Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo

Mensagem Recomendada

Prezados, gostaria por favor de pedir uma ajuda com a análise do log.

No ultimos dias tenho recebido alertas de atividades suspeitas em redes sociais e estou receoso de algum programa estar rodando no PC e enviando dados a alguém.

Fiz todos os procedimentos e li as instruções do Tópico.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:05:39, on 09/04/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\pccli\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (file missing)
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [Lightshot] C:\Program Files\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
O4 - HKCU\..\Run: [Google Update] C:\Users\pccli\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\pccli\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Kaspersky Anti-Virus 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: Bloqueio de Dispositivos / Auditoria do HP ProtectTools  (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\73.0.3683.86\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
O23 - Service: lmab_device -   - C:\Windows\system32\LMabcoms.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: YSearchUtilSvc - Yahoo Inc. - C:\Program Files\Yahoo!\yset\{103A5537-49E1-2B40-8D86-D33CAEEBF055}\YSearchUtilSvc.exe

--
End of file - 12060 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho)

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do Programa e selecione  executar-como-administrador.png

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado (editado)

Segue os logs:

~ ZHPCleaner v2019.4.7.44 by Nicolas Coolman (2019/04/07)
~ Run by pccli (Administrator)  (09/04/2019 10:50:58)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\pccli\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\pccli\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (2)
REPLACED: 0.0.0.1    mssplus.mcafee.com
Number of found redirections 1/33


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (56)
MOVED file: C:\Users\pccli\AppData\Roaming\unins000.exe [ - Setup/Uninstall]  =>Adware.Pirrit
MOVED file: C:\Users\pccli\AppData\Roaming\unins001.exe [ - Setup/Uninstall]  =>Adware.Pirrit
MOVED file: C:\Program Files\Skillbrains\lightshot\Lightshot.exe [Copyright 2009 - Starter Module]  =>.SUP.Skillbrains
MOVED file: C:\Windows\System32\drivers\mcaudrv.sys [Visicom Media Inc. - ManyCam Virtual Microphone]  =>ManyCam LLC
MOVED file: C:\Windows\System32\drivers\mcvidrv.sys [Visicom Media Inc. - ManyCam Virtual Webcam Driver]  =>ManyCam LLC
MOVED file: C:\Windows\Installer\wix{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVED file: C:\Windows\Installer\44ae7.msp    =>.SUP.Obsolete.Adobe
MOVED file: C:\Windows\Installer\6f8e7.msp    =>.SUP.Obsolete.Adobe
MOVED file: C:\Windows\Installer\eb50d.msp    =>.SUP.Obsolete.Adobe
MOVED folder^: C:\Program Files\Skillbrains  =>.SUP.Skillbrains
MOVED folder: C:\Users\pccli\AppData\Local\Google\Update  =>Heuristic.Suspect
MOVED folder: C:\Users\pccli\AppData\Local\{02A1FBF7-9B74-43AB-8EE6-5055147A007D}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{0B2BEB11-2A21-47A6-A671-0EFAB7FCF37E}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{1216355E-3DCC-4474-8648-E5F9A31F4F62}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{1379C3A7-FE83-4FFD-9EC6-5F7731BD63E7}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{16DB4486-F790-4A8C-BAFE-C9186A676FFA}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{1CD9AF7D-F6D9-4D0D-A131-080FB02E6B27}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{25C3EED7-7CB4-4194-A40E-DF7C2E5A2829}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{290FDA3B-822B-4D8B-9833-0DD324C78EDB}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{2CB4E9FC-2E81-4180-8289-237F57E6264A}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{2FDB523B-F1AF-4321-9C21-40A56AB1E733}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{3AFB4D70-3FBE-4967-A555-EAED605ED100}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{4011F03D-07ED-4E46-9785-E90CE0178DFA}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{4627122B-4DE4-49E2-9A20-186A36BA62C4}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{4A4758E7-AADF-42CA-8D85-8F77AD25DAE5}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{4F6329CE-C524-4141-81B7-4A701882D7CF}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{5EC5B025-2C20-4F25-8D8D-E37AC1622A27}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{661E5EB9-4812-47EE-A729-D0FBB4C96C19}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{76E58DCF-8B4B-4947-A35D-F84AC03D346A}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{79DEDD32-A384-49CA-9F1F-9626B5865309}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{7A34F6B5-5E72-4C78-A387-37B8781BF60C}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{804BB5BE-0F58-437A-BE03-19603E76CE4D}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{897612B9-FE4E-46CF-8325-2377A1F0B87B}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{91924E2B-A937-475E-A84D-10ED5AF64B45}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{92EF7A11-69A2-4037-BDEE-F4B8E6826195}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{960119EB-3090-439F-94DE-C3848EF1817F}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{9EDF0075-897F-4738-B480-D4E8E9492E51}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{9EDFA52A-7856-45ED-8F95-A95BB60EE232}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{A081FC85-F5EF-4210-93D3-AF64F92BA2FE}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{A27515BB-0F3F-4D6F-AD36-0EE53FF74F9A}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{A2FDF454-FF59-4376-B01F-3ACC16E5C255}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{A3EBA9E0-8EE2-4EAB-BB14-D38B6161C92E}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{AC151288-7A21-4153-8B49-BBB733E8F479}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{B3D7753E-F436-4D2F-83F8-902A226A5308}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{BA2016DF-A2C3-4CB5-8E0D-DEEC0387EA7B}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{C57DC8EB-B017-45A8-A498-5D2CDD74C4C0}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{CB83823F-3904-4D2B-85A0-C2C8F4083C70}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{CE4A0138-450F-4FD7-B750-5CE8048BBEEC}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{CED7A9F1-4A9D-4C36-A569-6A624B5A5C28}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{D00CA623-0906-42FA-98E7-867981E98F7C}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{D93B8C8A-1809-40E2-9AF5-3EBEB9526047}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{E047BAE9-0415-4EDD-B19D-904E31853A77}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{E23DDAD9-A738-4DA6-BC27-DBB045757EBB}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{F7857244-7073-4250-AED4-93F219C694BC}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\Local\{FF9C89A1-D7A2-4E8A-AECE-1F655E70D6E6}  =>.SUP.Empty
MOVED folder: C:\Users\pccli\AppData\LocalLow\Oracle  =>.SUP.Empty


