Remoção de malwrares - SRV

Boa tarde!

Estou com problemas para remover o SRV do PC...vi que já havia um tópico sobre este assunto por aqui, então segui todos os passos recomendados pelos colegas...entretanto, empaquei na parte que envolvia o uso do Zoek...isso porque eu teria que clicar com o botao direito do mouse no site e então, apareceria a msg "executar como administrador"....entretanto, ao proceder da maneira relatada, não aparece essa opção...o outro problema é que eu teria que colar um relatório na página do Zoek e tb não sei qual seria...

Enfim...passei o Bitdefender...passei o Malwarebytes...baixei o FRST...mas, até agora, o srv e os maldito pop-ups persistem rsss...alguém poderia me auxiliar?

Abs

Olá. Poste o log (relatório) do Malwarebytes e outros programas que você tenha usado aqui no seu tópico para podermos analisar.

Ok....este é o do Malwarebytes...mandei o txt em anexo tb, caso fique mais fácil de visualizar...

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Scan Date: 25/05/2014
Scan Time: 02:24:22
Logfile: relatorio.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.25.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: alexandree

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298418
Time Elapsed: 22 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.CouponDownloader.A, C:\Program Files\CouponDownloader\CouponDownloaderService64.exe, 2080, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6]

Modules: 0
(No malicious items detected)

Registry Keys: 42
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, No Action By User, [11843520ccaf73c34fe5194b10f2946c],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, No Action By User, [11843520ccaf73c34fe5194b10f2946c],
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, No Action By User, [276e60f58dee979f9da9b77448bacc34],
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, No Action By User, [276e60f58dee979f9da9b77448bacc34],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10AD2C61-0898-4348-8600-14A342F22AC3}, No Action By User, [276e60f58dee979f9da9b77448bacc34],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, No Action By User, [276e60f58dee979f9da9b77448bacc34],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}, No Action By User, [6c295df87803d264959edb8910f218e8],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, No Action By User, [6c295df87803d264959edb8910f218e8],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, No Action By User, [6c295df87803d264959edb8910f218e8],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc, No Action By User, [6c295df87803d264959edb8910f218e8],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc.1, No Action By User, [6c295df87803d264959edb8910f218e8],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}, No Action By User, [b1e441145d1e4ee8092e630107fb03fd],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, No Action By User, [b1e441145d1e4ee8092e630107fb03fd],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b, No Action By User, [b1e441145d1e4ee8092e630107fb03fd],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, No Action By User, [e6aff164fa810036d363154ffd05a45c],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, No Action By User, [504573e2c3b87bbbb9ebfe66a45e4cb4],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TypeLib\{03119103-0854-469D-807A-171568457991}, No Action By User, [9cf95203aad16ec8960e2e36877b11ef],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DealPly, No Action By User, [efa69cb9ed8e02340beb7e3aac57aa56],
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\Coupon Downloader, No Action By User, [1085dc7937447cbab825b1dda35f10f0],
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\CouponDownloader, No Action By User, [1d78fa5bc0bb84b2726cbcd2b250e41c],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, No Action By User, [2570e0754536270fa0e8009743bfd030],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{813BA625-B0FA-48D8-9B75-59759C88C219}, No Action By User, [6b2a0b4acbb00432ab40345acd3558a8],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, No Action By User, [b0e5a9ac6e0df34331358736768da060],
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\CouponDownloader, No Action By User, [1c7963f2adce0a2cb42ad2bc748e619f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPly, No Action By User, [0b8aaea7e59669cd121ee4a55ba7c13f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, No Action By User, [197c8acbfc7ff046af3f1a6fb54d46ba],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, No Action By User, [d2c30d483843c175bc2319756e94fc04],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CouponDownloader, No Action By User, [e7aed67fcab174c216ca5737c73bdf21],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, No Action By User, [b5e0d1844c2f9b9b7f06b30cf60de61a],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Coupon Downloader, No Action By User, [d9bcf75ecead1b1b3da46a240101a65a],
PUP.Optional.SProtector.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SProtector, No Action By User, [484d1144d7a4e4520652219d7f84b14f],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, No Action By User, [aee7b79e1f5ca096c6196f1f7191728e],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CouponDownloader, No Action By User, [356071e4f18a5cdaecf48fff3fc3867a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, No Action By User, [d1c4094c2556de5890c0ae227c8745bb],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, No Action By User, [3f56e96c37441c1ae2a8dcbbd42e3ac6],
PUP.Optional.DealPly.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY, No Action By User, [8c0978dd1566162058e18f2e50b358a8],
PUP.Optional.DealPly.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, No Action By User, [f5a0094c8fecb97d707f0c7da26040c0],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, No Action By User, [5e37ff5684f7c472c600f6afac56c43c],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, No Action By User, [1382cc891c5f0d292ca77e3de023b64a],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SIMPLYTECH\HomeTab, No Action By User, [e3b2a8ad8deeaa8c934a3e6320e210f0],
PUP.Optional.DealPly.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, No Action By User, [6530fd58fc7fe6506a8544450ef48779],
PUP.Optional.CouponDownloader.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CouponDownloaderService64, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6],

