Ir para conteúdo
Entre para seguir isso  
nandazd

Navegadores lentos, crhome não navega e PC lento

Mensagem Recomendada

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:23:48, on 10/06/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Users\Bruno\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\AnyDesk\AnyDesk.exe
C:\Program Files (x86)\Magic Mouse Utilities\MagicMouseUtilities.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
D:\mysql\bin\winmysqladmin.exe
C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\stpass.exe
C:\Program Files (x86)\TightVNC\vncviewer.exe
C:\Program Files (x86)\BraZipCentral\BraZipCentral.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1400460751&from=cor&uid=HitachiXHTS545050A7E380_TE95123QK0NM3VK0NM3VX&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1400460751&from=cor&uid=HitachiXHTS545050A7E380_TE95123QK0NM3VK0NM3VX&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [VDownloader] "C:\Program Files (x86)\VDownloader\VDownloader.exe" /silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Bruno\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - Startup: BraZipCentral.lnk = C:\Program Files (x86)\BraZipCentral\BraZipCentral.exe
O4 - Startup: Dropbox.lnk = Bruno\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Magic Mouse Utilities.lnk = C:\Program Files (x86)\Magic Mouse Utilities\MagicMouseUtilities.exe
O4 - Startup: vnc.lnk = C:\gestor\bin\tvnserver.exe
O4 - Startup: WinMySQLadmin.lnk = D:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: AnyDesk.lnk = C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O4 - Global Startup: SiTef - Console Controle Geral.lnk = C:\SiTef\APLIC.WIN\ControleGeralSitef.exe
O4 - Global Startup: start betafar.lnk = D:\betafar\start.exe
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Kaspersky PURE - res://C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll/616
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} (SurveillanceCtrl Control) - http://servermarcilio.dyndns.org:8080/webrec.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~1.DLL
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AnyDesk Service (AnyDesk) - Unknown owner - C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: gestorDatabase - Unknown owner - C:\gestor\database\bin\mysqld.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Professional M1210 MFP Series Receive Fax Service (HPM1210RcvFaxSrvc) - HP - C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\WINDOWS\system32\HPSIsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: mysql5.5 - Unknown owner - D:\mysql55\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SiTef - Solução Inteligente para TEF (SiTef) - Software Express Informatica Ltda. - C:\sitef\aplic.win\sitefservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13191 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Novo Malwarebytes'Anti-Malware (MBAM)

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem.

Antes de concluir a instalação, desmarque a opção “Ativar trial gratuito do Malwarebytes Anti-Malware PRO”

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir. Se houver Atualizações a serem feitas, serão baixadas e instaladas.

Clique em Settings e no campo Language mude para Portuguese (Brasil).

Ainda na tela de Configurações clique em Detecção e proteção, marque "Verificar por Rootkits". Em "Detecções PUP" (programas potencialmente indesejados):, selecione "Tratar detecções como Malware".

Clique em Verificar e em seguida Verificar ameaça, clique em Verificar Agora.

Começará então o exame. Aguarde, pois pode demorar........

Ao acabar o exame, se houver itens encontrados, clique no botão "Mover todos para a Quarentena"..

Clique em Aplicar Ações

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos > Log de Verificação , na janela principal do Programa. Utilize o formato .txt para exportar o Log. Poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da Verificação: 10/06/2015
Hora da Verificação: 11:33:44
Arquivo de Log: log.txt
Administrador: Sim

Versão: 2.01.6.1022
Base de Dados de Malware: v2015.06.10.03
Base de Dados de Rootkit: v2015.06.02.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado

SO: Windows 8.1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Bruno

Tipo da Verificação: Verificar Ameaça
Resultado: Terminado
Objetos Verificados: 389908
Tempo Decorrido: 42 min, 32 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de Registro: 19
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarentena, [e02bab0e3b4fa294c6f27c26a45f41bf],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarentena, [e02bab0e3b4fa294c6f27c26a45f41bf],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarentena, [e02bab0e3b4fa294c6f27c26a45f41bf],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarentena, [69a25b5eb8d289adc19a54156e9559a7],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarentena, [a863843504860b2b3d45dc45cc385ea2],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarentena, [5dae9f1a3a5060d6ab2919f72fd50bf5],
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, Quarentena, [5daed5e49dedad89edc51e460df80cf4],
PUP.Optional.Widdit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarentena, [6c9f7c3d414955e1bc3602824db854ac],
PUP.Optional.Widdit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, Quarentena, [84870dacbfcb1c1a2cc6c2c22adbbb45],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, Quarentena, [e229a1183555d363e5c613fd54b032ce],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarentena, [d5367940bdcd8da9ab2861af2adae61a],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarentena, [8c7f3f7abbcff442ba2c44c27f854db3],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\DataMngr, Quarentena, [cf3c1a9fb1d91b1b79cf4907a164a45c],
PUP.Optional.DealPly.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\DealPlyLive, Quarentena, [da3179405238ed49269e95bc3ec741bf],
PUP.Optional.InstallCore.C, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\InstallCore, Quarentena, [7497dddcbecc62d4f4a3503919ec8779],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\BABSOLUTION\Updater, Quarentena, [dc2fb8010288092d86c301508a7b6b95],
PUP.Optional.Widdit.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarentena, [11fa6b4e0981d75f29c8483ce322dd23],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{7C7C4390-0E15-44D7-A808-82577B9001CA}, Quarentena, [c6454d6c345600367521816da45fff01],
PUP.Optional.Widdit.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, Quarentena, [bd4ecbeebcced264a94889fb62a320e0],

