Ir ao conteúdo
  • Cadastre-se
M. Meireles

RESOLVIDO Computador lento e mudando página inicial

Recommended Posts

Bom dia,

 

Noto que o computador está processando além do necessário, temo que esteja fazendo operações em segundo plano, tornando-se lento. Além disso, a página principal fica mudando.

Quem mais o usa é minha esposa e ela tentou baixar um player de vídeo quando o problema começou. Ela é leiga no assunto.

Fiz os procedimentos iniciais recomendados e segue no anexo.

 

Agradeço qualquer ajuda.

attach.txt

dds.txt

gmer.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

 

Desculpe a demora :)

 

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde,

 

Algumas informações adicionais:

- Antes de realizar o procedimento, fiz uma limpeza usando o CClaner;
- A página inicial que fica sempre ativa, mesmo quando eu faço a mudança de forma manual é a seguinte:
"www.sweet-page.com/newtab/?type=nt&ts=1401666869&from=cor&uid=ST320LM001XHN-M320MBB_S2TJJ9FC401773"
 Em seguida ela solicita a instalação do Java que claramente é uma página falsa e eu não permiti( figs 1 a 4);
- Ao realizar o procedimento com o DDS, ocorreu o erro conforme figuras 5 a 7, tendo eu clicado em "Fechar Programa" e continuado o DDS até gerar os arquivos txt;

Agradeço antecipadamente
 

post-298119-0-85356800-1403373223_thumb.

post-298119-0-52437500-1403373226_thumb.

post-298119-0-94427000-1403373228_thumb.

post-298119-0-83629800-1403373231_thumb.

post-298119-0-71856700-1403373234_thumb.

post-298119-0-48645900-1403373237_thumb.

post-298119-0-06925500-1403373240_thumb.

attach.txt

dds.txt

gmer.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde,

 

