Ir ao conteúdo
  • Cadastre-se
Mozart Santana

Modificar pasta padrão do usuário

Recommended Posts

Então, meu computador estava meio lento e usei uns anti-vírus para deleta-los. Quando usei o programa chamado Adwcleaner, pediu para reainiciar o pc, até ai tudo bem, só que quando reiniciei, a pasta padrão do perfil de usuário havia mudado ( como na imagem). A pasta que eu uso é a Mozart e mudou para mozart.MOZART. nesta nova pasta n tem absolutamente nada, nem programas fixados na barra de tarefas. queria saber se tem como voltar para  a pasta antiga ou fazer uma nova sem precisar fazer o backup e formatar.

area de trabalho.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vê se tem um ponto de restauração anterior ao ocorrido...

 

Estranho adwcleanner ter causado isto, ele não mexe com pastas de usuários e além disso só remove o que você aceita(seleciona)...Ele mostra antes o que detecta como malware, você aceita remover e reinicia como parte do processo de limpeza.

 

Poste o log que ele cria em     C:\adwcleanner   para verificar o que ele encontrou e removeu.

 

 

 

 

Editado por tekinha

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cada um tem a data em que foi criado, tem ao menos 3 com a data de hoje...

Abra e veja o que eles  indicam que foi removido .

Editado por tekinha

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vou colocar todas com a data de hj. 

# AdwCleaner v6.030 - Relatório criado 28/10/2016 às 12:38:58
# *Updated on 19/10/2016 by Malwarebytes
# Banco de dados : 2016-10-28.1 [Servidor]
# Sistema operacional : Windows 8 Single Language  (X64)
# Usuário : Mozart - MOZART
# Executando de : C:\Users\Mozart\Downloads\AdwCleaner.exe
# Limpar
# Apoio : hxxps://www.malwarebytes.com/support

***** [ Serviços ] *****

[-] Políticas do IE excluídasSpyHunter 4 Service


***** [ Pastas ] *****

[-] RestauradoC:\ProgramData\SecTaskMan
[-] RestauradoC:\ProgramData\avg web tuneup
[-] RestauradoC:\ProgramData\SlimWare Utilities, Inc
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\SecTaskMan
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\SlimWare Utilities, Inc
[-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[-] RestauradoC:\Program Files (x86)\orbitdownloader
[-] RestauradoC:\Program Files (x86)\avg web tuneup
[-] RestauradoC:\Program Files (x86)\QQBrowser
[-] RestauradoC:\Program Files (x86)\SlimDrivers
[-] RestauradoC:\Program Files (x86)\Common Files\AVG Secure Search
[-] RestauradoC:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
[-] RestauradoC:\Users\Mozart\AppData\Roaming\Profiles\yzzfdyu4.default
[-] RestauradoC:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Arquivos ] *****

[-] RestauradoC:\Users\Mozart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[-] RestauradoC:\Users\Mozart\Desktop\SpyHunter.lnk
[-] RestauradoC:\WINDOWS\SysNative\drivers\netfilter2.sys
[-] RestauradoC:\spyhunter.fix
[-] RestauradoC:\Users\Public\Desktop\SlimDrivers.lnk
[-] RestauradoC:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Tarefas agendadas ] *****