Valores de Registro: 10
PUP.Optional.Widdit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|SuggestionsURL_JSON, http://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=43168&gid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&dbCode=1&command={searchTerms}, Quarentena, [6c9f7c3d414955e1bc3602824db854ac]
PUP.Optional.Widdit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|SuggestionsURL_JSON, http://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=43168&gid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&dbCode=1&command={searchTerms}, Quarentena, [84870dacbfcb1c1a2cc6c2c22adbbb45]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, Quarentena, [e229a1183555d363e5c613fd54b032ce]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, Quarentena, [d5367940bdcd8da9ab2861af2adae61a]
PUP.Optional.SearchCertified.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCH|Search Bar, http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=, Quarentena, [23e80faa9cee171f8ae78c92c83ce917]
PUP.Optional.Widdit.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|SuggestionsURL_JSON, http://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=43168&gid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&dbCode=1&command={searchTerms}, Quarentena, [11fa6b4e0981d75f29c8483ce322dd23]
PUP.Optional.Delta.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=586A00DBDF08B325&affID=121564&tsp=4961, Quarentena, [94776851305a0b2bd91ac1bcad5809f7]
PUP.Optional.Babylon.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURL, search.babylon.com/favicon.ico, Quarentena, [e229edcc1c6e92a42f2910db9b68cd33]
PUP.Optional.Spigot.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{7C7C4390-0E15-44D7-A808-82577B9001CA}|URL, http://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=443898&p={searchTerms}, Quarentena, [c6454d6c345600367521816da45fff01]
PUP.Optional.Widdit.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|SuggestionsURL_JSON, http://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=43168&gid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&dbCode=1&command={searchTerms}, Quarentena, [bd4ecbeebcced264a94889fb62a320e0]

Dados de Registro: 20
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Default_Search_URL, http://www.sweet-page.com/web/?type=ds&ts=1400460751&from=cor&uid=HitachiXHTS545050A7E380_TE95123QK0NM3VK0NM3VX&q={searchTerms}, Bom: (www.google.com), Ruim: (http://www.sweet-page.com/web/?type=ds&ts=1400460751&from=cor&uid=HitachiXHTS545050A7E380_TE95123QK0NM3VK0NM3VX&q={searchTerms}),Substituído,[ec1f09b04c3e65d188702913ba4c5ca4]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Search Page, http://www.sweet-page.com/web/?type=ds&ts=1400460751&from=cor&uid=HitachiXHTS545050A7E380_TE95123QK0NM3VK0NM3VX&q={searchTerms}, Bom: (www.google.com), Ruim: (http://www.sweet-page.com/web/?type=ds&ts=1400460751&from=cor&uid=HitachiXHTS545050A7E380_TE95123QK0NM3VK0NM3VX&q={searchTerms}),Substituído,[1eede0d998f248ee25d3d468887e40c0]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\MAIN|Default_Search_URL, http://www.sweet-page.com/web/?type=ds&ts=1400460751&from=cor&uid=HitachiXHTS545050A7E380_TE95123QK0NM3VK0NM3VX&q={searchTerms}, Bom: (www.google.com), Ruim: (http://www.sweet-page.com/web/?type=ds&ts=1400460751&from=cor&uid=HitachiXHTS545050A7E380_TE95123QK0NM3VK0NM3VX&q={searchTerms}),Substituído,[7b900dacb0dad85e857356e6e81e6898]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\MAIN|Search Page, http://www.sweet-page.com/web/?type=ds&ts=1400460751&from=cor&uid=HitachiXHTS545050A7E380_TE95123QK0NM3VK0NM3VX&q={searchTerms}, Bom: (www.google.com), Ruim: (http://www.sweet-page.com/web/?type=ds&ts=1400460751&from=cor&uid=HitachiXHTS545050A7E380_TE95123QK0NM3VK0NM3VX&q={searchTerms}),Substituído,[9576e2d76822b18549afe4581ee801ff]
Hijack.StartPage, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Search Page, http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=, Bom: (http://www.google.com), Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=),Substituído,[1cef388114767cbab99d52e93dc9c739]
Hijack.StartPage, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Start Default_Page_URL, http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4, Bom: (http://www.google.com), Ruim: (http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4),Substituído,[56b59a1f1872ec4a92c4b68542c415eb]
Hijack.StartPage, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Default_Search_URL, http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=, Bom: (http://www.google.com), Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=),Substituído,[a962d9e09eecf4426beb78c32adc4db3]
Hijack.StartPage, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Search Bar, http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=, Bom: (http://www.google.com), Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=),Substituído,[fd0ee0d9dbafda5c480eb982a75fb14f]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCH|Start Page, http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4, Bom: (www.google.com), Ruim: (http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4),Substituído,[5dae09b0c0cae056f585131f0ef820e0]
Hijack.SearchPage, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCH|Start Page, http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4, Bom: (http://www.google.com/), Ruim: (http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4),Substituído,[ad5e8f2a117923139cbdd66594728d73]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCH|Start Default_Page_URL, http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4, Bom: (www.google.com), Ruim: (http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4),Substituído,[64a7b4058bffec4afe7c41f1cc3a3ec2]
Hijack.SearchPage, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCH|Start Default_Page_URL, http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4, Bom: (http://www.google.com/), Ruim: (http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4),Substituído,[ec1f21983c4e66d03d1cda61f6106a96]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCH|Default_Search_URL, http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=, Bom: (www.google.com), Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=),Substituído,[5caf43761971dd59dd9d9999719520e0]
Hijack.SearchPage, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCH|Default_Search_URL, http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=, Bom: (http://www.google.com/), Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=),Substituído,[56b5ab0e19714bebdf7ae5563fc77b85]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCH|Search Bar, http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=, Bom: (www.google.com), Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=),Substituído,[28e3dedb3d4d082ef8821f13d82e1de3]
Hijack.SearchPage, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCH|Search Bar, http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=, Bom: (http://www.google.com/), Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=),Substituído,[f11a5465e5a538febc9d4eeded19e11f]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCH|Search Page, http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=, Bom: (www.google.com), Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=),Substituído,[ae5d3b7eaedc95a14c2e02304cbadf21]
Hijack.SearchPage, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCH|Search Page, http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=, Bom: (http://www.google.com/), Ruim: (http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=),Substituído,[cb400eab1d6df1451e3bae8dd135a759]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHURI|(Default), http://search.certified-toolbar.com?si=43168&st=bs&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=%s, Bom: (www.google.com), Ruim: (http://search.certified-toolbar.com?si=43168&st=bs&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=%s),Substituído,[d73472477e0c41f5e74e53ea7d897888]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-1240850108-1213602226-178494782-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHURL|(Default), http://search.certified-toolbar.com?si=43168&st=bs&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=%s, Bom: (www.google.com/), Ruim: (http://search.certified-toolbar.com?si=43168&st=bs&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=%s),Substituído,[36d5c8f1acdec76ff73f300db353649c]