Seguem os logs:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.55.2
Run by USUÁRIO at 13:41:25 on 2014-06-21
Microsoft Windows 7 Starter   6.1.7601.1.1252.55.1046.18.1788.1196 [GMT -3:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\windows\system32\atiesrxx.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\ProgramData\IePluginServices\PluginService.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\xpsrchvw.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1401666869&from=cor&uid=ST320LM001XHN-M320MBB_S2TJJ9FC401773
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401666869&from=cor&uid=ST320LM001XHN-M320MBB_S2TJJ9FC401773
mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1401666869&from=cor&uid=ST320LM001XHN-M320MBB_S2TJJ9FC401773
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401666869&from=cor&uid=ST320LM001XHN-M320MBB_S2TJJ9FC401773&q={searchTerms}
mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1401666869&from=cor&uid=ST320LM001XHN-M320MBB_S2TJJ9FC401773
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1401666869&from=cor&uid=ST320LM001XHN-M320MBB_S2TJJ9FC401773&q={searchTerms}
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - c:\program files\suptab\SupTab.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - c:\program files\samsung anyweb print\W2PBrowser.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\program files\gbplugin\gbieh.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Facebook Update] "c:\users\usuário\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Enviar para o OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\samsung anyweb print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4DE7BD0E-1BF0-4747-8E4F-62967E803C5A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4DE7BD0E-1BF0-4747-8E4F-62967E803C5A}\3465543433 : DHCPNameServer = 192.168.4.1
TCP: Interfaces\{4DE7BD0E-1BF0-4747-8E4F-62967E803C5A}\D41425549425F4 : DHCPNameServer = 192.168.134.221 192.168.130.1 8.8.4.4 208.67.220.220 200.176.2.10 8.8.8.8 208.67.222.222 200.176.2.12 187.18.187.2 187.18.187.4
TCP: Interfaces\{4DE7BD0E-1BF0-4747-8E4F-62967E803C5A}\D464D4D4027594D26494 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginBb - c:\program files\gbplugin\gbieh.dll
AppInit_DLLs= c:\progra~1\suptab\SEARCH~1.DLL
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\program files\gbplugin\gbieh.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\usuário\appdata\roaming\mozilla\firefox\profiles\lb4t6uu9.default\
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-11-22 66688]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-11-22 33408]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-17 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-17 180632]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-2-5 47192]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2013-3-17 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-3-17 411680]
R1 Ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\drivers\gbpndisrdn.sys [2014-4-7 29400]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2011-11-28 10752]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-22 176128]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-19 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-17 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-5-19 50344]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2014-5-22 528424]
R2 IePluginServices;IePlugin Services;c:\programdata\iepluginservices\pluginservice.exe -service --> c:\programdata\iepluginservices\PluginService.exe -service [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-11-29 101392]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-11-10 27632]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2012-4-25 222544]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-11-28 391272]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-11-28 37504]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-11 68312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2012-7-4 8192]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2011-11-29 131888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-06-14 15:15:08    --------    d-----w-    c:\users\usu?rio\appdata\local\Microsoft
2014-06-13 23:08:57    8073384    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{5217460b-ce7f-4301-81e7-7542c09e97c0}\mpengine.dll
2014-06-05 00:21:12    --------    d-----w-    c:\users\usuário\.android
2014-06-05 00:14:26    637848    ----a-w-    c:\windows\system32\npDeployJava1.dll
2014-06-05 00:14:26    567184    ----a-w-    c:\windows\system32\deployJava1.dll
2014-06-01 23:55:27    --------    d-----w-    c:\users\usuário\appdata\roaming\SupTab
2014-06-01 23:55:22    --------    d-----w-    c:\programdata\IePluginServices
2014-06-01 23:55:20    --------    d-----w-    c:\program files\SupTab
2014-06-01 23:55:19    --------    d-----w-    c:\programdata\WPM
2014-06-01 23:55:18    --------    d-----w-    c:\program files\Rock Turner
2014-06-01 23:54:45    --------    d-----w-    c:\users\usuário\appdata\roaming\sweet-page
2014-06-01 23:54:29    --------    d-----w-    c:\users\usuário\appdata\roaming\AppCloudUpdater
2014-06-01 23:54:22    --------    d-----w-    c:\program files\SiteLookup
2014-06-01 23:54:10    --------    d-----w-    c:\users\usuário\appdata\roaming\SimilarSites
2014-05-22 23:50:07    815314    ----a-w-    c:\users\usuário\appdata\roaming\unins000.exe
.
==================== Find3M  ====================
.
2014-06-05 01:28:38    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-05 01:28:38    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-20 01:45:00    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-20 01:45:00    68312    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-05-20 01:44:23    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-05-20 01:44:23    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-05-20 01:44:23    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-20 01:44:23    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-20 01:44:23    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-20 01:44:22    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-11 03:05:16    6103040    ----a-w-    c:\program files\GUT412D.tmp
2014-04-09 13:13:00    489064    ----a-w-    C:\SecurityScanner.dll
2014-04-08 01:11:42    29400    ----a-w-    c:\windows\system32\drivers\gbpndisrdn.sys
2014-03-31 12:35:10    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-03-05 21:55:16    4096000    ----a-w-    c:\program files\GUTD845.tmp
.
============= FINISH: 13:42:54,09 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 27/05/2012 11:11:52