---\\  Registry ( Key, Value, Data) (173)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF] [Ask.com]  =>Toolbar.Ask
DELETED key: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF] [Ask.com]  =>Toolbar.Ask
DELETED key**: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF]  =>Toolbar.Ask
DELETED key**: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF]  =>Toolbar.Ask
DELETED key*: HKLM\SOFTWARE\DT soft\Daemon Tools toolbar []  =>PUP.Optional.DaemonToolsToolbar
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B1FreeArchiver [Catalina Group Ltd]  =>.SUP.CatalinaMarketing
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains]  =>.SUP.Skillbrains
DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lightshot [C:\Program Files\Skillbrains\lightshot\Lightshot.exe]  =>.SUP.Skillbrains
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre7\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\de\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\es\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\fr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\it\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\ja\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\ko\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\ru\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hans\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\zh-Hant\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\ar\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\bg\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\ca\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\cs\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\da\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\el\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\et\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\eu\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\fi\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\he\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\hr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\hu\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\id\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\lt\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\lv\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\ms\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\nl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\no\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\pl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt-BR\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\pt\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\ro\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\sk\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\sl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Cyrl-CS\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\sr-Latn-CS\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\sv\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\th\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\tr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\uk\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\4.1.10329.0\vi\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\de\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\es\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\fr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\it\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\ja\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\ko\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\ru\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\zh-Hans\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\zh-Hant\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\ar\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\bg\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\ca\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\cs\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\da\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\el\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\et\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\eu\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\fi\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\he\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\hr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\hu\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\id\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\lt\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\lv\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\ms\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\nl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\no\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\pl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\pt-BR\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\pt\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\ro\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\sk\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\sl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\sr-Cyrl-CS\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\sr-Latn-CS\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\sv\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\th\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\tr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\uk\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.20125.0\vi\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\de\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\es\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\fr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\it\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\ja\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\ko\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\ru\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\zh-Hans\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\zh-Hant\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\ar\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\bg\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\ca\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\cs\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\da\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\el\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\et\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\eu\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\fi\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\he\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\hr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\hu\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\id\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\lt\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\lv\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\ms\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\nl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\no\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\pl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\pt-BR\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\pt\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\ro\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\sk\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\sl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\sr-Cyrl-CS\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\sr-Latn-CS\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\sv\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\th\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\tr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\uk\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40416.0\vi\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\de\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\es\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\fr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\it\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\ja\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\ko\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\ru\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\zh-Hans\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\zh-Hant\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\ar\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\bg\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\ca\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\cs\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\da\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\el\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\et\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\eu\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\fi\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\he\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\hr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\hu\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\id\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\lt\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\lv\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\ms\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\nl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\no\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\pl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\pt-BR\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\pt\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\ro\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\sk\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\sl\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\sr-Cyrl-CS\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\sr-Latn-CS\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\sv\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\th\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\tr\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\uk\ [No Folder]  =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Microsoft Silverlight\5.1.40728.0\vi\ [No Folder]  =>.SUP.Obsolete.NoFolder