Pastas: 18
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive, Quarentena, [b358ac0d711960d69d2d2691907338c8],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update, Quarentena, [b358ac0d711960d69d2d2691907338c8],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log, Quarentena, [b358ac0d711960d69d2d2691907338c8],
PUP.Optional.DealPly.A, C:\Users\Bruno\AppData\Roaming\Dealply, Quarentena, [85864f6a4941ba7cc703eccb7a89ce32],
PUP.Optional.DealPly.A, C:\Users\Bruno\AppData\Roaming\Dealply\UpdateProc, Quarentena, [85864f6a4941ba7cc703eccb7a89ce32],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive, Quarentena, [010a2f8a098173c326a56e49b94ade22],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\CrashReports, Quarentena, [010a2f8a098173c326a56e49b94ade22],
PUP.Optional.OpenCandy, C:\Users\Bruno\AppData\Roaming\OpenCandy, Quarentena, [47c47b3e107a47efac42f7c0fa094cb4],
PUP.Optional.OpenCandy, C:\Users\Bruno\AppData\Roaming\OpenCandy\0491CE0587CE453B8E393C6D69ECC60C, Quarentena, [47c47b3e107a47efac42f7c0fa094cb4],
PUP.Optional.DealPly.A, C:\Users\Bruno\AppData\Local\DealPlyLive, Quarentena, [ae5d7d3c4941ef470105e2d6659e36ca],
PUP.Optional.DealPly.A, C:\Users\Bruno\AppData\Local\DealPlyLive\CrashReports, Quarentena, [ae5d7d3c4941ef470105e2d6659e36ca],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarentena, [a9622d8ca4e6092d3f194d7c12f1e11f],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarentena, [a9622d8ca4e6092d3f194d7c12f1e11f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Quarentena, [17f4a316e3a755e1059ad0fec53e6a96],
PUP.Optional.SweetPage.A, C:\Users\Bruno\AppData\Roaming\sweet-page, Quarentena, [c14a3c7de5a5d4629a46369dd42f58a8],
PUP.Optional.SweetPage.A, C:\Users\Bruno\AppData\Roaming\sweet-page\images, Quarentena, [c14a3c7de5a5d4629a46369dd42f58a8],
PUP.Optional.SweetPage.A, C:\Users\Bruno\AppData\Roaming\sweet-page\images\code, Quarentena, [c14a3c7de5a5d4629a46369dd42f58a8],
PUP.Optional.SweetPage.A, C:\Users\Bruno\AppData\Roaming\sweet-page\log, Quarentena, [c14a3c7de5a5d4629a46369dd42f58a8],

Arquivos: 21
PUP.Optional.Babylon.A, C:\Users\Bruno\AppData\Roaming\OpenCandy\0491CE0587CE453B8E393C6D69ECC60C\DeltaTB.exe, Quarentena, [3ad17d3c0882d462233bd36acb36af51],
PUP.Optional.Skytech.A, C:\Users\Bruno\AppData\Roaming\sweet-page\UninstallManager.exe, Quarentena, [d6353a7f4941270f2f1e9f1d13ee6e92],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Quarentena, [ac5fe1d81179d1658dc0f8c449b88d73],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Quarentena, [000b8039a4e6270fa9f6f44355abef11],
PUP.Optional.OpenCandy, C:\Users\Bruno\Downloads\epm.exe, Quarentena, [83881b9e7d0dab8ba4c04200c53d27d9],
PUP.Optional.Softonic, C:\Users\Bruno\Downloads\SoftonicDownloader_para_free-mp3-cutter-and-editor.exe, Quarentena, [5daea8118307b28477ad0a32b54c44bc],
PUP.Optional.Softonic, C:\Users\Bruno\Downloads\SoftonicDownloader_para_free-pdf-editor.exe, Quarentena, [a3689a1f15751125a77dad8f34cd9b65],
PUP.Optional.Softonic, C:\Users\Bruno\Downloads\SoftonicDownloader_para_hamachi.exe, Quarentena, [d3380dacdab044f2d74d1f1dff02ca36],
PUP.Optional.Softonic, C:\Users\Bruno\Downloads\SoftonicDownloader_para_recover-my-files.exe, Quarentena, [1bf08633dbaf2313f331a399679ad927],
PUP.Optional.WorldSetup, C:\Users\Bruno\Downloads\VDownloaderInstallerIC.exe, Quarentena, [8289d3e66d1d241286dca8eef41106fa],
PUP.Optional.DomaIQ, C:\Users\Bruno\Downloads\Setup v2 1.exe, Quarentena, [21ea50691674c76ff9128cd51de3f40c],
PUP.Optional.OpenCandy, C:\Users\Bruno\Downloads\SetupImgBurn_2.5.8.0.exe, Quarentena, [82894c6d8703e650ded479ea24e25fa1],
PUP.Optional.Installcore, C:\Users\Bruno\Downloads\imgburn-2580-gerenciador-32-bits.exe, Quarentena, [729918a1d2b84aecbc90b31ee61f6e92],
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\Dealply, Quarentena, [2be04277f7937abcbbb00319659f2bd5],
PUP.Optional.Babylon.A, C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pn0a3mta.default-1373283915124\searchplugins\babylon.xml, Quarentena, [2dde3f7a03873006e380c96763a140c0],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log, Quarentena, [b358ac0d711960d69d2d2691907338c8],
PUP.Optional.DealPly.A, C:\Users\Bruno\AppData\Roaming\Dealply\UpdateProc\config.dat, Quarentena, [85864f6a4941ba7cc703eccb7a89ce32],
PUP.Optional.DealPly.A, C:\Users\Bruno\AppData\Roaming\Dealply\UpdateProc\info.dat, Quarentena, [85864f6a4941ba7cc703eccb7a89ce32],
PUP.Optional.DealPly.A, C:\Users\Bruno\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe, Quarentena, [85864f6a4941ba7cc703eccb7a89ce32],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarentena, [a9622d8ca4e6092d3f194d7c12f1e11f],
PUP.Optional.SweetPage.A, C:\Users\Bruno\AppData\Roaming\sweet-page\log\UninstallManager_2014-05-18[21-57-56-344].log, Quarentena, [c14a3c7de5a5d4629a46369dd42f58a8],