System Uptime: 19/06/2014 17:35:32 (44 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | RV415/RV415
Processor: AMD E-300 APU with Radeon HD Graphics | CPU 1 | 780/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 102 GiB total, 30,227 GiB free.
D: is FIXED (NTFS) - 179 GiB total, 178,768 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
Description:
Device ID: ROOT\PRINTER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
RP162: 03/05/2014 23:48:08 - Ponto de Verificação Agendado
RP164: 19/05/2014 22:42:28 - avast! antivirus system restore point
RP165: 04/06/2014 21:05:32 - Installed Java SE Development Kit 7 Update 2
RP166: 04/06/2014 21:11:08 - Installed JavaFX 2.0.2 SDK
RP167: 04/06/2014 21:13:01 - Installed JavaFX 2.0.2
RP168: 04/06/2014 21:43:29 - Removed Java SE Development Kit 7 Update 2
RP169: 04/06/2014 21:46:52 - Removed JavaFX 2.0.2 SDK
RP170: 04/06/2014 21:49:17 - Removed JavaFX 2.0.2
RP171: 13/06/2014 20:08:10 - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07) - Português
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD VISION Engine Control Center
AppCloudUpdater
Arquivo do WinRAR
Atheros Client Installation Program
avast! Free Antivirus
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Biblia Eletrônica 3.7.5
Broadcom 802.11 Network Adapter
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Controle ActiveX do Windows Live Mesh para Conexões Remotas
CyberLink YouCam
D3DX10
Easy Content Share
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
ETDWare PS/2-X86 10.7.14.12_WHQL
Extended Update
Facebook Video Calling 2.0.0.447
Fast Start
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Google Update Helper
HP Deskjet 3510 series Ajuda
HP Deskjet 3510 series Estudo de aprimoramento de produtos
HP Deskjet 3510 series Software básico do dispositivo
HP Photo Creations
HP Update
HPDiagnosticAlert
HPDiagnosticCoreDll
Java 7 Update 55
Java Auto Updater
Junk Mail filter update
Módulo de Segurança - Banco do Brasil
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft Application Error Reporting
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Movie Color Enhancer
Mozilla Firefox 30.0 (x86 pt-BR)
Mozilla Maintenance Service
MSVCRT
Multimedia POP
My Photo Creations (DATAPHOTO COM DE FOTOGRAFIAS LTDA Edition)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Printer Live Update
Samsung Recovery Solution 5
Samsung Support Center
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
Skype Web Plugin
Skype™ 5.9
Sweet Page
User Guide
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Windows Media Player Firefox Plugin
.
==== End Of File ===========================
 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-21 14:30:21
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000006b ST320LM0 rev.2AR1 298,09GB
Running: mqnhgemy.exe; Driver: C:\Users\USURIO~1\AppData\Local\Temp\pxliafow.sys


---- System - GMER 2.1 ----

SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwAddBootEntry [0x8E045AA0]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwAssignProcessToJobObject [0x8E04657E]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateEvent [0x8E0525C8]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateEventPair [0x8E052614]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateIoCompletion [0x8E0527AE]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateMutant [0x8E052536]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                ZwCreateSection [0x8E0FC6D2]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateSemaphore [0x8E05257E]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateThread [0x8E046AB4]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateThreadEx [0x8E046CD0]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwCreateTimer [0x8E052768]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwDebugActiveProcess [0x8E04736C]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwDeleteBootEntry [0x8E045B06]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwDuplicateObject [0x8E04AB40]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwLoadDriver [0x8E0456F2]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                ZwMapViewOfSection [0x8E0FC7B2]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwModifyBootEntry [0x8E045B6C]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwNotifyChangeKey [0x8E04AF36]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwNotifyChangeMultipleKeys [0x8E047E54]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenEvent [0x8E0525F2]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenEventPair [0x8E052636]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenIoCompletion [0x8E0527D2]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenMutant [0x8E05255C]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenProcess [0x8E04A43A]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenSection [0x8E0526E6]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenSemaphore [0x8E0525A6]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenThread [0x8E04A822]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwOpenTimer [0x8E05278C]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                ZwProtectVirtualMemory [0x8E0FC556]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwQueryObject [0x8E047CC8]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwQueueApcThreadEx [0x8E0479D6]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSetBootEntryOrder [0x8E045BD2]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSetBootOptions [0x8E045C38]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                ZwSetContextThread [0x8E0FC8AE]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSetSystemInformation [0x8E04578C]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSetSystemPowerState [0x8E04595E]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwShutdownSystem [0x8E0458EC]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSuspendProcess [0x8E047536]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSuspendThread [0x8E047698]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwSystemDebugControl [0x8E0459E6]
SSDT    \SystemRoot\system32\drivers\aswSP.sys                                                                ZwTerminateProcess [0x8E0FC624]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwTerminateThread [0x8E0471C6]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwVdmControl [0x8E045C9E]
SSDT    \SystemRoot\system32\drivers\aswSnx.sys                                                               ZwWriteVirtualMemory [0x8E0465DA]

