mappings of IP addresses to host names. Each 
      # entry should be kept on an individual line. The IP address should 
      # be placed in the first column followed by the corresponding host name. 
      # The IP address and the host name should be separated by at least one 
      # space. 

      # Additionally, comments (such as these) may be inserted on individual 
      # lines or following the machine name denoted by a '#' symbol. 

      # For example: 

      #      102.54.94.97     rhino.acme.com          # source server 
      #       38.25.63.10     x.acme.com              # x client host 
       
      127.0.0.1       localhost  ==== Empty Folders Check ====================== C:\PROGRA~2\AlphaGo deleted successfully
      C:\PROGRA~2\MPC-HC deleted successfully
      C:\PROGRA~3\SoftwareDistribution deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ======================
      ==== Deleting CLSID Registry Values ======================
      ==== Deleting Services ======================
      ==== FireFox Fix ====================== Deleted from C:\Users\PRCIO~1\AppData\Roaming\Profiles\Wogeph.default\prefs.js:
      user_pref("browser.startup.homepage", "https://news.google.com.br/"); Added to C:\Users\PRCIO~1\AppData\Roaming\Profiles\Wogeph.default\prefs.js:
      user_pref("browser.startup.homepage", "about:home");
      user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AlphaGo not found
      C:\PROGRA~2\MPC-HC not found
      C:\PROGRA~3\DivX deleted
      C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
      C:\PROGRA~2\TextAloud deleted
      C:\PROGRA~3\Package Cache deleted
      C:\Windows\SysWow64\extensions deleted
      C:\Users\PRCIO~1\AppData\Roaming\Profiles\Wogeph.default\jetpack deleted
      "C:\Windows\Installer\fc6d52c.msi" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\PRCIO~1\AppData\Roaming\Profiles\Wogeph.default
      user_pref("browser.startup.homepage", "about:home");
      user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\PRCIO~1\AppData\Roaming\Profiles\Wogeph.default
      - United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org ==== Firefox Plugins ======================
      ==== Chromium Look ======================
      HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
      efaidnbmnnnibpcajpcglclefindmkaj - No path found[] ==== Set IE to Default ====================== Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1533292296-4279883253-1430645996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F053C368-5458-45B2-9B4D-D8914BDDDBFF} deleted successfully
      HKEY_USERS\S-1-5-21-1533292296-4279883253-1430645996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F053C368-5458-45B2-9B4D-D8914BDDDBFF} deleted successfully
      HKEY_USERS\S-1-5-21-1533292296-4279883253-1430645996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_USERS\S-1-5-21-1533292296-4279883253-1430645996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_USERS\S-1-5-21-1533292296-4279883253-1430645996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F053C368-5458-45B2-9B4D-D8914BDDDBFF} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_CLASSES_ROOT\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_CLASSES_ROOT\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{F053C368-5458-45B2-9B4D-D8914BDDDBFF} deleted successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe  ==== shortcuts in Users Start Menu ====================== C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -   ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Footjane\Application\chrome.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe -tab about
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files (x86)\Malwarebytes\Anti-Malware\unins000.exe  ==== Reset IE Proxy ====================== Value(s) before fix:
      "ProxyOverride"="*.local"
      "ProxyEnable"=dword:00000000 Value(s) after fix:
      "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D816BDC920F4DAC47B349876F77EDA9E deleted successfully
      HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C652C0A-EC71-4797-8077-F67649177AB0} deleted successfully
      HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{97D2FBF4-72CF-4DD6-8DA8-26710BC7BE71} deleted successfully
      HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9CDB618D-4F02-4CAD-B743-89677FE7ADE9} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D816BDC920F4DAC47B349876F77EDA9E deleted successfully
      HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\4FBF2D79FC276DD4D88A6217B07CEB17 deleted successfully
      HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\A0C256C217CE797408776F679471A70B deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\USURIO~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=106 folders=48 50496894 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied
      C:\Users\PRCIO~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 29/05/2017 at 23:26:46,22 ======================
        Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 23:35:20, on 29/05/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0953)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Users\Pércio\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\LG Software\LG Smart Share\Update\SmartShareTray.exe
      C:\Users\Pércio\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [wdbraz_certm] C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKCU\..\Run: [OneDrive] "C:\Users\Pércio\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: []  (User 'SISTEMA')
      O4 - HKUS\.DEFAULT\..\Run: []  (User 'Default user')
      O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll/105
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office16\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
      O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: www.bancobrasil.com.br
      O15 - Trusted Zone: www14.bancobrasil.com.br
      O15 - Trusted Zone: www2.bancobrasil.com.br
      O15 - Trusted Zone: aapj.bb.com.br
      O15 - Trusted Zone: seg.bb.com.br
      O15 - Trusted Zone: www.bb.com.br
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O15 - Trusted Zone: cloud.gastecnologia.com.br
      O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: Digital Wave Update Service (DigitalWave.Update.Service) - Digital Wave Ltd. - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
      O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) - Beijing WatchData System Co., Ltd. - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 9818 bytes
       