Registry Values: 3
PUP.Optional.DealPly.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY|Partner, wbpk, No Action By User, [8c0978dd1566162058e18f2e50b358a8]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, No Action By User, [1382cc891c5f0d292ca77e3de023b64a]
PUP.Optional.HomeTab.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] No Action By User, [99fc1f3677045ed8726ac1e004fe16ea]

Registry Data: 6
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q=),No Action By User,[9005a2b3a7d4be78720f45101fe53bc5]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com/), Bad: (http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q=),No Action By User,[a7ee9db8e893da5c691ae96ce81ce719]
Hijack.SearchPage, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q=),No Action By User,[fb9a6fe68deea0965e203a1b000430d0]
Hijack.SearchPage, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com/), Bad: (http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q=),No Action By User,[eca90f46ed8e1d193d47f85dd92bc040]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&q=%s),No Action By User,[3c59ef66abd0c4723864a2b531d3f20e]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-873655147-2502061236-4147198141-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com/), Bad: (http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&q=%s),No Action By User,[ccc94a0b3d3ea393316c2f2831d37090]

Folders: 8
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly, No Action By User, [efa69cb9ed8e02340beb7e3aac57aa56],
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly, No Action By User, [286d2e27e19aed49cd5819a226dd5aa6],
PUP.Optional.DealPly.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje, No Action By User, [3a5b470e7dfedc5a0d27ee8d46bcee12],
PUP.Optional.DealPly.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0, No Action By User, [3a5b470e7dfedc5a0d27ee8d46bcee12],
PUP.Optional.DealPly.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\images, No Action By User, [3a5b470e7dfedc5a0d27ee8d46bcee12],
PUP.Optional.CouponDownloader.A, C:\Program Files (x86)\Coupon Downloader, No Action By User, [3b5a70e586f562d4f918612328da41bf],
PUP.Optional.CouponDownloader.A, C:\Program Files\CouponDownloader, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6],
PUP.Optional.CouponDownloader.A, C:\Program Files\CouponDownloader\SSL, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6],