---- Kernel code sections - GMER 2.1 ----

.text   ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                              8305B3C9 1 Byte  [06]
.text   ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                83094D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text   ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                   8309BD80 4 Bytes  [A0, 5A, 04, 8E]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                   8309BE08 4 Bytes  [7E, 65, 04, 8E] {JLE 0x67; ADD AL, 0x8e}
.text   ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                   8309BE5C 8 Bytes  [C8, 25, 05, 8E, 14, 26, 05, ...]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                   8309BE68 4 Bytes  [AE, 27, 05, 8E]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                   8309BE84 4 Bytes  [36, 25, 05, 8E]
.text   ...                                                                                                   
.text   C:\windows\system32\DRIVERS\atikmdag.sys                                                              section is writeable [0x95A2C000, 0x39CC35, 0xE8000020]
?       C:\Users\USURIO~1\AppData\Local\Temp\mbr.sys                                                          O sistema não pode encontrar o caminho especificado. !

---- User code sections - GMER 2.1 ----

.text   C:\windows\system32\csrss.exe[436] kernel32.dll!GetBinaryTypeW + 70                                   76B969F4 1 Byte  [62]
.text   C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[512] kernel32.dll!GetBinaryTypeW + 70          76B969F4 1 Byte  [62]
.text   C:\windows\system32\wininit.exe[520] kernel32.dll!GetBinaryTypeW + 70                                 76B969F4 1 Byte  [62]
.text   C:\windows\system32\csrss.exe[532] kernel32.dll!GetBinaryTypeW + 70                                   76B969F4 1 Byte  [62]
.text   C:\windows\system32\services.exe[580] ntdll.dll!LdrUnloadDll                                          7743C86E 6 Bytes  JMP 71A8000A
.text   C:\windows\system32\services.exe[580] kernel32.dll!FreeLibraryAndExitThread                           76B70368 5 Bytes  JMP 7474C82D C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
.text   C:\windows\system32\services.exe[580] kernel32.dll!FreeLibrary                                        76B7EF67 6 Bytes  JMP 71AF000A
.text   C:\windows\system32\services.exe[580] kernel32.dll!GetBinaryTypeW + 70                                76B969F4 1 Byte  [62]
.text   C:\windows\system32\lsass.exe[596] kernel32.dll!GetBinaryTypeW + 70                                   76B969F4 1 Byte  [62]
.text   C:\windows\system32\lsm.exe[604] kernel32.dll!GetBinaryTypeW + 70                                     76B969F4 1 Byte  [62]
.text   C:\windows\system32\winlogon.exe[720] kernel32.dll!GetBinaryTypeW + 70                                76B969F4 1 Byte  [62]
.text   C:\windows\system32\svchost.exe[732] kernel32.dll!GetBinaryTypeW + 70                                 76B969F4 1 Byte  [62]
.text   ...                                                                                                   
.text   C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1584] kernel32.dll!SetUnhandledExceptionFilter     76B7F4FB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text   C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1584] kernel32.dll!GetBinaryTypeW + 70             76B969F4 1 Byte  [62]
.text   C:\ProgramData\IePluginServices\PluginService.exe[1704] kernel32.dll!GetBinaryTypeW + 70              76B969F4 1 Byte  [62]
.text   C:\windows\system32\Dwm.exe[1828] kernel32.dll!GetBinaryTypeW + 70                                    76B969F4 1 Byte  [62]
.text   C:\windows\System32\spoolsv.exe[1860] kernel32.dll!GetBinaryTypeW + 70                                76B969F4 1 Byte  [62]
.text   C:\windows\Explorer.EXE[1880] ntdll.dll!LdrUnloadDll                                                  7743C86E 6 Bytes  JMP 71A8000A
.text   C:\windows\Explorer.EXE[1880] kernel32.dll!FreeLibraryAndExitThread                                   76B70368 5 Bytes  JMP 7474C82D C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
.text   C:\windows\Explorer.EXE[1880] kernel32.dll!FreeLibrary                                                76B7EF67 6 Bytes  JMP 71AF000A
.text   C:\windows\Explorer.EXE[1880] kernel32.dll!GetBinaryTypeW + 70                                        76B969F4 1 Byte  [62]
.text   C:\windows\Explorer.EXE[1880] RPCRT4.dll!IUnknown_QueryInterface_Proxy                                771A4FC2 6 Bytes  JMP 717D000A
.text   C:\windows\Explorer.EXE[1880] ole32.dll!CoUnmarshalInterface                                          772AF150 6 Bytes  JMP 7180000A
.text   C:\windows\system32\svchost.exe[1932] kernel32.dll!GetBinaryTypeW + 70                                76B969F4 1 Byte  [62]
.text   C:\windows\system32\taskhost.exe[1976] kernel32.dll!GetBinaryTypeW + 70                               76B969F4 1 Byte  [62]
.text   C:\windows\system32\taskeng.exe[2060] kernel32.dll!GetBinaryTypeW + 70                                76B969F4 1 Byte  [62]
.text   C:\Users\USUÁRIO\Desktop\mqnhgemy.exe[2072] kernel32.dll!GetBinaryTypeW + 70                          76B969F4 1 Byte  [62]
.text   C:\windows\system32\wbem\wmiprvse.exe[2396] kernel32.dll!GetBinaryTypeW + 70                          76B969F4 1 Byte  [62]
.text   ...                                                                                                   
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[3000] kernel32.dll!SetUnhandledExceptionFilter      76B7F4FB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[3000] kernel32.dll!GetBinaryTypeW + 70              76B969F4 1 Byte  [62]
.text   C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[3056] kernel32.dll!GetBinaryTypeW + 70         76B969F4 1 Byte  [62]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] kernel32.dll!GetBinaryTypeW + 70             76B969F4 1 Byte  [62]
.text   C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe[3392] kernel32.dll!GetBinaryTypeW + 70  76B969F4 1 Byte  [62]
.text   C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe[3692] kernel32.dll!GetBinaryTypeW + 70   76B969F4 1 Byte  [62]
.text   ...                                                                                                   