Setores Físicos: 0
(Nenhum item malicioso detectado)

(end)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:52:06, on 10/06/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Users\Bruno\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\AnyDesk\AnyDesk.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\BraZipCentral\BraZipCentral.exe
C:\Program Files (x86)\Magic Mouse Utilities\MagicMouseUtilities.exe
C:\gestor\bin\tvnserver.exe
C:\gestor\bin\tvnserver.exe
D:\mysql\bin\winmysqladmin.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\stpass.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [VDownloader] "C:\Program Files (x86)\VDownloader\VDownloader.exe" /silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Bruno\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - Startup: BraZipCentral.lnk = C:\Program Files (x86)\BraZipCentral\BraZipCentral.exe
O4 - Startup: Dropbox.lnk = Bruno\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Magic Mouse Utilities.lnk = C:\Program Files (x86)\Magic Mouse Utilities\MagicMouseUtilities.exe
O4 - Startup: vnc.lnk = C:\gestor\bin\tvnserver.exe
O4 - Startup: WinMySQLadmin.lnk = D:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: AnyDesk.lnk = C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O4 - Global Startup: SiTef - Console Controle Geral.lnk = C:\SiTef\APLIC.WIN\ControleGeralSitef.exe
O4 - Global Startup: start betafar.lnk = D:\betafar\start.exe
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Kaspersky PURE - res://C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll/616
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} (SurveillanceCtrl Control) - http://servermarcilio.dyndns.org:8080/webrec.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~1.DLL
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AnyDesk Service (AnyDesk) - Unknown owner - C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: gestorDatabase - Unknown owner - C:\gestor\database\bin\mysqld.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Professional M1210 MFP Series Receive Fax Service (HPM1210RcvFaxSrvc) - HP - C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\WINDOWS\system32\HPSIsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: mysql5.5 - Unknown owner - D:\mysql55\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SiTef - Solução Inteligente para TEF (SiTef) - Software Express Informatica Ltda. - C:\sitef\aplic.win\sitefservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12361 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download AdwCleaner dlsymb.jpg

Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8 ou 8.1, clicar com o botão direito do mouse no arquivo e selecionar: run_as_adm1.png

AdwCleanerMobile_zps74904f3e.jpg

Clique [scan e depois em Clean]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7, 8 ou 8.1:

Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v4.206 - Relatório criado 10/06/2015 às 13:29:55
# Atualizado 01/06/2015 por Xplode
# Base de dados : 2015-06-09.1 [servidor]
# Sistema operacional : Windows 8.1 Pro  (x64)
# Usuário : Bruno - BRUNO
# Executando de : C:\Users\Bruno\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Excluído : C:\ProgramData\Babylon
Pasta Excluído : C:\ProgramData\Tarma Installer
Pasta Excluído : C:\ProgramData\WPM
Pasta Excluído : C:\Program Files (x86)\ShowMyPCService
Pasta Excluído : C:\Users\Bruno\AppData\LocalLow\SimplyTech
Pasta Excluído : C:\Users\Bruno\AppData\Roaming\Babylon
Pasta Excluído : C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Arquivo Excluído : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\PrimoPDFSet.xml
Arquivo Excluído : C:\Users\Bruno\AppData\Roaming\PrimoPDFSet.xml
Arquivo Excluído : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pn0a3mta.default-1373283915124\invalidprefs.js
Arquivo Excluído : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pn0a3mta.default-1373283915124\user.js

***** [ Tarefas agendadas ] *****

Tarefa Apagado : Dealply

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Apagado : HKLM\SOFTWARE\Classes\Prod.cap
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Chave Apagado : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Apagado : HKCU\Software\BABSOLUTION
Chave Apagado : HKCU\Software\Myfree Codec
Chave Apagado : HKCU\Software\simplytech
Chave Apagado : HKCU\Software\Softonic
Chave Apagado : HKCU\Software\AppDataLow\Software\lyrixeeker
Chave Apagado : HKCU\Software\AppDataLow\Software\simplytech
Chave Apagado : HKLM\SOFTWARE\Myfree Codec
Chave Apagado : [x64] HKLM\SOFTWARE\Tarma Installer
Dados Apagado : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Dados Apagado : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Dados Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8080

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v38.0.5 (x86 pt-BR)

-\\ Google Chrome v43.0.2357.124

[C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4415 bytes] - [10/06/2015 13:09:52]
AdwCleaner[s0].txt - [3674 bytes] - [10/06/2015 13:29:55]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3733  bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 8.1 Pro x64
Ran by Bruno on 10/06/2015 at 13:36:31,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\WINDOWS\launcher.exe
Successfully deleted: [File] C:\WINDOWS\wininit.ini

 

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\baidu security
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\ammyy
Successfully deleted: [Folder] C:\ProgramData\baidu security
Successfully deleted: [Folder] C:\ProgramData\baidu
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\baidu antivírus
Successfully deleted: [Folder] C:\Users\Bruno\AppData\Roaming\baidu

 

~~~ FireFox

 

~~~ Chrome

[C:\Users\Bruno\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Bruno\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Bruno\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Bruno\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/06/2015 at 13:44:48,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:57:34, on 10/06/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\notepad.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [VDownloader] "C:\Program Files (x86)\VDownloader\VDownloader.exe" /silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Bruno\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - Startup: BraZipCentral.lnk = C:\Program Files (x86)\BraZipCentral\BraZipCentral.exe
O4 - Startup: Dropbox.lnk = Bruno\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Magic Mouse Utilities.lnk = C:\Program Files (x86)\Magic Mouse Utilities\MagicMouseUtilities.exe
O4 - Startup: vnc.lnk = C:\gestor\bin\tvnserver.exe
O4 - Startup: WinMySQLadmin.lnk = D:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: AnyDesk.lnk = C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O4 - Global Startup: SiTef - Console Controle Geral.lnk = C:\SiTef\APLIC.WIN\ControleGeralSitef.exe
O4 - Global Startup: start betafar.lnk = D:\betafar\start.exe
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Kaspersky PURE - res://C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll/616
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} (SurveillanceCtrl Control) - http://servermarcilio.dyndns.org:8080/webrec.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AnyDesk Service (AnyDesk) - Unknown owner - C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: gestorDatabase - Unknown owner - C:\gestor\database\bin\mysqld.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Professional M1210 MFP Series Receive Fax Service (HPM1210RcvFaxSrvc) - HP - C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\WINDOWS\system32\HPSIsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: mysql5.5 - Unknown owner - D:\mysql55\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SiTef - Solução Inteligente para TEF (SiTef) - Software Express Informatica Ltda. - C:\sitef\aplic.win\sitefservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11734 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Zoek