Files: 81
PUP.Optional.CouponDownloader.A, C:\Program Files (x86)\Coupon Downloader\Coupon Downloader.dll, No Action By User, [276e60f58dee979f9da9b77448bacc34],
PUP.Optional.CouponDownloader.A, C:\temp\t_ff.exe, No Action By User, [3a5b01545a210e28004189ba15eb946c],
PUP.Optional.CouponDownloader.A, C:\temp\t_ie.exe, No Action By User, [068f074e700be74fb190063dbb45ce32],
PUP.Optional.CouponDownloader.A, C:\Users\alexandree\AppData\Local\Temp\nssA6D4.tmp.exe, No Action By User, [187d1e378cefe056033e380bda26738d],
PUP.Optional.Tarma.A, C:\Users\alexandree\AppData\Local\Temp\{06B159F3-3A25-40F8-A213-7207DD527B05}\Setup.exe, No Action By User, [b9dc361fe09bc76fdc020b3a857b5aa6],
PUP.Optional.BundleInstaller.A, C:\Users\alexandree\AppData\Local\Temp\n7056\s7056.exe, No Action By User, [1a7b441145364ceaccba96afdb2530d0],
PUP.Optional.SupraSavings.A, C:\Users\alexandree\AppData\Local\Temp\n7056\suprasavings_2703-e3e04064.exe, No Action By User, [385d2b2a651678be0fca4ade877b9c64],
PUP.Optional.BundleInstaller.A, C:\Users\alexandree\AppData\Local\Temp\n7562\s7562.exe, No Action By User, [8411381d1b6054e28105a99cf50b7c84],
PUP.Optional.Spigot.A, C:\Users\alexandree\AppData\Local\Temp\nseBF41.tmp-2\APN_ATU3_.exe, No Action By User, [c9cc035288f31e181c287ea74eb3ee12],
PUP.Optional.Spigot.A, C:\Users\alexandree\AppData\Local\Temp\is701137889\16824305_stp.EXE, No Action By User, [aaebc88d2e4de056b1931c099d649b65],
PUP.Optional.RegCleanPro, C:\Users\alexandree\AppData\Local\Temp\is701137889\47327847_stp\rcpsetup_adppi15_adppi15.exe, No Action By User, [3c590c49a1da67cf533790a4f10f27d9],
PUP.Optional.CouponDownloader.A, C:\Users\alexandree\AppData\Local\Temp\is919901998\394142_stp\coupondownloader.exe, No Action By User, [cdc869ec3b40b3838fc2eb5eb351e31d],
PUP.Optional.InstallCore, C:\Users\alexandree\Downloads\megacubo-1033-32-bits.exe, No Action By User, [3560223399e253e374745ea824dd1ae6],
PUP.Optional.InstallCore, C:\Users\alexandree\Downloads\pdfrider-061-32-bits.exe, No Action By User, [4f46abaa7803f73f33895ae69074966a],
PUP.Optional.AppsInstaller, C:\Users\alexandree\Downloads\Camtasia%20Studio.exe, No Action By User, [c8cd8fc6d5a6db5b0c847acb16eeaa56],
PUP.Optional.Spigot.A, C:\Users\alexandree\Downloads\222-aTubeCatcher.exe, No Action By User, [761fc88d1b60e74fae96fe27679a966a],
PUP.Optional.InstallCore, C:\Users\alexandree\Downloads\atube-catcher-387955-32-bits.exe, No Action By User, [ddb8d283a7d43df9438c53f6a95b8779],
PUP.Optional.InstallCore, C:\Users\alexandree\Downloads\babypdf-10-32-bits.exe, No Action By User, [7f1677debcbf1026d3e930106c989c64],
PUP.Optional.Babylon.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage, No Action By User, [c8cd470e0576ff375e5dd8b00ef444bc],
PUP.Optional.Babylon.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal, No Action By User, [177ed184b8c38bab6d4ea7e1986a25db],
PUP.Optional.Superfish.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, No Action By User, [bfd6f362710ae353ae34721ad131ee12],
PUP.Optional.Superfish.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, No Action By User, [91047bda2358b68032b0d7b5fa08d030],
PUP.Optional.WebSearch.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\searchplugins\Web Search.xml, No Action By User, [7b1add78fa8186b05c75d3c827dbd22e],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, No Action By User, [e9ac96bfc9b268ce5759138c9a68827e],
PUP.Optional.SearchCertifiedTB.A, C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml, No Action By User, [4c49a7aed4a744f2c026cfd26a98f907],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPly.crx, No Action By User, [efa69cb9ed8e02340beb7e3aac57aa56],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\icon.ico, No Action By User, [efa69cb9ed8e02340beb7e3aac57aa56],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\uninst.exe, No Action By User, [efa69cb9ed8e02340beb7e3aac57aa56],
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, No Action By User, [286d2e27e19aed49cd5819a226dd5aa6],
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk, No Action By User, [286d2e27e19aed49cd5819a226dd5aa6],
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk, No Action By User, [286d2e27e19aed49cd5819a226dd5aa6],
PUP.Optional.DealPly.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html, No Action By User, [3a5b470e7dfedc5a0d27ee8d46bcee12],