---- Devices - GMER 2.1 ----

Device  \Driver\kbdclass \Device\KeyboardClass0                                                               ETD.sys
Device  \Driver\kbdclass \Device\KeyboardClass1                                                               ETD.sys

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe64274d                           
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe64274d (not active ControlSet)       

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro M.Meireles

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

 
# Etapa nº 2 #
 

  • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
No final do scan será aberto um log com o resultado.
Caso algo seja detectado, clique então no botão Remover.
Novamente, no final do scan será aberto um log com o resultado.
Copie todo seu conteúdo e cole em sua próxima resposta.

 
# Etapa nº 3 #
 
Leia as instruções contidas neste link:
 
 
Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
[*]Duplo clique no icone desktopicon.png que está no desktop.
[*]Leia e aceite as condições, digitando 1 e enter.
[*]Computadores com Windows XP deverão instalar o Console de Recuperação:
Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
Clique em "OK" ao EULA.
Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.
[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
[*]Poderá surgir o aviso que é necessário reiniciar o computador.
NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.


NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

 

Fiz os procedimentos como indicado. Não houve nenhuma intercorrência. Abaixo seguem os logs na ordem solicitada. Fico no aguardo.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by USUµRIO on 30/06/2014 at 20:24:47,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\USUµRIO\AppData\Roaming\similarsites"
Successfully deleted: [Folder] "C:\Users\USUµRIO\AppData\Roaming\thinstall"
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{010DE508-90BA-4E3C-ADF6-CAB6281558C2}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{02739F2A-2D13-4C89-8E56-C1FAC5228F5A}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{03E532DC-FE66-4E44-B9F0-A8530B469189}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{04ABDB41-9228-40F0-AB1E-9EC4EDBBF624}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{057BCDEE-2420-41A7-BECF-FFEE09C8B8E8}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{06420F0E-C122-4745-AEDE-3B49CDBB3A71}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{079EFDB0-F38C-4B26-B40E-C7659B65E290}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{094CF481-9469-4B32-B7F8-3E6D08FC55B2}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{097682E2-2A46-44E8-9B29-EBD158AFAB18}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{0B27E3F6-8151-4A6E-A1FA-9A7F361D0A30}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{0B5A1436-A301-4AC5-BE3C-25A4711A2B86}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{0C5522FA-A07C-42B8-995F-0935B33E10B4}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{0D210265-68A1-4DDE-BEAB-4110493A084D}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{0D6E8B7F-67AF-4252-8CCD-9889D4466961}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{0DE7CE6C-A8AC-4BDE-A0A1-014E25BB9A4D}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{0E965022-FDC2-4F38-BF20-946739287C8C}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{100E5322-8B03-4EDF-AE21-66CF12CA111C}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{114DB1F5-AA48-42EA-B3FE-F6002A35EAEA}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{1452143D-3755-4A12-8792-24151E16A3A7}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{14DCD498-CCBA-4A58-A1F0-DE94A525AB1F}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{1568392C-3AF6-4C81-8FB2-A7AA264A3056}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{15E2857F-8989-4DA0-A342-6A0A5E05CADC}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{162B55AB-2047-4644-8B5D-8C95D82898E8}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{16EC027A-10C0-4FD6-9CC5-59E3FF5C32DE}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{178BDE69-A774-47A1-B6D5-0873A65A40A0}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{18D49E93-0FAD-4F83-BB58-6E895A4B4730}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{1965E897-AF9A-46ED-A615-DC45B09CEDC2}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{1B238556-96DF-403C-8BF0-74D38344EF98}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{1BD0F583-0A40-422B-A9DD-32F553B3E55B}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{1F94933C-7D23-4805-8F89-B2A02206A2E1}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{22DE8FB6-3202-43DC-98E7-DA9FDF61A71B}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{23658344-2DCF-4A36-82CA-BCF76DFCA0BD}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{25458EB2-8C83-4C84-93E1-C4A92D22C0D3}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{265A50BF-B8EF-4825-A93B-B83B751AF773}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{27BEACA4-4763-4474-9050-FDD1308D9330}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{29EEF311-BB1E-49F8-A893-F9D0676BDEBC}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{2D2AD46E-3C21-44F4-B7F0-BE3E4CD448FF}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{2DEB4CE5-5784-4A7D-BB95-DBCA225314C4}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{2E71481F-A4A5-40A8-902C-7255C4B3E2F8}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{30046DF1-A7DB-45BE-BF05-9AAA839C442A}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{30EA9A31-68EE-4400-A606-441F3E311314}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{311814A7-0CA4-4982-9F10-87D2BC1C8966}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{31CE6140-DF87-460C-9938-2748EAB5F19E}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{33683DFE-42B0-4D9C-B8D7-3A97F1CD3CFF}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{342F2A23-EA12-4304-9A1C-42CA70412CF8}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{3877F73C-AE9A-42C4-88AD-86564311B5DE}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{3A5B1B50-C0A0-4548-BE9C-1C8AA9035D88}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{3BA6D854-E3FA-4CF2-B746-C1C273B12801}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{3E137334-E7A5-4EFE-9CE5-8819526C48F2}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{3E79EC9E-1C20-4A4E-A801-7BF166D199C7}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{406795F6-DD02-4923-B424-8A4BB9B3423D}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{40E94DBE-5D9F-437E-A98C-4F59D3FB224D}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{412F20F0-4F07-4880-B124-8353632C0BCF}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{41A2EBCA-C6CA-45F9-8DB2-14441537F2EE}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{45A0D007-54D1-4CC0-83E0-E839E31BFFDC}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{475DAF23-3955-4F59-8060-340A60558432}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{49446FF6-DFB2-4D11-AB43-5DCE413B87B5}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{4CC38F70-3C23-4D22-8EC2-84B22AEA35F3}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{5050D108-3E66-461C-92BB-C9F3463F6F02}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{517C8545-4FF2-47DC-911F-C14270457D7E}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{537E2D1C-38CA-4BB8-B87D-F6CBADDCC00D}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{581F31D7-AF61-400C-BCA9-81F69766471D}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{59D994A8-7EF0-4A39-8DE4-8EED78F48FA1}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{5BDC4A3F-3302-4C18-96C4-EF04A998B373}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{5CDEB0F3-925C-4CA1-8214-762995AE7608}