Baixando uma template corri o risco e me ferrei. PC ficou cheio de zigzira. Passei o adwcleaner...

Zoek.exe v5.0.0.0 Updated 18-01-2015

Tool run by priscila on 26/01/2015 at 19:15:30,21.

Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\priscila\Desktop\SEGURANÇA EM GERAL\zoek.exe [Scan all users] [Script inserted]



==== Older Logs ======================



C:\zoek-results2015-01-26-211324.log   433 bytes



==== System Restore Info ======================



26/01/2015 19:16:13 Zoek.exe System Restore Point Created Succesfully.



==== Reset Hosts File ======================



# Copyright (c) 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

#  102.54.94.97  rhino.acme.com  # source server

#  38.25.63.10  x.acme.com  # x client host

# localhost name resolution is handle within DNS itself.

127.0.0.1  localhost

::1  localhost



==== Empty Folders Check ======================



C:\PROGRA~2\LG Electronics deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\Nova pasta deleted successfully

C:\PROGRA~2\RBM deleted successfully

C:\PROGRA~3\ALM deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\priscila\AppData\Roaming\Media Player Classic deleted successfully

C:\Users\priscila\AppData\Roaming\Nero deleted successfully

C:\Users\priscila\AppData\Roaming\Positivo deleted successfully

C:\Users\priscila\AppData\Roaming\uTorrent deleted successfully

C:\Users\priscila\AppData\Local\CrashDumps deleted successfully

C:\Users\priscila\AppData\Local\Jaksta_Technologies_Pty_L deleted successfully

C:\Users\priscila\AppData\Local\LG Electronics deleted successfully

C:\Users\priscila\AppData\Local\Nero deleted successfully

C:\Users\priscila\AppData\Local\Unity deleted successfully

C:\Users\priscila\AppData\Local\VirtualStore deleted successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully

Zoek.exe v5.0.0.0 Updated 18-01-2015

Tool run by priscila on 26/01/2015 at 19:15:30,21.

Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\priscila\Desktop\SEGURANÇA EM GERAL\zoek.exe [Scan all users] [Script inserted]



===== Runcheck 19:15:53,21 =====



--- Create Environment Variables 19:15:54,92

--- Create System Restore Point 19:16:03,79

--- Checking Input 19:16:17,55

--- Reset Hosts File 19:16:26,05

--- AU AppData Check 19:16:31,08

--- Remove From Windows Installer 19:16:36,82

--- Empty Folders Check 19:18:21,52

--- Registry HKLM Software Check 19:18:21,54

--- Quick Launch Shortcut Check 19:18:37,82

--- IE Startpage Check 19:18:49,35

--- Program Files DB Check 19:19:36,04

--- C:\Users\Default\AppData\Roaming DB Check 19:20:16,53

--- C:\Users\Default User\AppData\Roaming DB Check 19:20:16,53

--- C:\Users\priscila\AppData\Roaming DB Check 19:20:16,53

--- C:\Users\UpdatusUser\AppData\Roaming DB Check 19:20:16,53

--- C:\Users\USURIO~1\AppData\Roaming DB Check 19:20:16,53

--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 19:20:16,53

--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 19:20:16,53

--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 19:20:16,53

--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 19:20:16,53

--- C:\Users\priscila DB Check 19:22:45,65

--- C:\PROGRA~3 DB Check 19:23:03,17

--- C:\Users\Default\AppData\Local DB Check 19:23:09,19

--- C:\Users\Default User\AppData\Local DB Check 19:23:09,19

--- C:\Users\priscila\AppData\Local DB Check 19:23:09,19

--- C:\Users\UpdatusUser\AppData\Local DB Check 19:23:09,19

--- C:\Users\USURIO~1\AppData\Local DB Check 19:23:09,19

--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 19:23:09,19

--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 19:23:09,19

--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 19:23:09,19

--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 19:23:09,19

--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 19:24:51,83

--- C:\Users\priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 19:25:00,20

--- Tasks DB Check 19:25:05,75

--- Downloads DB Check 19:25:09,33

--- C:\Users\priscila\AppData\LocalLow DB Check 19:25:13,58

--- C:\Users\UpdatusUser\AppData\LocalLow DB Check 19:25:13,58

--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 19:25:13,58

--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 19:25:13,58

--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 19:25:13,58

--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 19:25:13,58

--- Tasks2 DB Check 19:26:12,22

--- Documents DB Check 19:26:37,10

--- C:\Users\priscila\AppData\Roaming\Mozilla\Firefox\Profiles\bw2xatml.default-1412626067907 DB Check 19:26:44,26