[-] Chaves %sTracing%s excluídasSlimDrivers Startup


***** [ Registro ] *****

[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.001
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.7z
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.arj
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.bz2
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.cab
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.cpio
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.deb
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.dmg
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.fat
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.gz
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.gzip
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.hfs
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.iso
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.lha
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.lzh
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.lzma
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.rar
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.rpm
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.swm
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.tar
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.taz
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.tbz
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.tgz
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.tpz
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.txz
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.vhd
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.wim
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.xar
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.xz
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.z
[-] RestauradoHKLM\SOFTWARE\Classes\WinZippers.zip
[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\mailUpdate
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\mailUpdate
[-] RestauradoHKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] RestauradoHKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] RestauradoHKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] RestauradoHKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] RestauradoHKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] RestauradoHKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] RestauradoHKLM\SOFTWARE\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
[-] RestauradoHKLM\SOFTWARE\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] RestauradoHKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] RestauradoHKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] RestauradoHKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] RestauradoHKU\S-1-5-21-3707292403-3116427347-3285291159-1001\Software\Orbit
[-] RestauradoHKU\S-1-5-21-3707292403-3116427347-3285291159-1001\Software\ProgSense
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] *Key deleted on reboot: HKCU\Software\Orbit
[#] *Key deleted on reboot: HKCU\Software\ProgSense
[-] RestauradoHKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] RestauradoHKLM\SOFTWARE\Orbit
[-] RestauradoHKLM\SOFTWARE\SlimWare Utilities Inc
[-] RestauradoHKLM\SOFTWARE\AVG Tuneup
[-] RestauradoHKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] RestauradoHKLM\SOFTWARE\WinZiper
[-] RestauradoHKLM\SOFTWARE\EnigmaSoftwareGroup
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}
[#] *Key deleted on reboot: [x64] HKCU\Software\Orbit
[#] *Key deleted on reboot: [x64] HKCU\Software\ProgSense
[-] Restaurado[x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C2A08C5-FE74-412B-9160-B008E6D3A4C1}
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7BD8146798CEA704D860BE01414B8E51
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [3D BubbleSound]
[-] RestauradoHKU\S-1-5-21-3707292403-3116427347-3285291159-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Gameo]
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
[-] RestauradoHKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] RestauradoHKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin


***** [ Verificando navegadores ... ] *****

[-] Chrome preferences reset"browser.newtab.url" -  "hxxp://www.yessearches.com/?ts=AHEqAn8kB34qA0..&v=20160513&uid=D929FDE831EA126CD2811E9EE697D39B&ptid=sto&mode=loadm"
[-] Chrome preferences reset"browser.search.defaultenginename" -  "yessearches"
[-] Chrome preferences reset"browser.search.defaultenginename.US" -  "data:text/plain,browser.search.defaultenginename.US=yessearches"
[-] Chrome preferences reset"browser.search.searchengine.hp" -  "hxxp://www.yessearches.com/?ts=AHEqAn8kB34qA0..&v=20160513&uid=D929FDE831EA126CD2811E9EE697D39B&ptid=sto&mode=loadm"
[-] Chrome preferences reset"browser.search.searchengine.sp" -  "hxxp://www.yessearches.com/chrome.php?mode=ffsengext&ptid=sto&q={searchTerms}&ts=AHEqAn8kB34qA0..&uid=D929FDE831EA126CD2811E9EE697D39B&v=20160513"
[-] Chrome preferences reset"browser.search.searchengine.url" -  "hxxp://www.yessearches.com/chrome.php?mode=ffsengext&ptid=sto&q={searchTerms}&ts=AHEqAn8kB34qA0..&uid=D929FDE831EA126CD2811E9EE697D39B&v=20160513"
[-] Chrome preferences reset"browser.search.selectedEngine" -  "yessearches"
[-] Chrome preferences reset"extensions.mywebsearch.prevKwdEnabled" -  true
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE" -  "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0\"},{\"b\":224520318,\"c\":\"mindspark.full\",\"p\":\"L.0.1\"},{\"b\":224520322,\"c\":\"mindspark.imagesearch\",\"p\":\"L.0.2\"},{\"b\":224520325,\"c\":\"mindspark.advanced\",\"p\":\"L.0.3\"},{\"b\":224520328,\"c\":\"mindspark.directorysearch\",\"p\":\"L.0.4\"},{\"b\":224520265,\"c\":\"mindspark.search\",\"p\":\"L.1\"},{\"b\":224520267,\"c\":\"mindspark.ask\",\"p\":\"R.0\"},{\"b\":224520332,\"c\":\"mindspark.wrench\",\"p\":\"R.1\"}]"
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.browser.version.last" -  "42.0"
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.firstKnownVersion" -  "7.38.8.45986"
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.homepage" -  "/index.jhtml?n=782a80d6"
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.hp.enabled" -  true
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.hp.guardType" -  "HPR"
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.initialized" -  true
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.installation.installDate" -  "2016051414"
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.installation.success" -  true
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.lastActivePing" -  "1463720684229"
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.lastKnownVersion" -  "7.38.8.45986"
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.lssState" -  "{\"previousLocales\":[\"pt-BR\",\"pt\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supportedLocale\":\"pt\",\"previousLocale\":\"pt\"}"
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.options.defaultSearch" -  false
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.options.homePageEnabled" -  false
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.options.keywordEnabled" -  true
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.options.tabEnabled" -  false
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language" -  "en"
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type" -  "Toolbar"
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.successUrl" -  "hxxp://www.yessearches.com/chrome.php?uid=D929FDE831EA126CD2811E9EE697D39B&ptid=sto&ts=AHEqAn8kB34qA0..&v=20160513&mode=ffexttoolbar&q="
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.toolbarCollapsed" -  false
[-] Chrome preferences reset"extensions.toolbar.mindspark._brMembers_.uninstallTasks" -  "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\\\Mozart\\\\AppData\\\\Roaming\\\\Profiles\\\\qs2hi58k.default\\\\YourGSearchFinder_br\\\\STUB.sqlite\",\"C:\\\\Users\\\\Mozart\\\\AppData\\\\Roaming\\\\Profiles\\\\qs2hi58k.default\\\\YourGSearchFinder_br\"]}"
[-] Chrome preferences reset"extensions.toolbar.mindspark.hp.enabled" -  true
[-] Chrome preferences reset"extensions.toolbar.mindspark.hp.enabled.guid" -  "yourGSearchfinder@GSearch.com"
[-] Chrome preferences reset"extensions.toolbar.mindspark.lastInstalled" -  "yourGSearchfinder@GSearch.com"
[-] Chrome preferences reset"keyword.URL" -  "hxxp://www.yessearches.com/chrome.php?uid=D929FDE831EA126CD2811E9EE697D39B&ptid=sto&ts=AHEqAn8kB34qA0..&v=20160513&mode=ffexttoolbar&q="
[-] [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Excluídobr.ask.com
[-] [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Excluídomystartsearch
[-] [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Excluídostart.iminent.com
[-] [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Excluídohxxp://www.mystartsearch.com/?type=hppp&ts=1428550108&from=tt4u&uid=WDCXWD5000LPVX-80V0TT0_WD-WX71EB36655666556
[-] [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídochfdnecihphmhljaaejmgoiahnihplgn
[-] [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Excluídobr.ask.com