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{5E966DC8-79EE-4E4A-9F73-5645D5B7F586}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{5F6C5D7E-44B7-4F6D-AD8D-4B874645FB15}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{6668E509-8613-4D75-AA84-5BD794368074}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{666A7F94-3C12-4CF3-8DF5-D066B09FB392}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{67F7E36E-B2FD-4EC6-8FDD-A3062C822E4A}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{6917A592-48D6-450A-BA90-6F123B1A6566}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{6A038E41-F996-45AC-954D-BC153FF3F9EF}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{6AB94914-C6A7-47AC-A665-7D16E841E66B}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{6B079457-E5F9-4669-98A2-C6A213371166}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{6B32241A-6259-4CCE-98E6-7ABA1A3576FE}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{6DE68435-85FD-4A4C-BE4F-8A96BDB9CFE2}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{6E5B37FD-5556-4D81-845B-28AD3B62D573}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{71F4AB36-AAEA-4B6F-92CA-8529F0B91492}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{724E7D42-DC06-439B-B46E-2FE9B58AAA48}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{744F1F53-C997-46AE-9927-95D6D007B3C2}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{760F7568-4C97-47B8-AF82-2E27B4C6B6C8}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{761181B7-833A-4A11-860E-42B2306EAF1F}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{773BE661-2FCE-4E3A-B9AA-F910DF1B4871}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{786B9048-4D3C-432D-B42F-057D21855DFE}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{7B380532-30B5-4989-A325-5FC915C54E40}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{7E57C591-6035-4512-B0A1-983AFE06F130}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{7F298F3C-EC43-4471-B54D-E4CE047D87EF}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{7F788254-63A1-4FDC-9E01-3C609014363A}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{82BCCFA3-490F-428C-A314-29683D7802AF}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{8322CBF1-07B3-431F-9ED4-91635ACE4E36}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{8359CFA8-C622-4C8F-BF7A-00057AF4E658}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{878FD065-1C4D-46E4-85F0-EE64BC6ABFAF}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{8D3F8F86-AA40-4FDB-8B8C-2EEA95F15899}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{8D488E41-7C50-42E6-AED3-0168A401D5F4}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{8E91F0DF-EFF7-4D6A-A511-B0F40F3D8C52}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{901A630F-BC74-4E04-9A2D-494D22F0282C}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{9125A107-CD1F-4DE5-A519-1F2C67FF4EC2}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{9125CF1D-2978-4D36-AE5B-5AC00575FD1C}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{912AD742-F49A-45B8-BEC7-DBDC9B630104}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{93A27E18-D430-46FE-93F7-EE0FA9D8A8E9}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{93DDBD29-95E9-4632-B1FA-0FD843A02C56}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{95F1770D-4D72-493F-AAAF-F57ACFC11C12}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{96191E15-BF88-48EF-B33C-F56E1460F726}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{96193622-B965-4C6D-B114-5FA597791E9C}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{96A25856-045E-4BE2-99AD-69819B494674}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{98CCF5E9-AB3F-44F2-8E88-1424EF4A1DF5}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{9BAC7659-2973-48D2-AB51-45D6E6E97F17}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{9D083BD5-6556-4E69-8AD6-8ED8FB73533F}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{9D51715E-286F-424E-8B99-A72B7B8CB491}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{9E2F4812-AD38-452D-A986-A8DF64BF2605}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{A2CBE102-1F0A-45F0-AC7F-C5856FFE5D00}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{A37C6947-3B33-4662-9FEF-8FA9A242A925}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{A4043231-1D85-4183-A7FB-92A0D2022B12}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{A6E2020C-41D5-407E-A6F8-90CE47D93C30}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{A8A24CFA-B418-431E-AFE0-68580BCF6C72}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{AA463EDE-9055-4031-B3E2-F3313B0224CB}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{AC38E270-8D8D-430B-A8A0-EE18C5C5D57C}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{AEDD8F77-A572-4624-8140-D9835F5E52CC}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{B0F6D191-ABEE-41C6-8E42-C0E9C613917C}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{B2A5DB1E-3EF3-45C8-99D1-4F6967ACB80E}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{B2D213DB-49B0-44EC-957C-411AC80EAE1F}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{B5C68871-11CF-4A32-A10E-422AFD5270B9}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{B6B0C15A-86F3-46D9-8EAA-C0FB42F1468F}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{B884A680-604C-4D96-ABBA-9151E8C2DF80}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{BA3B5897-264F-455A-A016-EF14B8AA7F96}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{BB348DC1-BED0-43D4-838B-62BC95A9AA2E}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{BB38CAAC-49E1-4436-A361-63C4BE395707}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{BC90C04E-4B4A-43DE-AFF8-3F01A3C935AF}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{BEDCC420-D2D0-4824-BED4-3935E10B417E}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{C1A095A3-5A4F-41C0-8412-A43553D21D8F}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{C1F2B1A5-C482-4740-BA69-D356063DB532}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{C46BDBBA-709E-45AC-8936-8AD5ED9223EB}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{C9834773-6A3C-4006-9222-7DC3B4F3C186}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{C9E1B34D-7CB1-428C-BCF0-B647717FA374}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{CBD217BA-677C-431B-BCAC-4494FB4D0F83}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{CD516664-0842-4F0F-B007-7C5A7709F67D}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{D05730CB-4F38-47E1-AADE-DC5A7DA0A9E4}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{D22F8794-AF33-4826-A3A4-DBA27E68104C}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{D4C129AB-838B-4CAB-9237-24AEA102E03A}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{D65153E4-E1F7-4599-9C19-2A696E66FE1F}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{D72571A4-01AA-4D09-809E-C2A47A9FCD79}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{D751CE22-6328-405C-98B0-1A83A2D633C9}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{D7B45DCB-3990-4DA9-9FAA-CF09BBF585D7}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{D84186D6-E05D-4A37-B08A-031A90D1009C}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{D852A45D-1CE6-4E07-AA58-8C3FC93EEA56}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{DB0210A0-0F8B-4C91-876F-02A3ED899351}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{DC9E2D2A-AAE2-4D70-8F3C-27793AE964BB}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{DFD061DF-75BA-4793-9E3A-5D11E0B9CBB3}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{DFFD1CF0-E674-4343-82CE-C9780AE92DFD}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{E0E09841-8564-44EF-8D93-E9EFE45F28C7}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{E15B2CA1-A6DE-4F0D-95B5-58E06F5A20A7}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{E47FFE0