Descompacte o Arquivo Zoek.exe para Área de Trabalho (Desktop)

Execute-o e copie e cole as linhas abaixo no espaço do Zoek

createsrpoint;

autoclean;

resetieproxy;

resethosts;

iedefaults;

chrdefaults;

emptyCHRcache;

ffdefaults;

firefoxlook;

emptyalltemp;

shortcutfix;

Feche o seu Navegador e clique Run Script

(Durante o Scan a mensagem abaixo será apresentada. Aguarde o término, pode demorar um pouquinho.....

Zoek.exe is running now.

Do not start any browser windows, they will be closed automatically.

Please wait! This window will close when finished.

A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

Caso seja solicitada a Reinicialização do PC, clique em OK .

Poste o Relatório gerado + um novo Log do HijackThis.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Bruno on 10/06/2015 at 16:55:14,95.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bruno\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

10/06/2015 16:56:19 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
 
127.0.0.1       localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Oracle deleted successfully
C:\Users\Bruno\AppData\Roaming\DRPSu deleted successfully
C:\Users\Bruno\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Bruno\AppData\Local\EmieSiteList deleted successfully
C:\Users\Bruno\AppData\Local\EmieUserList deleted successfully
C:\Users\Bruno\AppData\Local\WindowsContactPictures deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pn0a3mta.default-1373283915124\prefs.js:
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pn0a3mta.default-1373283915124\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Bruno\AppData\Roaming\Thunderbird\Profiles\f5396npl.default\prefs.js:

Added to C:\Users\Bruno\AppData\Roaming\Thunderbird\Profiles\f5396npl.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\v90 deleted
C:\PROGRA~2\VDownloader deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\HijackThis.exe deleted
C:\Users\Bruno\AppData\Roaming\WB.CFG deleted
C:\Users\Bruno\AppData\Roaming\VDownloader deleted
C:\Users\Bruno\AppData\Roaming\Wondershare deleted
C:\Users\Bruno\AppData\Roaming\Magic Mouse Utilities.ini deleted
C:\PROGRA~3\tmp90C9.tmp deleted
C:\Users\Bruno\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pn0a3mta.default-1373283915124\jetpack deleted
C:\Users\Public\Desktop\VDownloader.lnk deleted
C:\Users\Bruno\AppData\Roaming\unins000.exe deleted
C:\Users\Bruno\AppData\Roaming\unins001.exe deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pn0a3mta.default-1373283915124
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Bruno\AppData\Roaming\Thunderbird\Profiles\f5396npl.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"quickprint@hp.com"="C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension" [26/01/2011 13:27]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Bruno\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [05/02/2015 14:21]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pn0a3mta.default-1373283915124
- GBBD Caixa Economica Federal - C:\Users\Bruno\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
- DoNotTrackMe: Online Privacy Protection - %ProfilePath%\extensions\donottrackplus@abine.com
- Guardiao Itau Unibanco - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pn0a3mta.default-1373283915124
2E661988463BCFA1B95D4DAAB9B0B6FA - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash
1F096EDEDC302DACC6787D45B9C537E4 - C:\Users\Bruno\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Bruno\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
6C5C8D59CF0FAB004AB572F4F11BC5E0 - C:\Users\Bruno\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
D006D3FEB1F62EB274A42FDDD008985C - C:\Users\Bruno\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal
308CCC725DCC98821D66C59597DEFA60 - C:\Users\Bruno\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas

==== Deleted Firefox Extensions ======================

C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\pn0a3mta.default-1373283915124\extensions\donottrackplus@abine.com deleted

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.124

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[26/03/2013 13:08]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17]
lpoimibckejjdjcfbdnajaicnklhfplh - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh[]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[26/03/2013 13:08]

Bookmark Manager - Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
GBBD Guardião - Itaú 30 horas - Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg

==== Chromium Startpages ======================

C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Preferences
PromoDismissed\":false,\"selectedDestinationId\":\"HP LaserJet Professional M1212nf MFP\",\"selectedDestinationOrigin\":\"local\",\"undefined\":{\"version\":\"1.0\",\"printer\":{\"collate\":{\"default\":true},\"color\":{\"option\":[{\"type\":\"STANDARD_COLOR\",\"is_default\":true},{\"type\":\"STANDARD_MONOCHROME\",\"is_default\":false}]},\"copies\":{\"default\":1},\"page_orientation\":{\"option\":[{\"type\":\"PORTRAIT\",\"is_default\":true},{\"type\":\"LANDSCAPE\"}]}}},\"selectedDestinationName\":\"HP LaserJet Professional M1212nf MFP\",\"customMargins\":null,\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":{\"printer\":{\"collate\":{\"default\":false},\"color\":{\"option\":[{\"is_default\":true,\"type\":\"STANDARD_MONOCHROME\",\"vendor_id\":\"1\"}]},\"copies\":{},\"duplex\":{\"option\":[{\"is_default\":true,\"type\":\"NO_DUPLEX\"},{\"type\":\"LONG_EDGE\"},{\"type\":\"SHORT_EDGE\"}]},\"media_size\":{\"option\":[{\"custom_display_name\":\"Carta\",\"height_microns\":279400,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},{\"custom_display_name\":\"Ofício\",\"height_microns\":355600,\"name\":\"NA_LEGAL\",\"vendor_id\":\"5\",\"width_microns\":215900},{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},{\"custom_display_name\":\"Executivo\",\"height_microns\":266700,\"name\":\"NA_EXECUTIVE\",\"vendor_id\":\"7\",\"width_microns\":184200},{\"custom_display_name\":\"8.5x13 (Personalizado)\",\"height_microns\":330200,\"name\":\"JIS_EXEC\",\"vendor_id\":\"258\",\"width_microns\":215900},{\"custom_display_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"70\",\"width_microns\":105000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"16K 195x270\",\"height_microns\":270000,\"vendor_id\":\"264\",\"width_microns\":195000},{\"custom_display_name\":\"16K 184x260\",\"height_microns\":260000,\"vendor_id\":\"263\",\"width_microns\":184000},{\"custom_display_name\":\"16K 197x273\",\"height_microns\":273000,\"name\":\"ROC_16K\",\"vendor_id\":\"257\",\"width_microns\":197000},{\"custom_display_name\":\"Cartão postal japonês\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"43\",\"width_microns\":100000},{\"custom_display_name\":\"Cartão postal duplo girado\",\"height_microns\":200000,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"82\",\"width_microns\":148000},{\"custom_display_name\":\"Envelope nº10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"20\",\"width_microns\":104600},{\"custom_display_name\":\"Envelope Monarch\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"37\",\"width_microns\":98300},{\"custom_display_name\":\"Envelope B5\",\"height_microns\":250000,\"name\":\"ISO_B5\",\"vendor_id\":\"34\",\"width_microns\":176000},{\"custom_display_name\":\"Envelope C5\",\"height_microns\":229000,\"name\":\"ISO_C5\",\"vendor_id\":\"28\",\"width_microns\":162000},{\"custom_display_name\":\"Envelope DL\",\"height_microns\":220000,\"name\":\"ISO_DL\",\"vendor_id\":\"27\",\"width_microns\":110000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"mediaSize\":{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},\"marginsType\":0,\"vendorOptions\":{},\"dpi\":{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":600},\"selectedDestinationExtensionId\":\"\",\"selectedDestinationExtensionName\":\"\"}","savePath":"C:\\Users\\Bruno\\Desktop\\desk\\Bruno\\Multivix\\IRPF"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]www.YouTube.com,*":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]br.msn.com,*":{"setting":1},"[*.]ead.multivix.edu.br,*":{"setting":1},"[*.]fatclarofixo.embratel.net.br,*":{"setting":1},"[*.]fns2.saude.gov.br,*":{"setting":1},"[*.]globalk.com.br,*":{"setting":1},"[*.]h10025.www1.hp.com,*":{"setting":1},"[*.]portalweb.multivix.edu.br,*":{"setting":1},"[*.]vitoria.multivix.edu.br,*":{"setting":1},"[*.]www.cartaovalemais.com.br,*":{"setting":1},"[*.]www.extranet.com.br,*":{"setting":1},"[*.]www.hotmail.com,*":{"setting":1},"[*.]www.intranet.com.br,*":{"setting":1},"[*.]www.showmypc.com,*":{"setting":1},"[*.]www.ticket.com.br,*":{"setting":1},"https://[*.]bankline.itau.com.br:443,*":{"setting":1},"https://[*.]bay178.mail.live.com:443,*":{"setting":1},"https://[*.]login.live.com:443,*":{"setting":1},"https://[*.]secure.embratel.com.br:443,*":{"setting":1},"https://[*.]www.itau.com.br:443,*":{"setting":1}},"popups":{"[*.]portal.multivix.edu.br,*":{"setting":1},"[*.]portalweb.multivix.edu.br,*":{"setting":1},"[*.]www.wctbiz.com.br,*":{"setting":1},"http://172.10.254.254:8000,*":{"setting":1},"https://[*.]www.itau.com.br:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{",*":{"plugins":1},"[*.]br.msn.com,*":{"plugins":1},"[*.]ead.multivix.edu.br,*":{"plugins":1},"[*.]fatclarofixo.embratel.net.br,*":{"plugins":1},"[*.]fns2.saude.gov.br,*":{"plugins":1},"[*.]globalk.com.br,*":{"plugins":1},"[*.]h10025.www1.hp.com,*":{"plugins":1},"[*.]portal.multivix.edu.br,*":{"popups":1},"[*.]portalweb.multivix.edu.br,*":{"plugins":1,"popups":1},"[*.]vitoria.multivix.edu.br,*":{"plugins":1},"[*.]www.cartaovalemais.com.br,*":{"plugins":1},"[*.]www.extranet.com.br,*":{"plugins":1},"[*.]www.hotmail.com,*":{"plugins":1},"[*.]www.intranet.com.br,*":{"plugins":1},"[*.]www.showmypc.com,*":{"plugins":1},"[*.]www.ticket.com.br,*":{"plugins":1},"[*.]www.wctbiz.com.br,*":{"popups":1},"[*.]www.YouTube.com,*":{"fullscreen":1},"http://172.10.254.254:8000,*":{"popups":1},"https://[*.]bankline.itau.com.br:443,*":{"plugins":1},"https://[*.]bay178.mail.live.com:443,*":{"plugins":1},"https://[*.]login.live.com:443,*":{"plugins":1},"https://[*.]secure.embratel.com.br:443,*":{"plugins":1},"https://[*.]www.itau.com.br:443,*":{"plugins":1,"popups":1},"https://ft.softwareexpress.com.br:443,https://ft.softwareexpress.com.br:443":{"ssl-cert-decisions":{"cert_exceptions_map":{"4294967094GOkCBSmHVIX6a61hSyM22tmSJHcQlbyAaCsTnyCYJR0=":1},"guid":"25B49905-C719-4278-9B85-5085E419526B","version":1}}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Primeiro usuário","password_manager_enabled":false,"per_host_zoom_levels":{}},"protection":{"macs":{}},"safebrowsing":{"extended_reporting_enabled":true},"savefile":{},"selectfile":{"last_directory":"P:\\Bruno"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13045930405905322"},"translate_accepted_count":{"en":0,"es":0,"ru":0},"translate_blocked_languages":["pt"],"translate_denied_count":{"en":92,"es":13,"ru":1},"translate_last_denied_time":1413896000000,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4"
"Default_Search_URL"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
"Search Bar"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
"Search Page"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4"
"Default_Search_URL"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
"Search Bar"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
"Search Page"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=43168&st=bs&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=43168&st=bs&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=43168&st=bs&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=43168&st=bs&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="www.google.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4"
"Default_Search_URL"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
"Search Bar"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
"Search Page"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=43168&st=home&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4"
"Default_Search_URL"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
"Search Bar"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
"Search Page"="http://search.certified-toolbar.com?si=43168&st=chrome&tid=3927&ver=3.5&ts=1370139407126&tguid=43168-3927-1370139407126-D2E7557C3A58CD9362156B17E9EE1AD4&q="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://www.google.com/"
"Start Default_Page_URL"="http://www.google.com/"
"Default_Search_URL"="http://www.google.com/"
"Search Page"="http://www.google.com/"
"Search Bar"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Old Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Bruno\Desktop\Frente de Loja  Caixa.lnk - C:\gestor\bin\caixa.EXE
C:\Users\Bruno\Desktop\Gestor - Retaguarda - Copia - Copia.lnk - C:\gestor\bin\gestor.exe restore
C:\Users\Bruno\Desktop\Gestor - Retaguarda - Copia.lnk - C:\gestor\bin\gestor.exe backup
C:\Users\Bruno\Desktop\Gestor - Retaguarda.lnk - C:\gestor\bin\gestor_report.exe
C:\Users\Bruno\Desktop\Propostas Enviadas - Atalho.lnk - C:\Users\Bruno\Desktop\desk\Propostas Enviadas
C:\Users\Bruno\Desktop\sngpc_plus.EXE.lnk - C:\gestor\bin\sngpc_plus.EXE
C:\Users\Bruno\Desktop\VSPE.lnk - C:\Program Files (x86)\Eterlogic.com\Virtual Serial Ports Emulator\VSPEmulator.exe
C:\Users\Bruno\Desktop\µTorrent.lnk - 
C:\Users\Bruno\Desktop\desk\Agenda.lnk - D:\modulados\sistema.exe
C:\Users\Bruno\Desktop\desk\BetaFar ProAtivo.lnk - D:\betafar\betafar.exe
C:\Users\Bruno\Desktop\desk\BraZipCentral.lnk - C:\Program Files (x86)\BraZipCentral\BraZipCentral.exe
C:\Users\Bruno\Desktop\desk\Caixa.lnk - C:\gestor\bin\caixa.EXE
C:\Users\Bruno\Desktop\desk\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Bruno\Desktop\desk\Dropbox.lnk - C:\Users\Bruno\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Bruno\Desktop\desk\Free ISO Creator.lnk - C:\Program Files (x86)\Free ISO Creator\FreeISOCreator.exe
C:\Users\Bruno\Desktop\desk\Frente de loja.lnk - D:\betafar\caixa.exe
C:\Users\Bruno\Desktop\desk\Gestor.lnk - C:\gestor\bin\gestor.exe
C:\Users\Bruno\Desktop\desk\Intelbras Media Player.lnk - C:\Program Files (x86)\Intelbras Media Player\Intelbras Media Player.exe
C:\Users\Bruno\Desktop\desk\Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Bruno\Desktop\desk\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Bruno\Desktop\desk\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Bruno\Desktop\desk\Programa TED_PAF_ECF.lnk - C:\WINDOWS\Installer\{50197209-75AA-4ACE-B206-3832D102A4C1}\_656B34220E3951075BEC16.exe
C:\Users\Bruno\Desktop\desk\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\Bruno\Desktop\desk\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\Users\Bruno\Desktop\desk\Skype.lnk - C:\WINDOWS\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Bruno\Desktop\desk\SNGPC Plus.lnk - D:\betafar\sngpc_plus.exe
C:\Users\Bruno\Desktop\desk\SQLyog Community.lnk - C:\Program Files (x86)\SQLyog Community\SQLyogCommunity.exe
C:\Users\Bruno\Desktop\desk\TeamViewer.exe - Atalho.lnk - D:\TeamViewerPortable\TeamViewer.exe
C:\Users\Bruno\Desktop\desk\TED_ECF.exe - Atalho.lnk - \\192.168.0.38\c$\SEFAZ\TEDECF\TED_ECF.exe
C:\Users\Bruno\Desktop\desk\Validador Sintegra 2013.lnk - C:\Program Files (x86)\Validador Sintegra 2012\ValidadorSintegra2013.exe
C:\Users\Bruno\Desktop\desk\VDownloader.lnk - C:\Program Files\VDownloader\VDownloader.exe
C:\Users\Bruno\Desktop\desk\Desktop\DANFE View.lnk - C:\DANFEView\danfev.exe
C:\Users\Bruno\Desktop\desk\Desktop\Free MP3 Cutter and Editor.lnk - C:\Program Files (x86)\MuseTips\Free MP3 Cutter and Editor\MP3Cutter.exe
C:\Users\Bruno\Desktop\desk\Desktop\ImgBurn.lnk - C:\Program Files (x86)\ImgBurn\ImgBurn.exe
C:\Users\Bruno\Desktop\desk\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - 
C:\Users\Bruno\Desktop\desk\Desktop\LG PC Suite.lnk - C:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe
C:\Users\Bruno\Desktop\desk\Desktop\MediaCoder x64.lnk - C:\Program Files\MediaCoder\MediaCoder.exe
C:\Users\Bruno\Desktop\desk\Desktop\Receitanet 1.03 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Bruno\Desktop\desk\Desktop\Safe Money.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Bruno\Desktop\desk\Desktop\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\Bruno\Desktop\desk\Desktop\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
C:\Users\Bruno\Desktop\desk\Desktop\Suporte técnico.lnk - 
C:\Users\Bruno\Desktop\desk\Desktop\VIVO INTERNET.lnk - C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe
C:\Users\Bruno\Desktop\desk\Desktop\Wondershare PDF Editor.lnk - C:\Program Files (x86)\Wondershare\PDFEditor\PDFEditor.exe
C:\Users\Bruno\Desktop\desk\Desktop\µTorrent.lnk - 
C:\Users\Bruno\Desktop\desk\Propostas Enviadas\Imagens - Atalho.lnk - C:\Users\Bruno\Pictures