*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4278 *Bytes] - [14/10/2015 15:59:31]
C:\AdwCleaner\AdwCleaner[C2].txt - [15200 *Bytes] - [28/10/2016 12:38:58]
C:\AdwCleaner\AdwCleaner[R0].txt - [5589 *Bytes] - [13/10/2014 12:04:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [4867 *Bytes] - [13/10/2014 12:15:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [4116 *Bytes] - [14/10/2015 15:53:48]
C:\AdwCleaner\AdwCleaner[S2].txt - [16760 *Bytes] - [28/10/2016 12:18:18]
C:\AdwCleaner\AdwCleaner[S3].txt - [15811 *Bytes] - [28/10/2016 12:32:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [15647 *Bytes] ##########
 

adicionado 0 minutos depois

# AdwCleaner v6.030 - Relatório criado 28/10/2016 às 12:18:18
# *Updated on 19/10/2016 by Malwarebytes
# Banco de dados : 2016-10-28.1 [Servidor]
# Sistema operacional : Windows 8 Single Language  (X64)
# Usuário : Mozart - MOZART
# Executando de : C:\Users\Mozart\Downloads\AdwCleaner.exe
# *Mode: Scan
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

Serviço vToolbarUpdater40.3.2
Serviço WtuSystemSupport
Serviço SpyHunter 4 Service