B-8420-4427-AE10-5DF3E58615A4}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{E62CCAAC-39A5-4E7E-B378-E83D10BFF92A}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{E70A7523-19EE-475D-B5CC-78EED30E8FAA}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{EB736A62-387E-4DC6-AC90-2909880D9439}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{EC72F39F-028C-4A23-9B49-7FBAC98F0B88}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{EE2ACDC0-6032-46D6-93AE-051B18D3DEF2}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{EED0286F-6FA7-4D98-8B5E-DC1467D6B7DF}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{EF88FF1A-DFDC-4612-B2C9-6907D3679A28}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{F051DE3B-BD60-4BB7-8266-07A3129546B6}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{F05E57A4-FC03-45EB-B399-64F1464D4D85}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{F161943C-01DE-45A8-96C7-1B1B4BA6CD0C}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{F28F3C8E-E80D-466D-8E6E-DAA77E46393D}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{F48A0FFC-E875-409D-8258-2F62694F9AB4}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{F6096F13-9979-4E91-8352-7F10279917EB}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{F68998EA-7770-43BD-BA0B-A08EE478C140}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{F759BBAC-81BA-4DCD-8CE0-63B81444028B}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{F792E3AC-4F36-463D-9011-B69F21C529DB}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{F9704DAD-D581-4724-9F38-CFAABB610445}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{F9DFC2A4-6F91-41B0-8AE4-219462D1EC0E}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{FAAA2825-BC6A-4D0A-B5D4-593B4254E3CC}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{FCE3268C-D78D-4E0F-8C61-27081DE5F053}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{FD5296C5-D824-4A27-ACDD-EBC9E92426E2}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{FDFDDDCF-3025-475C-97AB-59B95400CCB3}
Successfully deleted: [Empty Folder] C:\Users\USUµRIO\appdata\local\{FFF7AB29-C1F4-4F9F-9AA9-369CE38978EF}



~~~ FireFox

Emptied folder: C:\Users\USUµRIO\AppData\Roaming\mozilla\firefox\profiles\lb4t6uu9.default\minidumps [92 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/06/2014 at 20:41:34,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.214 - Relatório criado 30/06/2014 às 20:49:18
# Atualizado 29/06/2014 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : USUÁRIO - USUARIO-PC
# Executando de : C:\Users\USUÁRIO\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : IePluginServices

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\Program Files\Rock Turner
Pasta Deletada : C:\Program Files\SupTab
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\USUÁRIO\AppData\Roaming\AppCloudUpdater
Pasta Deletada : C:\Users\USUÁRIO\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\USUÁRIO\AppData\Roaming\sweet-page
Arquivo Deletada : C:\Users\USUÁRIO\AppData\Roaming\Mozilla\Firefox\Profiles\lb4t6uu9.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\sweet-page.xml
Arquivo Deletada : C:\windows\Tasks\AppCloudUpdater.job
Arquivo Deletada : C:\windows\System32\Tasks\AppCloudUpdater

***** [ Atalhos ] *****


***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C13AD933-494E-4C44-8FDC-8C45C78CA154}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C13AD933-494E-4C44-8FDC-8C45C78CA154}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BFF1D2F-45E8-42C6-872B-6229FCFA7DFA}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BFF1D2F-45E8-42C6-872B-6229FCFA7DFA}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\AppCloudUpdater
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\sweet-pageSoftware
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppCloudUpdater
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SupTab\SEARCH~1.DLL
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16421

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Mozilla Firefox v30.0 (pt-BR)

[ Arquivo : C:\Users\USUÁRIO\AppData\Roaming\Mozilla\Firefox\Profiles\lb4t6uu9.default\prefs.js ]

Linha deletada : user_pref("browser.newtab.url", "hxxp://www.sweet-page.com/newtab/?type=nt&ts=1401666869&from=cor&uid=ST320LM001XHN-M320MBB_S2TJJ9FC401773");
Linha deletada : user_pref("browser.search.defaultenginename", "sweet-page");
Linha deletada : user_pref("browser.search.selectedEngine", "sweet-page");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://www.sweet-page.com/?type=hppp&ts=1403382060&from=cor&uid=ST320LM001XHN-M320MBB_S2TJJ9FC401773");

*************************

AdwCleaner[R0].txt - [6163 octets] - [30/06/2014 20:46:14]
AdwCleaner[s0].txt - [5371 octets] - [30/06/2014 20:49:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5431 octets] ##########
 

ComboFix 14-06-30.01 - USUÁRIO 30/06/2014  20:59:30.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.55.1046.18.1788.1054 [GMT -3:00]
Executando de: c:\users\USU-RIO\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 208 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\USUÁRIO\AppData\Roaming\unins000.exe
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-06-01 to 2014-07-01  ))))))))))))))))))))))))))))
.
.
2014-07-01 00:15 . 2014-07-01 00:15    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-01 00:07 . 2014-07-01 00:07    0    ----a-w-    c:\windows\system32\drivers\ati2xhxx.sys
2014-07-01 00:05 . 2014-07-01 00:05    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5217460B-CE7F-4301-81E7-7542C09E97C0}\offreg.dll
2014-06-30 23:54 . 2014-06-30 23:54    12568    ----a-w-    c:\windows\system32\drivers\PROCEXP113.SYS
2014-06-30 23:46 . 2014-06-30 23:49    --------    d-----w-    C:\AdwCleaner
2014-06-14 15:15 . 2014-06-14 15:15    --------    d-----w-IO    c:\users\USU?RIO
2014-06-13 23:08 . 2014-05-20 04:18    8073384    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5217460B-CE7F-4301-81E7-7542C09E97C0}\mpengine.dll
2014-06-05 01:29 . 2014-06-05 01:29    --------    d-----w-    c:\users\USUÁRIO\AppData\Local\Adobe
2014-06-05 00:21 . 2014-06-05 00:23    --------    d-----w-    c:\users\USUÁRIO\.android
2014-06-05 00:14 . 2011-11-08 22:56    637848    ----a-w-    c:\windows\system32\npDeployJava1.dll
2014-06-05 00:14 . 2011-11-08 22:56    567184    ----a-w-    c:\windows\system32\deployJava1.dll
2014-06-01 23:54 . 2014-06-01 23:54    --------    d-----w-    c:\program files\SiteLookup
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-05 01:28 . 2012-05-27 17:41    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-05 01:28 . 2012-05-27 17:41    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-20 01:45 . 2014-01-12 00:07    68312    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-05-20 01:45 . 2013-03-18 00:59    411680    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-05-20 01:45 . 2013-03-18 00:59    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-20 01:44 . 2014-05-20 01:44    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-20 01:44 . 2013-03-18 00:59    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-05-20 01:44 . 2013-03-18 00:59    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-20 01:44 . 2013-03-18 00:59    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-05-20 01:44 . 2013-03-18 00:59    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-20 01:44 . 2014-05-20 01:44    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-20 01:44 . 2012-06-07 17:09    271264    ----a-w-    c:\windows\system32\aswBoot.exe
2014-05-11 03:05 . 2014-05-11 03:05    6103040    ----a-w-    c:\program files\GUT412D.tmp
2014-04-09 13:13 . 2014-04-09 13:13    489064    ----a-w-    C:\SecurityScanner.dll
2014-04-08 01:11 . 2014-04-08 01:11    29400    ----a-w-    c:\windows\system32\drivers\gbpndisrdn.sys