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AnyDesk.lnk - C:\Program Files (x86)\AnyDesk\AnyDesk.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Connect SIM.lnk - C:\Program Files (x86)\Sweda Informática Ltda\Connect SIM\ConnectSIM.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\PRN - Edite.lnk - C:\Edite\Edite.exe
C:\Users\Public\Desktop\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\Users\Public\Desktop\Validador Sintegra 2014.lnk - C:\Program Files (x86)\Validador Sintegra 2015\ValidadorSintegra2014.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk - 
C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bematech\Printers\Virtual Serial Port\Adicionar Porta.lnk - C:\Program Files (x86)\Bematech\Printers\Virtual Serial Port\PortManager.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bematech\Printers\Virtual Serial Port\Desinstalar.lnk - C:\Program Files (x86)\Bematech\Printers\Virtual Serial Port\uninst.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bematech\Printers\Virtual Serial Port\Gerenciador de Dispositivos.lnk - C:\Windows\System32\devmgmt.msc
C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Serial Ports Emulator\Check for updates.lnk - C:\Program Files (x86)\Eterlogic.com\Virtual Serial Ports Emulator\CheckForUpdate.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Serial Ports Emulator\License agreement.lnk - C:\Program Files (x86)\Eterlogic.com\Virtual Serial Ports Emulator\License.rtf
C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Serial Ports Emulator\Product documentation.lnk - C:\Program Files (x86)\Eterlogic.com\Virtual Serial Ports Emulator\VSPEmulator.chm
C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Serial Ports Emulator\Uninstall.lnk - C:\WINDOWS\system32\MSIEXEC.EXE /I {8f3f769d-e9c4-42e5-9b35-82ddce0790c1}
C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Serial Ports Emulator\VSPE.lnk - C:\Program Files (x86)\Eterlogic.com\Virtual Serial Ports Emulator\VSPEmulator.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Serial Ports Emulator\VSPE_API folder.lnk - C:\Program Files (x86)\Eterlogic.com\Virtual Serial Ports Emulator\VSPE_API\Include