PUP.Optional.DealPly.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\manifest.json, No Action By User, [3a5b470e7dfedc5a0d27ee8d46bcee12],
PUP.Optional.DealPly.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\images\dealplyIcon128.png, No Action By User, [3a5b470e7dfedc5a0d27ee8d46bcee12],
PUP.Optional.DealPly.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\images\dealplyIcon16.png, No Action By User, [3a5b470e7dfedc5a0d27ee8d46bcee12],
PUP.Optional.DealPly.A, C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\images\dealplyIcon48.png, No Action By User, [3a5b470e7dfedc5a0d27ee8d46bcee12],
PUP.Optional.CouponDownloader.A, C:\Program Files (x86)\Coupon Downloader\64.ico, No Action By User, [3b5a70e586f562d4f918612328da41bf],
PUP.Optional.CouponDownloader.A, C:\Program Files (x86)\Coupon Downloader\uninstall.exe, No Action By User, [3b5a70e586f562d4f918612328da41bf],
PUP.Optional.CouponDownloader.A, C:\Program Files\CouponDownloader\CouponDownloaderService64.exe, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6],
PUP.Optional.CouponDownloader.A, C:\Program Files\CouponDownloader\Installbat64.dll, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6],
PUP.Optional.CouponDownloader.A, C:\Program Files\CouponDownloader\Microsoft.Deployment.WindowsInstaller.dll, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6],
PUP.Optional.CouponDownloader.A, C:\Program Files\CouponDownloader\Microsoft.Deployment.WindowsInstaller.xml, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6],
PUP.Optional.CouponDownloader.A, C:\Program Files\CouponDownloader\nfapi.dll, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6],
PUP.Optional.CouponDownloader.A, C:\Program Files\CouponDownloader\nfregdrv.exe, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6],
PUP.Optional.CouponDownloader.A, C:\Program Files\CouponDownloader\ProtocolFilters.dll, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6],
PUP.Optional.CouponDownloader.A, C:\Program Files\CouponDownloader\sample.dll, No Action By User, [c3d296bf3546ff37cf4e760e7b872ad6],
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14631c3ed946a28bccb1ab81561be037"), No Action By User,[a9ece471f685dc5abbe0ec9705ff936d]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.active", true), No Action By User,[8c09a8ad6f0ccf67217b4043c83cf40c]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.affid", "0"), No Action By User,[75200f46077424126a32fc87986cec14]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.backgroundjs", "\n//------------------ PLUGIN resources_background START ------------------ ------------------ \n(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:\"http://resources.crossrider.com\",staging:\"http://staging-app.crossrider.com\"},update:\"/apps/{appId}/resources/meta/{lastVersion}\"},env:appAPI.appInfo.environment===\"staging\"?\"staging\":\"production\",saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:\"Resources_\",isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get(\"debug_resources_path\"))},w=o(\"meta\")||{},g=o(\"remote_resources\")||{remoteId:0},t=o(\"queue\")||{},B=o(\"lastVersion\")||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!==\"undefined\"){D=jQuery.trim(D);}return b(D,\"string\");},includeCSS:function(G,F){if(typeof jQuery!==\"undefined\"){G=jQuery.trim(G);}var E=b(G,\"string\");E=p(n(E,F));var D=document.createElement(\"style\");D.setAttribute(\"type\",\"text/css\");if(D.styleSheet&&typeof(D.styleSheet.cssText)===\"string\"){D.styleSheet.cssText=E;}else{D.innerHTML=E;}(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild(D);},setBrowserIcon:function(D){j(D.replace(/^\\s+|\\s+$/g,\"\"));},setPopup:function(F){if(typeof F.resourcePath===\"string\"){var E=F.resourcePath;if(!C.isDebug){var D=b(E,\"string\");D=D.replace(/appAPI\\.resources\\.includeJS\\((.*?)