    • Pessoal,  O que voces acham do Chromebook? e do ChromeOS? vale a pena mesmo? da para substituir um notebook com Windows? ja vi videos no YouTube sobre o sistema e o Chromebook, falando bem dele, pela questao de ser leve, pequeno, e pratico. O unico porem e que ele não trabalha offline, ou seja uma boa parte dos apps do ChromeOS ainda depende de conexao a internet, e não da para colocar Modem 3G nele. Vi também que recentemente a Google Liberou uma Atualizacao que torna o Chromebook compativel com os Apps do Android. Sao todos os modelos, ou so alguns? e aqueles da Samsung? pelo que eu vi ate agora no Brasil so vende dele. Eu tenho uma colega de trabalho que quer um notebook novo, mas barato, ate indiquei o Chromebook, por ser mais barato do que os com o Windows. Sera que um usuario que sempre usou Windows, consegue se acostumar? usei Linux, mas acabei voltando ao Windows por ser acostumado com ele. Mas um dia poderia voltar a usar.. Sera que também um Universitario consegue usar um Chromebook? ao inves de carregar notebook pesado na mochila?     
    • ok, concluido... Seguem logs
      Zoek.exe v5.0.0.1 Updated 27-09-2015
      Tool run by MIG on 29/05/2017 at 19:35:59,75.
      Microsoft Windows 10 Home Single Language 10.0.14393  x64
      Running in: Normal Mode No Internet Access Detected
      Launched: C:\Users\MIG\Desktop\zoek.exe [Scan all users] [Script inserted]  ==== System Restore Info ====================== 29/05/2017 19:38:24 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. 

      # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 

      # This file contains the mappings of IP addresses to host names. Each 
      # entry should be kept on an individual line. The IP address should 
      # be placed in the first column followed by the corresponding host name. 
      # The IP address and the host name should be separated by at least one 
      # space. 

      # Additionally, comments (such as these) may be inserted on individual 
      # lines or following the machine name denoted by a '#' symbol. 

      # For example: 

      #      102.54.94.97     rhino.acme.com          # source server 
      #       38.25.63.10     x.acme.com              # x client host 
       