---\\  Summary of the elements found (10)
https://nicolascoolman.eu/2017/02/25/adware-pirrit/ =>Adware.Pirrit
https://nicolascoolman.eu/2019/01/sup-skillbrains =>.SUP.Skillbrains
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>ManyCam LLC
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.Adobe
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect
https://nicolascoolman.eu/2017/02/28/toolbar-ask/ =>Toolbar.Ask
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.DaemonToolsToolbar
https://nicolascoolman.eu/2017/09/16/sup-catalinamarketing/ =>.SUP.CatalinaMarketing
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.NoFolder


---\\  Other deletions. (152)
~ Registry Keys Tracing deleted (152)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 2242
~ Items found : 0
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 0


~ End of clean in 00h00mn42s

---\\  Reports (2)
 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:41, on 09/04/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
C:\Windows\system32\taskeng.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\pccli\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (file missing)
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
O4 - HKCU\..\Run: [Google Update] C:\Users\pccli\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\pccli\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Kaspersky Anti-Virus 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: Bloqueio de Dispositivos / Auditoria do HP ProtectTools  (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\73.0.3683.86\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
O23 - Service: lmab_device -   - C:\Windows\system32\LMabcoms.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: YSearchUtilSvc - Yahoo Inc. - C:\Program Files\Yahoo!\yset\{103A5537-49E1-2B40-8D86-D33CAEEBF055}\YSearchUtilSvc.exe

--
End of file - 11793 bytes

 

Editado por augustomaciel

O texto do hijack saiu riscado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mb3-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 09/04/2019
Hora da análise: 11:52
Arquivo de registro: 0fbe63a2-5ad7-11e9-aa57-00ff45ac5b50.json

-Informação do software-
Versão: 3.7.1.2839
Versão de componentes: 1.0.563
Versão do pacote de definições: 1.0.10068
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: pccli-HP\pccli

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 223081
Ameaças detectadas: 10
Ameaças em quarentena: 10
Tempo decorrido: 15 min, 24 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 1
PUP.Optional.ASK, HKU\S-1-5-21-3561672157-2773084743-3070276630-501\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}, Quarentena, [2], [184156],1.0.10068

Valor de registro: 1
PUP.Optional.ASK, HKU\S-1-5-21-3561672157-2773084743-3070276630-501\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, Quarentena, [2], [184156],1.0.10068