***** [ Pastas ] *****

Encontrado C:\ProgramData\3winp3
Encontrado C:\ProgramData\Avg_Update_0116tb
Encontrado C:\ProgramData\Avg_Update_0316tb
Encontrado C:\ProgramData\jwinpj
Encontrado C:\Users\Mozart\AppData\Local\slimware utilities inc
Encontrado C:\Users\Mozart\AppData\Local\avg web tuneup
Encontrado C:\Users\Mozart\AppData\Local\Downloaded Installers
Encontrado C:\Users\Mozart\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
Encontrado C:\Users\Mozart\AppData\Local\SlimWare Utilities Inc
Encontrado C:\Users\Mozart\AppData\Roaming\eCyber
Encontrado C:\Users\Mozart\AppData\Roaming\ProgSense
Encontrado C:\Users\Mozart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\spyhunter
Encontrado C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\YourGSearchFinder_br
Encontrado C:\Program Files\Common Files\AVG Secure Search
Encontrado C:\sh4ldr
Encontrado C:\ProgramData\AVG Secure Search
Encontrado C:\ProgramData\SecTaskMan
Encontrado C:\ProgramData\avg web tuneup
Encontrado C:\ProgramData\SlimWare Utilities, Inc
Encontrado C:\ProgramData\Application Data\AVG Secure Search
Encontrado C:\ProgramData\Application Data\SecTaskMan
Encontrado C:\ProgramData\Application Data\avg web tuneup
Encontrado C:\ProgramData\Application Data\SlimWare Utilities, Inc
Encontrado C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
Encontrado C:\Program Files (x86)\orbitdownloader
Encontrado C:\Program Files (x86)\avg web tuneup
Encontrado C:\Program Files (x86)\QQBrowser
Encontrado C:\Program Files (x86)\SlimDrivers
Encontrado C:\Program Files (x86)\Common Files\AVG Secure Search
Encontrado C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
Encontrado C:\Users\Mozart\AppData\Roaming\Profiles\yzzfdyu4.default
Encontrado C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Arquivos ] *****

Encontrado C:\Users\Mozart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
Encontrado C:\Users\Mozart\Desktop\SpyHunter.lnk
Encontrado C:\WINDOWS\SysNative\drivers\netfilter2.sys
Encontrado C:\spyhunter.fix
Encontrado C:\Users\Public\Desktop\SlimDrivers.lnk
Encontrado C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage


***** [ DLL ] *****

*No malicious DLLs found.


***** [ WMI ] *****

*No malicious keys found.


***** [ Atalhos ] *****

Procurando por atalhos infectados ...


***** [ Tarefas agendadas ] *****

Encontrado Browser Updater Task(Core)
Encontrado SlimDrivers Startup
Encontrado AVGPCTuneUp_Task_BkGndMaintenance


***** [ Registro ] *****

Encontrado HKLM\SOFTWARE\Classes\WinZippers.001
Encontrado HKLM\SOFTWARE\Classes\WinZippers.7z
Encontrado HKLM\SOFTWARE\Classes\WinZippers.arj
Encontrado HKLM\SOFTWARE\Classes\WinZippers.bz2
Encontrado HKLM\SOFTWARE\Classes\WinZippers.bzip2
Encontrado HKLM\SOFTWARE\Classes\WinZippers.cab
Encontrado HKLM\SOFTWARE\Classes\WinZippers.cpio
Encontrado HKLM\SOFTWARE\Classes\WinZippers.deb
Encontrado HKLM\SOFTWARE\Classes\WinZippers.dmg
Encontrado HKLM\SOFTWARE\Classes\WinZippers.fat
Encontrado HKLM\SOFTWARE\Classes\WinZippers.gz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.gzip
Encontrado HKLM\SOFTWARE\Classes\WinZippers.hfs
Encontrado HKLM\SOFTWARE\Classes\WinZippers.iso
Encontrado HKLM\SOFTWARE\Classes\WinZippers.lha
Encontrado HKLM\SOFTWARE\Classes\WinZippers.lzh
Encontrado HKLM\SOFTWARE\Classes\WinZippers.lzma
Encontrado HKLM\SOFTWARE\Classes\WinZippers.ntfs
Encontrado HKLM\SOFTWARE\Classes\WinZippers.rar
Encontrado HKLM\SOFTWARE\Classes\WinZippers.rpm
Encontrado HKLM\SOFTWARE\Classes\WinZippers.squashfs
Encontrado HKLM\SOFTWARE\Classes\WinZippers.swm
Encontrado HKLM\SOFTWARE\Classes\WinZippers.tar
Encontrado HKLM\SOFTWARE\Classes\WinZippers.taz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.tbz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.tbz2
Encontrado HKLM\SOFTWARE\Classes\WinZippers.tgz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.tpz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.txz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.vhd
Encontrado HKLM\SOFTWARE\Classes\WinZippers.wim
Encontrado HKLM\SOFTWARE\Classes\WinZippers.xar
Encontrado HKLM\SOFTWARE\Classes\WinZippers.xz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.z
Encontrado HKLM\SOFTWARE\Classes\WinZippers.zip
Encontrado HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
Encontrado [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
Encontrado HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\mailUpdate
Encontrado [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\mailUpdate
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Encontrado HKLM\SOFTWARE\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
Encontrado HKLM\SOFTWARE\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Encontrado HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Encontrado HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Encontrado HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Encontrado HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Encontrado HKLM\SOFTWARE\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
Encontrado HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Encontrado HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Encontrado HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Encontrado HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Encontrado HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Encontrado HKU\S-1-5-21-3707292403-3116427347-3285291159-1001\Software\Orbit
Encontrado HKU\S-1-5-21-3707292403-3116427347-3285291159-1001\Software\ProgSense
Encontrado HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Encontrado HKCU\Software\Orbit
Encontrado HKCU\Software\ProgSense
Encontrado HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Encontrado HKLM\SOFTWARE\Orbit
Encontrado HKLM\SOFTWARE\SlimWare Utilities Inc
Encontrado HKLM\SOFTWARE\AVG Tuneup
Encontrado HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Encontrado HKLM\SOFTWARE\WinZiper
Encontrado HKLM\SOFTWARE\EnigmaSoftwareGroup
Encontrado HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Encontrado HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}
Encontrado [x64] HKCU\Software\Orbit
Encontrado [x64] HKCU\Software\ProgSense
Encontrado [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Encontrado [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C2A08C5-FE74-412B-9160-B008E6D3A4C1}
Encontrado [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7BD8146798CEA704D860BE01414B8E51
Valor [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [3D BubbleSound]
Valor HKU\S-1-5-21-3707292403-3116427347-3285291159-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Gameo]
Valor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Valor [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
Encontrado HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Encontrado HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Encontrado HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Encontrado HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Encontrado HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Encontrado HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin


***** [ Navegadores ] *****

Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.newtab.url" -  "hxxp://www.yessearches.com/?ts=AHEqAn8kB34qA0..&v=20160513&uid=D929FDE831EA126CD2811E9EE697D39B&ptid=sto&
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.defaultenginename" -  "yessearches"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.defaultenginename.US" -  "data:text/plain,browser.search.defaultenginename.US=yessearches"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.searchengine.hp" -  "hxxp://www.yessearches.com/?ts=AHEqAn8kB34qA0..&v=20160513&uid=D929FDE831EA126CD2811E9EE697D3
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.searchengine.sp" -  "hxxp://www.yessearches.com/chrome.php?mode=ffsengext&ptid=sto&q={searchTerms}&ts=AHEqAn8kB34q
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.searchengine.url" -  "hxxp://www.yessearches.com/chrome.php?mode=ffsengext&ptid=sto&q={searchTerms}&ts=AHEqAn8kB34
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.selectedEngine" -  "yessearches"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.mywebsearch.prevKwdEnabled" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE" -  "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.browser.version.last" -  "42.0"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.firstKnownVersion" -  "7.38.8.45986"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.homepage" -  "/index.jhtml?n=782a80d6"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.hp.enabled" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.hp.guardType" -  "HPR"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.initialized" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.installation.installDate" -  "2016051414"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.installation.success" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.lastActivePing" -  "1463720684229"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.lastKnownVersion" -  "7.38.8.45986"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.lssState" -  "{\"previousLocales\":[\"pt-BR\",\"pt\",\"en-US\",\"en\"],\"supportedLocale
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.options.defaultSearch" -  false
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.options.homePageEnabled" -  false
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.options.keywordEnabled" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.options.tabEnabled" -  false
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language" -  "en"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type" -  "Toolbar"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.successUrl" -  "hxxp://www.yessearches.com/chrome.php?uid=D929FDE831EA126CD2811E9EE697D3
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.toolbarCollapsed" -  false
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.uninstallTasks" -  "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark.hp.enabled" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark.hp.enabled.guid" -  "yourGSearchfinder@GSearch.com"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark.lastInstalled" -  "yourGSearchfinder@GSearch.com"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "keyword.URL" -  "hxxp://www.yessearches.com/chrome.php?uid=D929FDE831EA126CD2811E9EE697D39B&ptid=sto&ts=AHEqAn8kB34qA0..&v=201605
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Web data] - br.ask.com
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Web data] - mystartsearch
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Web data] - start.iminent.com
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mystartsearch.com/?type=hppp&ts=1428550108&from=tt4u&uid=WDCXWD5000LPVX-80V0TT0_WD-WX71EB36655666556
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - chfdnecihphmhljaaejmgoiahnihplgn
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - br.ask.com