--- C:\Users\priscila\AppData\Roaming\Thunderbird\Profiles\cmt5753v.default DB Check 19:26:44,26

--- C:\Users\priscila\AppData\Roaming\Mozilla\Firefox\Profiles\qj0rjrl1.default-1407790737266 DB Check 19:26:44,26

--- C:\Users\Public\Desktop DB Check 19:26:50,70

--- C:\Users\priscila\Desktop DB Check 19:26:55,09

--- Services DB Check 19:27:05,50

--- FF prefs.js DB Check 19:27:37,02

--- Del by CLSID 19:29:37,37

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:55:36, on 09/03/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17631)

Boot mode: Normal



Running processes:

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\SysWOW64\notepad.exe

C:\Users\priscila\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\S8\smservice.exe

C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\priscila\Desktop\SEGURANÇA EM GERAL\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin-0.98.64.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ASM] "C:\Program Files (x86)\S8\smservice.exe"

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKCU\..\Run: [MP3 Skype recorder] C:\Users\priscila\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\priscila\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Google+ Auto Backup] "C:\Users\priscila\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-610328257-1374469440-1024260257-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-610328257-1374469440-1024260257-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"<a href="http://go.microsoft.com/fwlink/?LinkID=122915" target="_blank">http://go.microsoft.com/fwlink/?LinkID=122915</a>" /build:7601 (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"<a href="http://go.microsoft.com/fwlink/?LinkID=122915" target="_blank">http://go.microsoft.com/fwlink/?LinkID=122915</a>" /build:7601 (User 'Default user')

O4 - Startup: Dropbox.lnk = C:\Users\priscila\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe

O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: LastPass - file://C:\Users\priscila\AppData\LocalLow\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Users\priscila\AppData\LocalLow\LastPass\context.html?cmd=fillforms

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: <a href="'http://www.bancobrasil.com.br'" target="_blank">www.bancobrasil.com.br</a>

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: <a href="'http://www.bb.com.br'" target="_blank">www.bb.com.br</a>

O15 - Trusted Zone: <a href="http://www.bb.com.br" target="_blank">http://www.bb.com.br</a>

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apache2.4 - Unknown owner - C:\program files (x86)\xampp\apache\bin\httpd.exe (file missing)

O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Scroll Up Key (bucywito) - Unknown owner - C:\Users\priscila\AppData\Roaming\03000200-1425759327-0500-0006-000700080009\nseBE8B.tmp (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Sign In Command (giqynide) - Unknown owner - C:\Users\priscila\AppData\Roaming\03000200-1425759327-0500-0006-000700080009\jnsr7CB4.tmp (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)



--

End of file - 15054 bytes

# AdwCleaner v4.112 - Logfile created 09/03/2015 at 17:47:29

# Updated 09/03/2015 by Xplode

# Database : 2015-03-05.1 [Server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x64)

# Username : priscila - PRISCILA-PC

# Running from : C:\Users\priscila\Desktop\SEGURANÇA EM GERAL\AdwCleaner.exe

# Option : Cleaning



***** [ Services ] *****





***** [ Files / Folders ] *****





***** [ Scheduled tasks ] *****





***** [ Shortcuts ] *****





***** [ Registry ] *****



Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage



***** [ Web browsers ] *****



-\\ Internet Explorer v11.0.9600.17631





-\\ Mozilla Firefox v36.0.1 (x86 pt-BR)





-\\ Google Chrome v





-\\ Opera v27.0.1689.76





*************************



AdwCleaner[R1].txt - [1312 bytes] - [30/06/2014 13:12:22]

AdwCleaner[R2].txt - [1302 bytes] - [08/09/2014 10:28:51]

AdwCleaner[R3].txt - [4147 bytes] - [25/10/2014 23:56:24]

AdwCleaner[R4].txt - [3492 bytes] - [18/11/2014 00:23:55]

AdwCleaner[R5].txt - [12520 bytes] - [26/01/2015 09:31:13]

AdwCleaner[R6].txt - [12700 bytes] - [26/01/2015 10:03:59]

AdwCleaner[R7].txt - [8335 bytes] - [07/03/2015 18:03:58]

AdwCleaner[R8].txt - [1764 bytes] - [07/03/2015 23:46:29]

AdwCleaner[R9].txt - [1740 bytes] - [09/03/2015 17:40:31]

AdwCleaner[S1].txt - [1244 bytes] - [30/06/2014 13:23:38]