\\)/g,\"eval(appAPI.resources.get($1))\");appAPI.browserAction.setPopupHTML(D,F.width,F.height);}else{if(C.isDebug){var G=appAPI.internal.db.get(\"debug_resources_path\")+E;appAPI.request.get(G,function(H){appAPI.browserAction.setPopupHTML(H,F.width,F.height);},function(H){if(H==404){alert(\"Crossrider - missing resource: \"+E);}});}}}else{if(typeof F.html===\"string\"){appAPI.browserAction.setPopupHTML(F.html,F.width,F.height);}}},addCSS:function(E,G){if(typeof E===\"string\"){appAPI.dom.onDocumentStart.innerAddCSS(E,G);}else{if(typeof E.resourcePath===\"string\"){var D=E.resourcePath;if(!C.isDebug){var F=b(D,\"string\");appAPI.dom.onDocumentStart.innerAddCSS(F,E.whitelistUrls);}else{if(C.isDebug){var H=appAPI.internal.db.get(\"debug_resources_path\")+D;appAPI.request.get(H,function(I){appAPI.dom.onDocumentStart.innerAddCSS(I,E.whitelistUrls);},function(I){if(I==404){alert(\"Crossrider - missing resource: \"+D);}});}}}else{if(typeof E.css===\"string\"){appAPI.dom.onDocumentStart.innerAddCSS(E.css,E.whitelistUrls);}}}},addJS:function(F,G){if(typeof F===\"string\"){appAPI.dom.onDocumentStart.innerAddJS(F,G);}if(typeof F.resourcePath===\"string\"){var E=F.resourcePath;if(!C.isDebug){var D=b(E,\"string\");D=D.replace(/appAPI\\.resources\\.includeJS\\((.*?)\\)/g,\"eval(appAPI.resources.get($1))\");appAPI.dom.onDocumentStart.innerAddJS(D,F.whitelistUrls);}else{if(C.isDebug){var H=appAPI.internal.db.get(\"debug_resources_path\")+E;appAPI.request.get(H,function(I){appAPI.dom.onDocumentStart.innerAddJS(I,F.whitelistUrls);},function(I){if(I==404){alert(\"Crossrider - missing resource: \"+E);}});}}}else{if(typeof F.js===\"string\"){appAPI.dom.onDocumentStart.innerAddJS(F.js,F.whitelistUrls);}}},openURL:function(F,D){if(typeof F===\"object\"&&typeof F.resourcePath===\"string\"&&typeof D===\"undefined\"){if(typeof F.resourcePath===\"string\"){var E=F.resourcePath;if(!C.isDebug){var H=b(E,\"string\");H=H.replace(/appAPI\\.resources\\.includeJS\\((.*?)\\)/g,\"eval(appAPI.resources.get($1))\");F.resourceContent=H;appAPI.innerOpenURL(F,D);}else{if(C.isDebug){var G=appAPI.internal.db.get(\"debug_resources_path\")+E;appAPI.request.get(G,function(I){F.resourceContent=I;appAPI.innerOpenURL(F,D);},function(I){if(I==404){alert(\"Crossrider - missing resource: \"+E);}});}}}}else{appAPI.innerOpenURL(F,D);}}};function h(){A=true;var D=null;if(typeof jQuery!==\"undefined\"){D=jQuery;}if(s){s(D);}}function l(F){var E=o(\"nextCheck\"),D=o(\"appVer\");if(E&&appAPI.appInfo.version==D){F(false);}else{appAPI.request.get(C.url.base[C.env]+C.url.update.replace(\"{appId}\",C.appId).replace(\"{lastVersion}\",B),function(G){var H=v(appAPI.JSON.parse(G));F(H);});}}function v(D){var F=appAPI.time.minutesFromNow(D.nextCheck||C.nextCheck),E;B=D.lastVersion;if(D.resources){for(i in D.resources){E=D.resources[i];m(\"resource_\"+E.id);delete w[q(E.id)];delete t[q(E.id)];if(E.status==1){w[E.name]=t[E.name]=E;}else{if(E.status==2){}}}}z(\"meta\",w);z(\"queue\",t);z(\"nextCheck\",true,F);z(\"lastVersion\",B);z(\"appVer\",appAPI.appInfo.version);return D.resources.length;}function k(){var F=0,D=0,E;for(E in t){F++;f(t[E],function(){if(++D==F){h();}});}}function f(E,F){var D=r(E);appAPI.request.get(D,function(G){delete t[E.name];z(\"resource_\"+E.id,G,C.saveResource);z(\"queue\",t);F();});}function e(F){var D=r(F),E=appAPI.request.sync.get(D);z(\"resource_\"+F.id,E,C.saveResource);return E;}function b(D,F){D=D.replace(/^\\//,\"\");var H=w[D],E=c(D),G=\"\";if(C.isDebug){G=a(D,F);}else{if(H){G=o(\"resource_\"+H.id);if(G){d(\"resource_\"+H.id,C.saveResource);}else{G=e(H);}}}return G;}function a(D,F){var G=appAPI.internal.db.get(\"debug_resources_path\"),E=F==\"string\"?appAPI.internal.file.get(x(G+D)).file_content:x(G+D);if(F==\"string\"&&E==-1){alert(\"Crossrider - missing resource: \"+D);E=\"\";}return E;}function p(E){var F=/(resource(?:\\-image)?)\\:\\/\\/(.*?)(\\\"|\\'|\\)|\\;|\\ |\\n|\\r|\\t|$)/gi,D=(/\\@import(?:.*?)url(?:.*?)(resource\\:\\/\\/(?:.*?))(?:\\\"|\\')?\\) ?\\;?/gi);return E.toString().replace(D,\"$1\").replace(F,function(H,G,J,I){return b(J,/image/.test(G)?\"image\":\"string\")+I;});}function n(E,D){var D=D||{};D[\"app-id\"]=C.appId;for(var F in D){E=E.replace(new RegExp(\"\\\\{\\\\{\"+F+\"\\\\}\\\\}\",\"g\"),D[F]);}return E;}function j(D){if(!C.isDebug||appAPI.platform==\"IE\"){appAPI.browserAction.setIcon(b(D,\"image\"));}else{if(C.isDebug){var F=appAPI.internal.db.get(\"debug_resources_path\")+D,E=D.replace(/.*\\.([^\\.]+?)$/,\"$1\");appAPI.request.getBinary({url:F,base64:true,successCallback:function(G){appAPI.browserAction.setIcon(\"data:image/\"+E+\";base64,\"+G);},failureCallback:function(G){if(G==404){alert(\"Crossrider - missing resource: \"+D);}else{if(G==-2){alert(\"Crossrider - Your browser does not support for appAPI.resources.setBrowserIcon in DEBUG mode\");}}}});}}}function u(D){return/\\.