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4278 *Bytes] - [14/10/2015 15:59:31]
C:\AdwCleaner\AdwCleaner[R0].txt - [5589 *Bytes] - [13/10/2014 12:04:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [4867 *Bytes] - [13/10/2014 12:15:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [4116 *Bytes] - [14/10/2015 15:53:48]
C:\AdwCleaner\AdwCleaner[S2].txt - [16544 *Bytes] - [28/10/2016 12:18:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [16619 *Bytes] ##########
 

adicionado 1 minuto depois

# AdwCleaner v6.030 - Relatório criado 28/10/2016 às 12:32:27
# *Updated on 19/10/2016 by Malwarebytes
# Banco de dados : 2016-10-28.1 [Servidor]
# Sistema operacional : Windows 8 Single Language  (X64)
# Usuário : Mozart - MOZART
# Executando de : C:\Users\Mozart\Downloads\AdwCleaner.exe
# *Mode: Scan
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

Serviço SpyHunter 4 Service


***** [ Pastas ] *****

Encontrado C:\ProgramData\SecTaskMan
Encontrado C:\ProgramData\avg web tuneup
Encontrado C:\ProgramData\SlimWare Utilities, Inc
Encontrado C:\ProgramData\Application Data\SecTaskMan
Encontrado C:\ProgramData\Application Data\avg web tuneup
Encontrado C:\ProgramData\Application Data\SlimWare Utilities, Inc
Encontrado C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
Encontrado C:\Program Files (x86)\orbitdownloader
Encontrado C:\Program Files (x86)\avg web tuneup
Encontrado C:\Program Files (x86)\QQBrowser
Encontrado C:\Program Files (x86)\SlimDrivers
Encontrado C:\Program Files (x86)\Common Files\AVG Secure Search
Encontrado C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
Encontrado C:\Users\Mozart\AppData\Roaming\Profiles\yzzfdyu4.default
Encontrado C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Arquivos ] *****

Encontrado C:\Users\Mozart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
Encontrado C:\Users\Mozart\Desktop\SpyHunter.lnk
Encontrado C:\WINDOWS\SysNative\drivers\netfilter2.sys
Encontrado C:\spyhunter.fix
Encontrado C:\Users\Public\Desktop\SlimDrivers.lnk
Encontrado C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage


***** [ DLL ] *****

*No malicious DLLs found.


***** [ WMI ] *****

*No malicious keys found.


***** [ Atalhos ] *****

Procurando por atalhos infectados ...


***** [ Tarefas agendadas ] *****

Encontrado Browser Updater Task(Core)
Encontrado SlimDrivers Startup
Encontrado AVGPCTuneUp_Task_BkGndMaintenance