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk\AnyDesk.lnk - C:\Program Files (x86)\AnyDesk\AnyDesk.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk\Uninstall AnyDesk.lnk - C:\Program Files (x86)\AnyDesk\AnyDesk.exe  --uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Uninstall Kies 3.lnk - C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe /removeonly
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype para a área de trabalho.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\AnyDesk.lnk - C:\Program Files (x86)\AnyDesk\AnyDesk.exe  --control
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sweda\Connect SIM\Connect SIM.lnk - C:\Program Files (x86)\Sweda Informática Ltda\Connect SIM\ConnectSIM.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sweda\Connect SIM\Manual de Instruções.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Validador Sintegra 2015\Ajuda do Validador Sintegra 2014.lnk - C:\Program Files (x86)\Validador Sintegra 2015\VALIDADORSINTEGRA2014.HLP
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Validador Sintegra 2015\Desinstalar Validador Sintegra 2014.lnk - C:\Program Files (x86)\Validador Sintegra 2015\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Validador Sintegra 2015\Validador Sintegra 2014.lnk - C:\Program Files (x86)\Validador Sintegra 2015\ValidadorSintegra2014.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk - C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe

==== shortcuts in Quick Launch ======================

C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free MP3 Cutter and Editor.lnk - C:\Program Files (x86)\MuseTips\Free MP3 Cutter and Editor\MP3Cutter.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk - C:\Program Files (x86)\ImgBurn\ImgBurn.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SQLyog Community.lnk - C:\Program Files (x86)\SQLyog Community\SQLyogCommunity.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk - C:\Program Files (x86)\VDownloader\VDownloader.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - 
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - 
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bruno\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bruno\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bruno\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Bruno\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Bruno\AppData\Local\Mozilla\Firefox\Profiles\pn0a3mta.default-1373283915124\cache2 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\vlmsgrro.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=788 folders=146 126491598 bytes)

==== Empty Temp Folders ======================

C:\Users\Bruno\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Bruno\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 10/06/2015 at 18:21:23,13 ======================

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:34:21, on 10/06/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\WINDOWS\SysWOW64\notepad.exe
C:\Users\Bruno\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\AnyDesk\AnyDesk.exe
C:\Program Files (x86)\BraZipCentral\BraZipCentral.exe
C:\Program Files (x86)\Magic Mouse Utilities\MagicMouseUtilities.exe
C:\gestor\bin\tvnserver.exe
C:\gestor\bin\tvnserver.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
D:\mysql\bin\winmysqladmin.exe
C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\stpass.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [VDownloader] "C:\Program Files (x86)\VDownloader\VDownloader.exe" /silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Bruno\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - Startup: BraZipCentral.lnk = C:\Program Files (x86)\BraZipCentral\BraZipCentral.exe
O4 - Startup: Dropbox.lnk = Bruno\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Magic Mouse Utilities.lnk = C:\Program Files (x86)\Magic Mouse Utilities\MagicMouseUtilities.exe
O4 - Startup: vnc.lnk = C:\gestor\bin\tvnserver.exe
O4 - Startup: WinMySQLadmin.lnk = D:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: AnyDesk.lnk = C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O4 - Global Startup: SiTef - Console Controle Geral.lnk = C:\SiTef\APLIC.WIN\ControleGeralSitef.exe
O4 - Global Startup: start betafar.lnk = D:\betafar\start.exe
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Kaspersky PURE - res://C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll/616
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} (SurveillanceCtrl Control) - http://servermarcilio.dyndns.org:8080/webrec.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AnyDesk Service (AnyDesk) - Unknown owner - C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: gestorDatabase - Unknown owner - C:\gestor\database\bin\mysqld.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Professional M1210 MFP Series Receive Fax Service (HPM1210RcvFaxSrvc) - HP - C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\WINDOWS\system32\HPSIsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: mysql5.5 - Unknown owner - D:\mysql55\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SiTef - Solução Inteligente para TEF (SiTef) - Software Express Informatica Ltda. - C:\sitef\aplic.win\sitefservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12595 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  

×