(?:gif|jpe?g|png)$/.test(D.name);}function r(D){return y(D.url+(u(D)?\".base64\":\"\"));}function c(D){return D.substring(D.lastIndexOf(\".\")+1);}function q(F){var D,E;for(E in w){if(w[E].id==F){D=E;}}return D;}function z(D,E,F){appAPI.internal.db.set(C.DBNamespace+D,E,F);}function o(D){return appAPI.internal.db.get(C.DBNamespace+D);}function m(D){return appAPI.internal.db.remove(C.DBNamespace+D);}function d(D,E){appAPI.internal.db.updateExpiration(C.DBNamespace+D,E);}function x(D){return D+\"?r=\"+Math.random();}function y(D){return D+\"?ver=\"+B;}}());(function(){try{appAPI.resources.init();if(typeof appAPI.browserAction===\"undefined\"){appAPI.browserAction={};}appAPI.browserAction.setResourceIcon=appAPI.resources.setBrowserIcon;appAPI.browserAction.setPopup=appAPI.resources.setPopup;if(typeof appAPI.dom===\"undefined\"){appAPI.dom={};}if(typeof appAPI.dom.onDocumentStart===\"undefined\"){appAPI.dom.onDocumentStart={};}if(typeof appAPI.dom.onDocumentStart.innerAddCSS!==\"undefined\"){appAPI.dom.onDocumentStart.addCSS=appAPI.resources.addCSS;}if(typeof appAPI.dom.onDocumentStart.innerAddJS!==\"undefined\"){appAPI.dom.onDocumentStart.addJS=appAPI.resources.addJS;}if(typeof appAPI.innerOpenURL!==\"undefined\"){appAPI.openURL=appAPI.resources.openURL;}}catch(a){console.error(\"Caught an exception from the resources_background\");}}());\n//------------------   PLUGIN resources_background END  ------------------ \n\n//------------------ PLUGIN similar_web_bg START ------------------ ------------------ \nfunction create_id(string_size) {\n    var text = \"\";\n    var possible = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\";\n\n    for( var i=0; i < string_size; i++ )\n        text += possible.charAt(Math.floor(Math.random() * possible.length));\n\n    return text;\n};\nvar user_id = appAPI.db.get(\"user_id\");\nif (!user_id) {\n  appAPI.db.set(\"user_id\",  appAPI.getCrossriderID() || create_id(15));\n};\n\nappAPI.db.remove(\"session_id\");\nappAPI.db.set(\"session_id\", create_id(10));\n\nappAPI.db.remove(\"load_balancer\");\nappAPI.request.get(\"http://crs.thetrafficstat.net/settings?s=850\", function(data) {\n  appAPI.db.set(\"load_balancer\", data);\n});\n//------------------   PLUGIN similar_web_bg END  ------------------ \n\n\n/************************************************************************************\r\n  This is your background code.\r\n  For more information please visit our wiki site:\r\n  http://docs.crossrider.com/#!/guide/background_scope\r\n*************************************************************************************/\r\n\r\n\r\n//Place your code here (ideal for handling toolbar button, global timers, etc.)\r\n\n"), No Action By User,[2f661540daa12a0cd0cc5f241de79070]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.backgroundver", 4), No Action By User,[e6af60f50675cd697626b2d1956f9967]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.certdomaininstaller", ""), No Action By User,[761f381d94e76bcb8f0d7b082ada0000]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.description", "WX Download browser extension"), No Action By User,[1a7b9fb6215a5dd94b517310b153c63a]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.domain", ""), No Action By User,[cbcab99c196260d6fba1434034d01be5]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.emailsig", ""), No Action By User,[ff965bfa2f4c270f158782015ea6ba46]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.exposesites", ""), No Action By User,[870ef461c3b8a492afeda3e008fcba46]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.fbremoteurl", ""), No Action By User,[e3b292c377046acc34680f746d977d83]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.group", 0), No Action By User,[d5c0262ff4879a9c920a9ee5ac58ce32]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.homepage", ""), No Action By User,[9005292c067571c5dbc1d7ac4db718e8]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp1466.1466.iframe", false), No Action By User,[088df263cdaed95d1a8284ffbc48a55b]
PUP.Optional.CrossRider.A, C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js, Good: (), Bad:

Physical Sectors: 0
(No malicious items detected)


(end)

em todos os itens encontrados pelo Malwarebytes está constando que você não removeu, porque você não excluiu?

Este é o relatório do FRST...tb anexei este relatório, caso fique mais fácil pra checar...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 01
Ran by alexandree (administrator) on ALEXANDREE-PC on 25-05-2014 15:33:44
Running from C:\Users\alexandree\Downloads
Platform: Windows 7 Professional (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\CouponDownloader\CouponDownloaderService64.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] => C:\windows\system32\NvCpl.dll [16413288 2010-02-09] (NVIDIA Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1742064 2014-04-08] (Bitdefender)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-03] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [X]
Winlogon\Notify\ GbPluginBb-x32: C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-04-08] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-04-08] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-04-08] (Bitdefender)
HKU\.DEFAULT\...\Run: [Agente da Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-04-08] (Bitdefender)
HKU\.DEFAULT\...\Run: [Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-04-08] (Bitdefender)
HKU\.DEFAULT\...\Run: [Agente de Aplicativo de Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-04-08] (Bitdefender)
HKU\S-1-5-21-873655147-2502061236-4147198141-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-873655147-2502061236-4147198141-1000\...\Run: [Agente da Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-04-08] (Bitdefender)
HKU\S-1-5-21-873655147-2502061236-4147198141-1000\...\Run: [Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-04-08] (Bitdefender)
HKU\S-1-5-21-873655147-2502061236-4147198141-1000\...\Run: [Agente de Aplicativo de Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-04-08] (Bitdefender)
HKU\S-1-5-21-873655147-2502061236-4147198141-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {23638960-AFE1-4BA6-85C1-4EDB969F961C} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {4F275F1D-F12B-41BC-BDDB-FD9F11481537} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {4FA95BD0-43F0-4F99-88D0-7942C23A1831} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Carteira Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Carteira Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1582632 2014-02-21] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default
FF SearchEngineOrder.user_pref("browser.search.order.1S", "");: user_pref("browser.search.order.1S", "");
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: gastecnologia.com.br/sf/bb - C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ []
FF HKLM-x32\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-12-21]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-05-19]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: search.certified-toolbar.com
CHR DefaultSearchProvider: Web Search
CHR DefaultSearchURL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17]
CHR Extension: (Google Drive) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-17]
CHR Extension: (YouTube) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-17]
CHR Extension: (Bitdefender Wallet) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-05-17]
CHR Extension: (Pesquisa do Google) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17]
CHR Extension: (No Name) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpaeeflekdffkcflihellcgkhgbjgibl [2014-05-17]
CHR Extension: (No Name) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje [2014-05-17]
CHR Extension: (Skype Click to Call) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-17]
CHR Extension: (Google Wallet) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh [2014-05-17]
CHR Extension: (Gmail) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-17]
CHR HKCU\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2013-06-21]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2013-12-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
R2 CouponDownloaderService64; c:\Program Files\CouponDownloader\CouponDownloaderService64.exe [172544 2014-05-01] ()