***** [ Registro ] *****

Encontrado HKLM\SOFTWARE\Classes\WinZippers.001
Encontrado HKLM\SOFTWARE\Classes\WinZippers.7z
Encontrado HKLM\SOFTWARE\Classes\WinZippers.arj
Encontrado HKLM\SOFTWARE\Classes\WinZippers.bz2
Encontrado HKLM\SOFTWARE\Classes\WinZippers.bzip2
Encontrado HKLM\SOFTWARE\Classes\WinZippers.cab
Encontrado HKLM\SOFTWARE\Classes\WinZippers.cpio
Encontrado HKLM\SOFTWARE\Classes\WinZippers.deb
Encontrado HKLM\SOFTWARE\Classes\WinZippers.dmg
Encontrado HKLM\SOFTWARE\Classes\WinZippers.fat
Encontrado HKLM\SOFTWARE\Classes\WinZippers.gz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.gzip
Encontrado HKLM\SOFTWARE\Classes\WinZippers.hfs
Encontrado HKLM\SOFTWARE\Classes\WinZippers.iso
Encontrado HKLM\SOFTWARE\Classes\WinZippers.lha
Encontrado HKLM\SOFTWARE\Classes\WinZippers.lzh
Encontrado HKLM\SOFTWARE\Classes\WinZippers.lzma
Encontrado HKLM\SOFTWARE\Classes\WinZippers.ntfs
Encontrado HKLM\SOFTWARE\Classes\WinZippers.rar
Encontrado HKLM\SOFTWARE\Classes\WinZippers.rpm
Encontrado HKLM\SOFTWARE\Classes\WinZippers.squashfs
Encontrado HKLM\SOFTWARE\Classes\WinZippers.swm
Encontrado HKLM\SOFTWARE\Classes\WinZippers.tar
Encontrado HKLM\SOFTWARE\Classes\WinZippers.taz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.tbz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.tbz2
Encontrado HKLM\SOFTWARE\Classes\WinZippers.tgz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.tpz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.txz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.vhd
Encontrado HKLM\SOFTWARE\Classes\WinZippers.wim
Encontrado HKLM\SOFTWARE\Classes\WinZippers.xar
Encontrado HKLM\SOFTWARE\Classes\WinZippers.xz
Encontrado HKLM\SOFTWARE\Classes\WinZippers.z
Encontrado HKLM\SOFTWARE\Classes\WinZippers.zip
Encontrado HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
Encontrado [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
Encontrado HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\mailUpdate
Encontrado [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\mailUpdate
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Encontrado HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Encontrado [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Encontrado HKLM\SOFTWARE\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
Encontrado HKLM\SOFTWARE\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Encontrado HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Encontrado HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Encontrado HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Encontrado HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Encontrado HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Encontrado HKLM\SOFTWARE\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
Encontrado HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Encontrado HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Encontrado HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Encontrado HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Encontrado HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Encontrado HKU\S-1-5-21-3707292403-3116427347-3285291159-1001\Software\Orbit
Encontrado HKU\S-1-5-21-3707292403-3116427347-3285291159-1001\Software\ProgSense
Encontrado HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Encontrado HKCU\Software\Orbit
Encontrado HKCU\Software\ProgSense
Encontrado HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Encontrado HKLM\SOFTWARE\Orbit
Encontrado HKLM\SOFTWARE\SlimWare Utilities Inc
Encontrado HKLM\SOFTWARE\AVG Tuneup
Encontrado HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Encontrado HKLM\SOFTWARE\WinZiper
Encontrado HKLM\SOFTWARE\EnigmaSoftwareGroup
Encontrado HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Encontrado HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}
Encontrado [x64] HKCU\Software\Orbit
Encontrado [x64] HKCU\Software\ProgSense
Encontrado [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Encontrado [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C2A08C5-FE74-412B-9160-B008E6D3A4C1}
Encontrado [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7BD8146798CEA704D860BE01414B8E51
Valor [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [3D BubbleSound]
Valor HKU\S-1-5-21-3707292403-3116427347-3285291159-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Gameo]
Valor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Valor [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
Encontrado HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Encontrado HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Encontrado HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Encontrado HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Encontrado HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Encontrado HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin


***** [ Navegadores ] *****

Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.newtab.url" -  "hxxp://www.yessearches.com/?ts=AHEqAn8kB34qA0..&v=20160513&uid=D929FDE831EA126CD2811E9EE697D39B&ptid=sto&
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.defaultenginename" -  "yessearches"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.defaultenginename.US" -  "data:text/plain,browser.search.defaultenginename.US=yessearches"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.searchengine.hp" -  "hxxp://www.yessearches.com/?ts=AHEqAn8kB34qA0..&v=20160513&uid=D929FDE831EA126CD2811E9EE697D3
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.searchengine.sp" -  "hxxp://www.yessearches.com/chrome.php?mode=ffsengext&ptid=sto&q={searchTerms}&ts=AHEqAn8kB34q
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.searchengine.url" -  "hxxp://www.yessearches.com/chrome.php?mode=ffsengext&ptid=sto&q={searchTerms}&ts=AHEqAn8kB34
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "browser.search.selectedEngine" -  "yessearches"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.mywebsearch.prevKwdEnabled" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE" -  "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.browser.version.last" -  "42.0"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.firstKnownVersion" -  "7.38.8.45986"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.homepage" -  "/index.jhtml?n=782a80d6"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.hp.enabled" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.hp.guardType" -  "HPR"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.initialized" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.installation.installDate" -  "2016051414"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.installation.success" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.lastActivePing" -  "1463720684229"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.lastKnownVersion" -  "7.38.8.45986"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.lssState" -  "{\"previousLocales\":[\"pt-BR\",\"pt\",\"en-US\",\"en\"],\"supportedLocale
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.options.defaultSearch" -  false
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.options.homePageEnabled" -  false
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.options.keywordEnabled" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.options.tabEnabled" -  false
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language" -  "en"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type" -  "Toolbar"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.successUrl" -  "hxxp://www.yessearches.com/chrome.php?uid=D929FDE831EA126CD2811E9EE697D3
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.toolbarCollapsed" -  false
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark._brMembers_.uninstallTasks" -  "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark.hp.enabled" -  true
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark.hp.enabled.guid" -  "yourGSearchfinder@GSearch.com"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "extensions.toolbar.mindspark.lastInstalled" -  "yourGSearchfinder@GSearch.com"
Encontrado [C:\Users\Mozart\AppData\Roaming\Profiles\qs2hi58k.default\prefs.js] - "keyword.URL" -  "hxxp://www.yessearches.com/chrome.php?uid=D929FDE831EA126CD2811E9EE697D39B&ptid=sto&ts=AHEqAn8kB34qA0..&v=201605
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Web data] - br.ask.com
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Web data] - mystartsearch
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Web data] - start.iminent.com
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.mystartsearch.com/?type=hppp&ts=1428550108&from=tt4u&uid=WDCXWD5000LPVX-80V0TT0_WD-WX71EB36655666556
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - chfdnecihphmhljaaejmgoiahnihplgn
*Chromium pref Found: [C:\Users\Mozart\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] - br.ask.com