AdwCleaner[S2].txt - [1238 bytes] - [08/09/2014 10:31:26]

AdwCleaner[S3].txt - [3715 bytes] - [26/10/2014 00:09:17]

AdwCleaner[S4].txt - [3493 bytes] - [18/11/2014 00:25:43]

AdwCleaner[S5].txt - [11796 bytes] - [26/01/2015 11:02:23]

AdwCleaner[S6].txt - [8749 bytes] - [07/03/2015 18:33:48]

AdwCleaner[S7].txt - [1669 bytes] - [09/03/2015 17:47:29]



########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1728  bytes] ##########



_______________________________________________________________-

# AdwCleaner v4.111 - Logfile created 07/03/2015 at 18:33:48

# Updated 18/02/2015 by Xplode

# Database : 2015-03-05.1 [Server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x64)

# Username : priscila - PRISCILA-PC

# Running from : C:\Users\priscila\Downloads\adwcleaner_4.111.exe

# Option : Cleaning



***** [ Services ] *****



Service Deleted : WindowsMangerProtect

Service Deleted : IHProtect Service

[#] Service Deleted : cherimoya

[#] Service Deleted : Update Box Rock

Service Deleted : {cd4fba44-294f-4286-a789-c92e74ff113b}Gw64



***** [ Files / Folders ] *****



Folder Deleted : C:\ProgramData\WindowsMangerProtect

Folder Deleted : C:\ProgramData\PicColor Utility

Folder Deleted : C:\ProgramData\IHProtectUpDate

Folder Deleted : C:\Program Files (x86)\predm

Folder Deleted : C:\Program Files (x86)\LuckyTab

Folder Deleted : C:\Program Files (x86)\Box Rock

Folder Deleted : C:\Program Files (x86)\XTab

Folder Deleted : C:\Program Files (x86)\GU Player

Folder Deleted : C:\Users\priscila\AppData\Local\Temp\Video Converter

Folder Deleted : C:\Users\priscila\AppData\Local\Temp\Box Rock

Folder Deleted : C:\Program Files\shopperz

Folder Deleted : C:\Users\priscila\AppData\Local\VideoConverter

Folder Deleted : C:\Users\priscila\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab

Folder Deleted : C:\Users\priscila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GU Player

File Deleted : C:\Windows\System32\drivers\{cd4fba44-294f-4286-a789-c92e74ff113b}Gw64.sys

File Deleted : C:\Users\priscila\Desktop\Continue Live Installation.lnk

File Deleted : C:\Users\priscila\Desktop\Continue Mybest Offerstoday Uninstaller.lnk

File Deleted : C:\Users\priscila\AppData\Roaming\Mozilla\Firefox\Profiles\bw2xatml.default-1412626067907\user.js

File Deleted : C:\Users\priscila\AppData\Roaming\Mozilla\Firefox\Profiles\qj0rjrl1.default-1407790737266\user.js

File Deleted : C:\Users\priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_<a href="'http://www.mystartsearch.com_0.localstorage'" target="_blank">www.mystartsearch.com_0.localstorage</a>

File Deleted : C:\Users\priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_<a href="'http://www.mystartsearch.com_0.localstorage-journal'" target="_blank">www.mystartsearch.com_0.localstorage-journal</a>



***** [ Scheduled tasks ] *****



Task Deleted : LuckyTab



***** [ Shortcuts ] *****





***** [ Registry ] *****



Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[EMAIL]fftoolbar2014@etech.com[/EMAIL]]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[EMAIL]searchengine@gmail.com[/EMAIL]]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[EMAIL]istart_ffnt@gmail.com[/EMAIL]]

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Key Deleted : HKCU\Software\Mozilla\Extends

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]

Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep

Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\HomeTab

Key Deleted : HKCU\Software\simplytech

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKCU\Software\TNT2

Key Deleted : HKCU\Software\WajIntEnhance

Key Deleted : HKCU\Software\SearchProtectWS

Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Iminent

Key Deleted : HKLM\SOFTWARE\MyBestOffersToday

Key Deleted : HKLM\SOFTWARE\SearchProtect

Key Deleted : HKLM\SOFTWARE\SupDp

Key Deleted : HKLM\SOFTWARE\SupTab

Key Deleted : HKLM\SOFTWARE\Tutorials

Key Deleted : HKLM\SOFTWARE\YourFileDownloader

Key Deleted : HKLM\SOFTWARE\LuckyTab

Key Deleted : HKLM\SOFTWARE\IHProtect

Key Deleted : HKLM\SOFTWARE\WajIntEnhance

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local



***** [ Web browsers ] *****



-\\ Internet Explorer v11.0.9600.17631





-\\ Mozilla Firefox v36.0.1 (x86 pt-BR)