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 8
PUP.Optional.ASK.OPC, C:\USERS\PCCLI\APPDATA\ROAMING\UTORRENT\UPDATES\3.4.2_32354.EXE, Quarentena, [12943], [639652],1.0.10068
PUP.Optional.Catalina, C:\PROGRAM FILES\B1 FREE ARCHIVER\B1.EXE, Quarentena, [509], [635491],1.0.10068
PUP.Optional.Catalina, C:\PROGRAM FILES\B1 FREE ARCHIVER\B1SHELLEXT32.DLL, Quarentena, [509], [635491],1.0.10068
PUP.Optional.Catalina, C:\PROGRAM FILES\B1 FREE ARCHIVER\WINSETUP32.EXE, Quarentena, [509], [635491],1.0.10068
PUP.Optional.Catalina, C:\PROGRAM FILES\B1 FREE ARCHIVER\B1MANAGER.EXE, Quarentena, [509], [635491],1.0.10068
Generic.Malware/Suspicious, C:\USERS\PCCLI\DOWNLOADS\CUTEWRITER.EXE, Quarentena, [0], [392686],1.0.10068
RiskWare.Tool.CK, C:\USERS\PCCLI\DESKTOP\DESKTOP\DESIGN SCIENCE MATHTYPE 6.7\SENHAS\MATHTYPE.6.7A.KEYGEN-CORE.RAR, Quarentena, [5730], [55248],1.0.10068
RiskWare.Tool.CK, C:\USERS\PCCLI\DESKTOP\DESKTOP\DESIGN SCIENCE MATHTYPE 6.7.RAR, Quarentena, [5730], [55248],1.0.10068

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:22:07, on 09/04/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
C:\Users\pccli\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\pccli\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (file missing)
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
O4 - HKCU\..\Run: [Google Update] C:\Users\pccli\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\pccli\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = C:\Users\pccli\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Kaspersky Anti-Virus 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: Bloqueio de Dispositivos / Auditoria do HP ProtectTools  (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\73.0.3683.86\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
O23 - Service: lmab_device -   - C:\Windows\system32\LMabcoms.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: YSearchUtilSvc - Yahoo Inc. - C:\Program Files\Yahoo!\yset\{103A5537-49E1-2B40-8D86-D33CAEEBF055}\YSearchUtilSvc.exe

--
End of file - 11912 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu Antivírus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu Desktop (Área de Trabalho).

Dê um duplo clique no seu ícone no Desktop.

Marque "YES, I accept the Terms of Use." Clique em Start.

Aceite qualquer Aviso de Segurança de seu Navegador

Marque as Opções abaixo:

Enable detection of potencially unwanted applications.

Clique em Hide advanced settings e marque:

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology 

Clique Change e marque também a caixa Computador.

Clique em Start.

Ele vai atualizar por conta própria, e escanear o Computador. Tenha paciência, o processo pode demorar horas. Quando o Scan terminar, clique em List Threats.

Clique em Export to text file e salve o Log na sua Área de Trabalho.

Copie e cole o conteúdo em sua próxima resposta.

Obs: Se nada for encontrado, nenhum Log será gerado.

Clique em Back.

Clique em Finish.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

C:\Users\pccli\Desktop\desktop\icq_rfrset.exe    a variant of Win32/MailRu.O potentially unwanted application    cleaned by deleting
C:\Users\pccli\Documents\Downloads\Compressed\Internet Download Manager 6.18 build 4 Final Retail [ChingLiu].rar    a variant of Win32/HackTool.Patcher.BY potentially unsafe application    deleted
C:\Users\pccli\Downloads\ccsetup402.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
F:\desktop\desktop\Design Science MathType 6.7.rar    a variant of Win32/Keygen.BH potentially unsafe application    deleted
F:\desktop\desktop\icq_rfrset.exe    a variant of Win32/MailRu.O potentially unwanted application    cleaned by deleting
F:\desktop\desktop\Design Science MathType 6.7\Senhas\MathType.6.7a.keygen-CORE.rar    a variant of Win32/Keygen.BH potentially unsafe application    deleted
F:\soft\Design Science MathType 6.7\Senhas\MathType.6.7a.keygen-CORE.exe    a variant of Win32/Keygen.BH potentially unsafe application    cleaned by deleting
F:\soft\Design Science MathType 6.7\Senhas\MathType.6.7a.keygen-CORE.rar    a variant of Win32/Keygen.BH potentially unsafe application    deleted
F:\UFSM\2014_1\Estatistica A\uTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo. (Y)  

Download  DelFix, e salve no seu Desktop (Área de Trabalho). Dê um duplo-clique no delfix.exe para executá-lo.
 
No Windows 7, 8 e 10: Clique com o direito sobre o delfix.exe e selecione Executar como Administrador
 
Marque a caixa conforme a imagem.abaixo

DellFix.jpg

Clique no botão Executar. Isso removerá os Programas usados na desinfecção, Pastas e Arquivos criados por eles e o próprio DelFix.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...