2013-03-05 21:55 . 2013-03-04 22:34    4096000    ----a-w-    c:\program files\GUTD845.tmp
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-20 01:44    260976    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-11-04 11463272]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-04-25 2193744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-09 3890208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-05-06 17:25    1600552    ----a-w-    c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 KMService;KMService;c:\windows\system32\srvany.exe [2012-07-05 8192]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 66688]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 33408]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2014-03-14 47192]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-05-20 777488]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-05-20 411680]
S1 Ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2014-04-08 29400]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 10752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-10 176128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-05-20 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-05-20 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-05-20 68312]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2014-05-06 528424]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-18 101392]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 27632]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-04-25 222544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-05-17 391272]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 37504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 01:28]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf6cc6f81d192.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-04 22:34]
.
2014-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-04 22:34]
.
2014-07-01 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-04-01 23:09]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\USUÁRIO\AppData\Roaming\Mozilla\Firefox\Profiles\lb4t6uu9.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\USUÁRIO\AppData\Roaming\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-06-30  21:19:13
ComboFix-quarantined-files.txt  2014-07-01 00:19
.
Pré-execução: 34.652.454.912 bytes disponíveis
Pós execução: 34.445.651.968 bytes disponíveis
.
- - End Of File - - 8F4FD9E87C4FDD89A001E704E7602979
2E5DEBB2116B3417023E0D6562D7ED07
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro M.Meireles

 

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite,

 

Algumas informações adicionais:

- Não sei se tem relação, mas após passar a ferramenta, o Firefox não carrega as páginas, tive que utilizar o IE;

- Após a ação de remoção (quarentena), o software solicitou reinício do sistema, o que fiz como recomendado.

Segue log do Malwarebytes Anti-Malware:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01/07/2014
Scan Time: 19:36:19
Logfile: log1.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.01.08
Rootkit Database: v2014.07.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: USUÁRIO

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 269807
Time Elapsed: 26 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [da82b5e5bac1bc7ae853e66879896f91],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [da82b5e5bac1bc7ae853e66879896f91],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.SuperCool, C:\Users\USUÁRIO\Downloads\AdobeFlashPlayer.exe, Quarantined, [76e6efabe596ce68da3752395aa7d030],
PUP.Optional.OneClickDownloader.A, C:\Users\USUÁRIO\Downloads\crtaspdeusavi.exe, Quarantined, [7fddb9e197e45cdac91cbd5a41c0b749],
PUP.Optional.InstallCore, C:\Users\USUÁRIO\FLV Player\FLVPlayer.exe, Quarantined, [c696cbcfaad188ae7d6e290241bf9a66],

Physical Sectors: 0
(No malicious items detected)

(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro M.Meireles

 

>>> Desinstale o Firefox, baixe a nova versão e reinstale e me informe se resolveu. ;)

 

# Etapa nº 1 #
 
Faça o download do Kaspersky AVP Tool de um desses links:
 
Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. 
Somente o campo "email" é obrigatório.
Informe seu email depois clique no botão Submit Form.
A página será recarregada. Clique no botão Download
Salve-o em sua área de trabalho (Desktop).
Execute o arquivo e aguarde a instalação.
  • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

 
KRT_settings.png
 
Nesta tela, marque a caixa ao lado de:
Meu Computador; 
Disco local (C:);
Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
Depois clique na aba Automatic Scan.

 
KRT_install2_.png
 
De volta à tela inicial do programa, clique no botão Start scanning;
Tenha paciência, é um pouco demorado;
Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

 
KRT_detection_.png
 
Uma vez finalizado o scan, proceda da seguinte forma:
Na tela principal, caso tenha sido detectado algo, então salve o log
Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). 
Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
Escolha um local de fácil acesso e salve como log.txt
Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
Se nada for detectado, então não precisa salvar o log, apenas avise.
Para sair do programa, basta clicar no X no canto superior direito.

 

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

 
# Etapa nº 2 #
 
Faça o download do SecurityCheck e salve em seu Desktop
 
Clique duas vezes no SecurityCheck.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

Pressione qualquer tecla para continuar... será aberto um relatório
Copie todo seu conteúdo e cole em sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

 

O firefox voltou a funcionar sem precisar reinstalar e está muito melhor, sem alterar página principal.

O processo transcorreu normalmente. Demorou umas 3 horas só no kaspesky.

Fico no aguardo.

 

Seguem os logs:

 

 

Kaspersky

---------------

Status: Detected   (events: 1)    
03/07/2014 20:17:52    Detected    adware not-a-virus:AdWare.Win32.Agent.aljt    C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir    Medium    
 

---------------

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java 7 Update 55  
 Java version out of Date!
 Adobe Flash Player     14.0.0.125  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro M.Meireles

 

# Etapa nº 1 #
 
Atualize o Java.
 
Atenção: Desinstale TODAS as versões antigas do Java.
  • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
  • Acesse o site Java para Windows
  • Clique em 4531602912_e9606174d3_o.gif
  • Na janela que surgir clique em Executar;
  • Siga os procedimentos de instalação.

 
>>>> Como está o computador?
 
# Etapa nº 2 #
 
Vamos desinstalar o ComboFix:
 
Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido. 
 
Ou se preferir vá em,
 
iniciar > executar e digite  Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.
 
# Etapa nº 3 #
 
Faça download do OTC by OldTimer e salve em seu desktop.
  • Clique duas vezes no ícone 4142006426_4719050954_o.gif
  • Clique em executar;
  • Clique em seu único botão (imagem abaixo):
4141259853_5a542d5908_o.jpgPermita que seu computador seja reiniciado.

 
# Etapa nº 4 #
 
  • Novamente: clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Desinstalar
  • Clique em Sim, aguarde.
 
# Etapa nº 5 #
 
<<@>> Instale o CCleaner
 
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner
IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
Abra o programa e clique em Executar Limpeza;
clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
 
Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

 

Segui os procedimentos acima e creio que o problema foi resolvido. Gostaria apenas de saber o que houve.

 

Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×