      127.0.0.1       localhost  ==== Empty Folders Check ====================== C:\PROGRA~2\Cisco deleted successfully
      C:\PROGRA~2\IObit deleted successfully
      C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
      C:\Program Files\Common Files\Intel deleted successfully
      C:\PROGRA~3\Comms deleted successfully
      C:\PROGRA~3\FreePDF deleted successfully
      C:\PROGRA~3\HPSSUPPLY deleted successfully
      C:\PROGRA~3\SoftwareDistribution deleted successfully
      C:\Users\MIG\AppData\Local\ActiveSync deleted successfully
      C:\Users\MIG\AppData\Local\CrashDumps deleted successfully
      C:\Users\MIG\AppData\Local\EmieSiteList deleted successfully
      C:\Users\MIG\AppData\Local\EmieUserList deleted successfully
      C:\Users\MIG\AppData\Local\FreePDF_XP deleted successfully
      C:\Users\MIG\AppData\Local\softthinks deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully ==== Deleting CLSID Registry Keys ======================
      ==== Deleting CLSID Registry Values ======================
      ==== Deleting Services ======================
      ==== FireFox Fix ====================== Deleted from C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default\prefs.js:
      user_pref("browser.startup.homepage", "https://esaj.tjsc.jus.br");
      user_pref("browser.search.defaultenginename", "Pesquisa segura");
      user_pref("browser.search.selectedEngine", "Pesquisa segura");
      user_pref("browser.search.order.1", "Pesquisa segura"); Added to C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default\prefs.js:
      user_pref("browser.startup.homepage", "about:home");
      user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Cisco not found
      C:\PROGRA~2\IObit not found
      C:\Users\MIG\AppData\Roaming\CertiPlugin deleted
      C:\HijackThis.exe deleted
      C:\PROGRA~3\{05EE3202-A879-4F9D-895C-AC535855E0A9} deleted
      C:\PROGRA~3\Package Cache deleted
      C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default\jetpack deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default
      user_pref("browser.startup.homepage", "about:home");
      user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default
      - Undetermined - %ProfilePath%\extensions\jid1-7c0u85jo0esrpQ@jetpack.xpi AppDir: C:\Program Files\Mozilla Firefox
      - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} AppDir: C:\Program Files (x86)\Mozilla Firefox
      - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default
      E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\MIG\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104
      ==== Chromium Look ======================
      HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
      efaidnbmnnnibpcajpcglclefindmkaj - No path found[] Video Downloader - MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc
      Invite All Friends on Facebook - MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj
      Certisign - MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjoehgfmpefldljiipnmgnfmcbfjkaad
      videospeed - MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk
      Chrome Media Router - MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc deleted successfully
      C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiimdkdngfcipjohbjenkahhlhccpdbc_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://dell15.msn.com/?PC=DCTE"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{7C30465E-24AA-4D3F-A6B3-11659B28C8B4}"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7C30465E-24AA-4D3F-A6B3-11659B28C8B4}] not found New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://dell15.msn.com/?PC=DCTE"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
      C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
      C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\MIG\Desktop\Dropbox.lnk - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /home
      C:\Users\MIG\Desktop\FLV-Media-Player.lnk - C:\Users\MIG\AppData\Roaming\Microsoft\Installer\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}\DesktopIcon.exe 
      C:\Users\MIG\Desktop\Google Chrome.lnk - C:\Users\MIG\AppData\Local\Google\Chrome\Application\chrome.exe 
      C:\Users\MIG\Desktop\Manual do PROJEF.lnk - C:\EXCEL\Juizado Cível\Manual\Manual do PROJEF.doc 
      C:\Users\MIG\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe 
      C:\Users\MIG\Desktop\PROJEF Programa Cálculos Judiciais.lnk -  
      C:\Users\MIG\Desktop\x64\x64\Setup - Atalho.lnk - C:\Users\MIG\Desktop\x64\x64\Setup.exe  ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 
      C:\Users\Public\Desktop\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe 
      C:\Users\Public\Desktop\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe 
      C:\Users\Public\Desktop\Camtasia Studio 8.lnk - C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe 
      C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\Users\Public\Desktop\Corel CAPTURE X8 (64-Bit).lnk - c:\Windows\Installer\{1253ED86-69FD-4A7B-BDF2-96A522583A88}\NewShortcut8_65BCA6E0337A452DA55C0654EAAD7A0B.exe 
      C:\Users\Public\Desktop\Corel CONNECT X8 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X8\Connect64\Connect.exe 
      C:\Users\Public\Desktop\Corel Font Manager X8 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X8\Programs64\FontManager.exe 
      C:\Users\Public\Desktop\Corel PHOTO-PAINT X8 (64-Bit).lnk - c:\Windows\Installer\{04D8C47E-C0FE-4CA5-8878-91ECD9552109}\NewShortcut2_EBB51BFEE10948A888CB7ADF96E8EC80.exe 
      C:\Users\Public\Desktop\CorelDRAW X8 (64-Bit).lnk - c:\Windows\Installer\{A66E09BB-9892-421D-9EB9-311D12AA5244}\NewShortcut1_68427AB8B2C044C58AA777A4C3F75634.exe 
      C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /p 2
      C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk - C:\Windows\system32\GfxUIEx.exe 
      C:\Users\Public\Desktop\IRPF2017 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
      C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
      C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
      C:\Users\Public\Desktop\Shop for HP Supplies.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe 
      C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe 
      C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe  ==== shortcuts in Users Start Menu ====================== C:\Users\MIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Users\MIG\AppData\Local\Google\Chrome\Application\chrome.exe 
      C:\Users\MIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\MIG\AppData\Local\Microsoft\OneDrive\OneDrive.exe 
      C:\Users\MIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk -   ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 8\doPDF 8 Getting Started.lnk - C:\Program Files (x86)\Softland\novaPDF 8\Driver\StartupDo.exe /oem=doPdf8_Softland