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4278 *Bytes] - [14/10/2015 15:59:31]
C:\AdwCleaner\AdwCleaner[R0].txt - [5589 *Bytes] - [13/10/2014 12:04:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [4867 *Bytes] - [13/10/2014 12:15:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [4116 *Bytes] - [14/10/2015 15:53:48]
C:\AdwCleaner\AdwCleaner[S2].txt - [16760 *Bytes] - [28/10/2016 12:18:18]
C:\AdwCleaner\AdwCleaner[S3].txt - [15595 *Bytes] - [28/10/2016 12:32:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [15670 *Bytes] ##########
 

adicionado 1 minuto depois

# AdwCleaner v6.030 - Relatório criado 28/10/2016 às 14:06:45
# *Updated on 19/10/2016 by Malwarebytes
# Banco de dados : 2016-10-28.1 [Servidor]
# Sistema operacional : Windows 8 Single Language  (X64)
# Usuário : Mozart - MOZART
# Executando de : C:\Users\Mozart.MOZART\Downloads\adwcleaner_6.030.exe
# *Mode: Scan
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

*No malicious services found.


***** [ Pastas ] *****

*No malicious folders found.


***** [ Arquivos ] *****

*No malicious files found.


***** [ DLL ] *****

*No malicious DLLs found.


***** [ WMI ] *****

*No malicious keys found.


***** [ Atalhos ] *****

Procurando por atalhos infectados ...


***** [ Tarefas agendadas ] *****

*No malicious task found.


***** [ Registro ] *****

Procurando por itens do registro 


***** [ Navegadores ] *****

Procurando por itens do registro 
Procurando por itens do registro 

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4278 *Bytes] - [14/10/2015 15:59:31]
C:\AdwCleaner\AdwCleaner[C2].txt - [15788 *Bytes] - [28/10/2016 12:38:58]
C:\AdwCleaner\AdwCleaner[R0].txt - [5589 *Bytes] - [13/10/2014 12:04:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [4867 *Bytes] - [13/10/2014 12:15:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [4116 *Bytes] - [14/10/2015 15:53:48]
C:\AdwCleaner\AdwCleaner[S2].txt - [16760 *Bytes] - [28/10/2016 12:18:18]
C:\AdwCleaner\AdwCleaner[S3].txt - [15811 *Bytes] - [28/10/2016 12:32:27]
C:\AdwCleaner\AdwCleaner[S4].txt - [1531 *Bytes] - [28/10/2016 14:06:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1605 *Bytes] ##########
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

E como está sua tela de logon, voce não tem a opção de entrar no usuário Mozart?

Outra solução é criar um novo usuário, entrar por ele e ir em C:\Users e copiar seus arquivos do antigo usuário Mozart.

Depois voce pode deletar os outros usuários.

 

Use o cmd para criar um usuário do tipo Admininstrador:

net user usuario senha /add

net localgroup administradores usuario /add

Editado por Fernando Apratto

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Crie uma nova conta em nossa comunidade. É fácil!

Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.

Entrar agora





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×