[bw2xatml.default-1412626067907\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html&quot;

[bw2xatml.default-1412626067907\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);

[bw2xatml.default-1412626067907\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);



-\\ Google Chrome v



[C:\Users\priscila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://<a href="'http://www.mystartsearch.com/web/?type=ds&ts=1422133054&from=wpc&uid=126614527_1052515_001E6CF2&q={searchTerms}'" target="_blank">www.mystartsearch.com/web/?type=ds&ts=1422133054&from=wpc&uid=126614527_1052515_001E6CF2&q={searchTerms}</a>

[C:\Users\priscila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://<a href="'http://www.mystartsearch.com/web/?type=ds&ts=1422133054&from=wpc&uid=126614527_1052515_001E6CF2&q={searchTerms}'" target="_blank">www.mystartsearch.com/web/?type=ds&ts=1422133054&from=wpc&uid=126614527_1052515_001E6CF2&q={searchTerms}</a>



-\\ Opera v27.0.1689.76



[C:\Users\priscila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://<a href="'http://www.mystartsearch.com/web/?type=ds&ts=1422133054&from=wpc&uid=126614527_1052515_001E6CF2&q={searchTerms}'" target="_blank">www.mystartsearch.com/web/?type=ds&ts=1422133054&from=wpc&uid=126614527_1052515_001E6CF2&q={searchTerms}</a>

[C:\Users\priscila\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://<a href="'http://www.mystartsearch.com/web/?type=ds&ts=1422133054&from=wpc&uid=126614527_1052515_001E6CF2&q={searchTerms}'" target="_blank">www.mystartsearch.com/web/?type=ds&ts=1422133054&from=wpc&uid=126614527_1052515_001E6CF2&q={searchTerms}</a>



*************************



AdwCleaner[R1].txt - [1312 bytes] - [30/06/2014 13:12:22]

AdwCleaner[R2].txt - [1302 bytes] - [08/09/2014 10:28:51]

AdwCleaner[R3].txt - [4147 bytes] - [25/10/2014 23:56:24]

AdwCleaner[R4].txt - [3492 bytes] - [18/11/2014 00:23:55]

AdwCleaner[R5].txt - [12520 bytes] - [26/01/2015 09:31:13]

AdwCleaner[R6].txt - [12700 bytes] - [26/01/2015 10:03:59]

AdwCleaner[R7].txt - [8335 bytes] - [07/03/2015 18:03:58]

AdwCleaner[S1].txt - [1244 bytes] - [30/06/2014 13:23:38]

AdwCleaner[S2].txt - [1238 bytes] - [08/09/2014 10:31:26]

AdwCleaner[S3].txt - [3715 bytes] - [26/10/2014 00:09:17]

AdwCleaner[S4].txt - [3493 bytes] - [18/11/2014 00:25:43]

AdwCleaner[S5].txt - [11796 bytes] - [26/01/2015 11:02:23]

AdwCleaner[S6].txt - [8582 bytes] - [07/03/2015 18:33:48]



########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [8641  bytes] ##########

~ ZHPCleaner v2015.3.10.116 by Nicolas Coolman (09/03/2015)

~ Run by priscila (Administrator)  (11/03/2015 00:31:04)

~ Forum : <a href="http://forum.nicolascoolman.fr" target="_blank">http://forum.nicolascoolman.fr</a>

~ Facebook : <a href="https://www.facebook.com/nicolascoolman1" target="_blank">https://www.facebook.com/nicolascoolman1</a>

~ State version : Version OK

~ Type : Repair

~ Report : C:\Users\priscila\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\priscila\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Deactivate

~ Boot Mode : Normal (Normal boot)

~ Windows 7, 64-bit Service Pack 1 (Build 7601)





---\\  Services (2)

DELETED : appliand (PUP.ApplianTechnologies)

DELETED : esgiguard (Crapware.SpyHunter)





---\\  Browser internet (6)

MOVED file: C:\Users\priscila\Desktop\GU Player.lnk  [Bad : C:\Program Files (x86)\GU Player\GuPlayer.exe] (PUP.GUPlayer)

MOVED file: C:\Users\priscila\AppData\Roaming\Microsoft\Windows\SendTo\AnySend.lnk  [Bad : C:\Program Files (x86)\AnySend\AnySendUI.exe] (PUP.ASPackage)