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 8\doPDF 8 Help.lnk - C:\ProgramData\Softland\novaPDF 8\doPdf8_Softland\doPdf8_Softland.chm 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /home
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF Assistant.lnk - C:\Program Files (x86)\FreePDF_XP\fpassist.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF Config.lnk - C:\Program Files (x86)\FreePDF_XP\fpucnfg.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF Handbuch (de).lnk - C:\Program Files (x86)\FreePDF_XP\FreePDFde.pdf 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF Join.lnk - C:\Program Files (x86)\FreePDF_XP\fpjoin.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF Manual (en).lnk - C:\Program Files (x86)\FreePDF_XP\FreePDFen.pdf 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF.lnk - C:\Program Files (x86)\FreePDF_XP\freepdf.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Configuração sem fio.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Desinstalar.lnk - C:\Program Files (x86)\HP\HP LaserJet P1100 Series\Uninstall.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Guia da HP LaserJet.lnk - C:\Program Files (x86)\HP\HP LaserJet P1100 Series\C_help\Help.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\HP ePrint.lnk - C:\Program Files (x86)\HP\HP LaserJet P1100 Series\HP ePrint.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Notas de instalação.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files (x86)\Malwarebytes\Anti-Malware\unins000.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2017.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2017 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2017.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe  ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\MIG\AppData\Local\Google\Chrome\Application\chrome.exe 
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE 
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\MIG\AppData\Local\Google\Chrome\Application\chrome.exe 
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE 
      C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -   ==== Reset IE Proxy ====================== Value(s) before fix:
      "ProxyEnable"=dword:00000000 Value(s) after fix:
      "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\MIG\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\MIG\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\MIG\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\MIG\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\MIG\AppData\Local\Mozilla\Firefox\Profiles\s49zti2m.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=193 folders=49 178549058 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied
      C:\Users\MIG\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 29/05/2017 at 22:06:22,31 ======================
          _________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 22:11:48, on 29/05/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0953)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
      C:\Windows\SysWOW64\notepad.exe
      C:\Program Files\TrueColor\TrueColorUI.exe
      C:\Program Files\AVAST Software\Avast\AvastUI.exe
      C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      C:\Program Files (x86)\FreePDF_XP\fpassist.exe
      C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
      C:\Program Files (x86)\Dell Update\DellUpTray.exe
      C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?PC=DCJB
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell15.msn.com/?PC=DCTE
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [DropboxOEM] "C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe" auto
      O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
      O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
      O4 - HKCU\..\Run: [Google Update] C:\Users\MIG\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
      O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
      O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O15 - Trusted Zone: *.dell.com
      O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
      O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
      O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
      O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
      O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
      O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
      O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
      O23 - Service: Dell Product Registration Manager (DellProdRegManager) - Aviata, Inc. - C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe
      O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
      O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
      O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
      O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
      O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      O23 - Service: @oem196.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
      O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
      O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
      O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: TrueColorALS - Unknown owner - C:\Program Files\TrueColor\TrueColorALS.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
      O23 - Service: Wyse PocketCloud (WysePocketCloud) - Unknown owner - C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
      O23 - Service: Wyse RemoteAccess (WyseRemoteAccess) - DELL Inc. - C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe --
      End of file - 14365 bytes
       
    • Teste o seu sistema operacional colocar em Português, pode ser em Inglês, por isso não levá-lo. Ele também verifica o idioma do teclado.
    • Oi...Meu tablet continua com mesmo problemas... Preciso remover o root e atualizar o android.. Penso que com o android atualizado ele pode funcionar melhor.. Se souber algum metodo para remover o root me passa ok?
    • Boa noite,   Tenho um Roteador D Link DIR-868L e um Repetidor TP Link RE450. O TP Link conecta sem problemas no Wifi 2.4GHz, mas não reconhece a rede Wifi 5GHz do D Link. O interessante e que o repetidor TP Link reconhece a rede Wifi 5GHz de um outro repetidor D Link que eu tenho. alguém tem alguma dica de como proceder?   Obrigado
    • No meu computador também não consigo mudar esta chave, parece que é realmente bloqueado. Então tive a ideia de iniciar no modo segurança o notebook da minha mãe e consegui alterar o Tipo de inicialização pelo registro. Agora voltou a funcionar. Abraços
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.