REPLACED TaskBar: C:\Users\priscila\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk  [Bad : <a href="http://www.luckysearches.com/?type=sc&ts=1425759127&from=exp&uid=126614527_1052515_001E6CF2]" target="_blank">http://www.luckysearches.com/?type=sc&ts=1425759127&from=exp&uid=126614527_1052515_001E6CF2]</a> (Hijacker.Browser)

REPLACED TaskBar: C:\Users\priscila\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk  [Bad : <a href="http://www.luckysearches.com/?type=sc&ts=1425759127&from=exp&uid=126614527_1052515_001E6CF2]" target="_blank">http://www.luckysearches.com/?type=sc&ts=1425759127&from=exp&uid=126614527_1052515_001E6CF2]</a> (Hijacker.Browser)

REPLACED TaskBar: C:\Users\priscila\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk  [Bad : <a href="http://www.luckysearches.com/?type=sc&ts=1425759127&from=exp&uid=126614527_1052515_001E6CF2]" target="_blank">http://www.luckysearches.com/?type=sc&ts=1425759127&from=exp&uid=126614527_1052515_001E6CF2]</a> (Hijacker.Browser)

REPLACED TaskBar: C:\Users\priscila\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk  [Bad : <a href="http://www.luckysearches.com/?type=sc&ts=1425759127&from=exp&uid=126614527_1052515_001E6CF2]" target="_blank">http://www.luckysearches.com/?type=sc&ts=1425759127&from=exp&uid=126614527_1052515_001E6CF2]</a> (Hijacker.Browser)





---\\  Hosts file (2)

REPLACED: 

Number of found redirections 1/22





---\\  Scheduled automatic tasks. (0)

~ No malicious items found.





---\\  Explorer ( File, Folder) (5)

MOVED file: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [Enigma Software Group USA, LLC. - Execution Guard] (Crapware.SpyHunter)

MOVED file: C:\Users\priscila\AppData\Roaming\inst.exe [ - ] (Adware.Pirrit)

MOVED file*: C:\Users\priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_<a href="'http://www.sweet-page.com_0.localstorage'" target="_blank">www.sweet-page.com_0.localstorage</a> [ - ] (PUP.SweetPage)

MOVED file*: C:\Users\priscila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_<a href="'http://www.sweet-page.com_0.localstorage-journal'" target="_blank">www.sweet-page.com_0.localstorage-journal</a> [ - ] (PUP.SweetPage)

MOVED file: C:\Windows\System32\Drivers\EsgScanner.sys [ - ] (PUP.EnigmaSoftware)





---\\  Registry ( Key, Value, Data) (13)

DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\appliand [ (Not File) ] (PUP.ApplianTechnologies)

DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\esgiguard [C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys] (Crapware.SpyHunter)

DELETED data: HKCR\jsfile\Shell\Open\Command\\Default [Bad : "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"]  (Broken.OpenCommand)

DELETED key*: HKLM\SOFTWARE\Wow6432Node\1cae9f87-5725-2325-d5a0-b0f7bb4bd0a0 [] (PUP.CrossRider)

DELETED key*: HKEY_USERS\S-1-5-21-610328257-1374469440-1024260257-1000\Software\Applian [] (PUP.ApplianTechnologies)

DELETED key*: HKEY_USERS\S-1-5-21-610328257-1374469440-1024260257-1000\Software\ApplianTechnologies [] (PUP.ApplianTechnologies)

DELETED key*: HKEY_USERS\S-1-5-21-610328257-1374469440-1024260257-1000\Software\Linkey [] (PUP.LinkeySearch)

DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey [] (PUP.LinkeySearch)

DELETED key*: [X64] HKLM\SOFTWARE\EnigmaSoftwareGroup [] (PUP.EnigmaSoftware)

DELETED key*: HKLM\SOFTWARE\Wow6432Node\Applian [] (PUP.ApplianTechnologies)

DELETED key*: HKLM\SOFTWARE\Wow6432Node\EnigmaSoftwareGroup [] (PUP.EnigmaSoftware)

DELETED key*: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GU Player [GU Player (remove only)] (PUP.GUPlayer)

DELETED key*: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Linkey [] (PUP.LinkeySearch)







---\\ Result of repair

~ Repair carried out successfully

~ Browser not found (Google Chrome)

~ Browser not found (Opera Software)





---\\ Statistics

~ Items scanned : 79089

~ Items found : 1

~ Items repaired : 15





End of clean at 00:41:05

===================

ZHPCleaner-[R]-11032015-00_41_05.txt