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [167632 2012-08-27] (F-Secure Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720 2014-02-21] (GAS Tecnologia)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-04-03] (McAfee, Inc.)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1523728 2014-04-08] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-02-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-02-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-12-04] (Kaspersky Lab ZAO)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [40464 2009-10-14] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27152 2009-09-14] (Kaspersky Lab)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [772944 2013-04-03] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 avfwim; system32\DRIVERS\avfwim.sys [X]
S1 badriver; system32\drivers\badriver.sys [X]
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [X]
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-25 15:29 - 2014-05-25 15:29 - 00048814 _____ () C:\Users\alexandree\Desktop\relatorio.txt
2014-05-25 15:18 - 2014-05-25 15:19 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{C703EBE4-19B7-4C51-A5A2-2D37CA3E8002}
2014-05-25 15:17 - 2014-05-25 15:18 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{EC855D40-82A2-483C-953A-8B1984546D64}
2014-05-25 14:50 - 2014-05-25 14:50 - 00001518 _____ () C:\Users\alexandree\Desktop\fixlist.txt - Atalho.lnk
2014-05-25 14:41 - 2014-05-25 14:42 - 00038736 _____ () C:\Users\alexandree\Downloads\Addition.txt
2014-05-25 14:38 - 2014-05-25 15:33 - 00023791 _____ () C:\Users\alexandree\Downloads\FRST.txt
2014-05-25 14:37 - 2014-05-25 15:33 - 00000000 ____D () C:\FRST
2014-05-25 14:37 - 2014-05-25 14:37 - 02066944 _____ (Farbar) C:\Users\alexandree\Downloads\FRST64.exe
2014-05-25 14:31 - 2014-05-25 14:31 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6CE5DFF4-BD05-431E-9CAE-F48B0DD4FE8A}
2014-05-25 14:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-25 14:25 - 2014-05-25 14:27 - 00000000 ____D () C:\AdwCleaner
2014-05-25 14:22 - 2014-05-25 14:22 - 01326389 _____ () C:\Users\alexandree\Downloads\adwcleaner-3-210-en [1].exe
2014-05-25 14:22 - 2014-05-25 14:22 - 00683008 _____ ( ) C:\Users\alexandree\Downloads\adwcleaner-3-210-en.exe
2014-05-25 12:10 - 2014-05-25 12:10 - 00000000 ____D () C:\windows\system32\SPReview
2014-05-25 02:23 - 2014-05-25 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 02:22 - 2014-05-25 02:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 02:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-25 02:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-25 02:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-25 02:20 - 2014-05-25 02:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexandree\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 02:14 - 2014-05-25 02:15 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E76B7B17-458C-46E4-A345-9971BB5E4985}
2014-05-24 17:14 - 2014-05-24 17:14 - 08794112 _____ () C:\Users\alexandree\Downloads\Pretex_Gestão_de_Processos.indd
2014-05-24 17:14 - 2014-05-24 17:14 - 07217152 _____ () C:\Users\alexandree\Downloads\Postex_Gestão_de_Processos.indd
2014-05-24 17:14 - 2014-05-24 17:14 - 00077824 _____ () C:\Users\alexandree\Downloads\Ebook_Gestão_de_Processos.indb
2014-05-24 17:13 - 2014-05-24 17:13 - 18423808 _____ () C:\Users\alexandree\Downloads\Cap7_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 11419648 _____ () C:\Users\alexandree\Downloads\Cap5_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 10870784 _____ () C:\Users\alexandree\Downloads\Cap4_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 09170944 _____ () C:\Users\alexandree\Downloads\Cap6_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 06238208 _____ () C:\Users\alexandree\Downloads\Cap8_Gestão_de_Processos.indd
2014-05-24 17:12 - 2014-05-24 17:12 - 06533120 _____ () C:\Users\alexandree\Downloads\Cap2_Gestão_de_Processos.indd
2014-05-24 17:12 - 2014-05-24 17:12 - 06164480 _____ () C:\Users\alexandree\Downloads\Cap1_Gestão_de_Processos(1).indd
2014-05-24 17:12 - 2014-05-24 17:12 - 05394432 _____ () C:\Users\alexandree\Downloads\Cap3_Gestão_de_Processos.indd
2014-05-24 17:11 - 2014-05-24 17:11 - 06164480 _____ () C:\Users\alexandree\Downloads\Cap1_Gestão_de_Processos.indd
2014-05-24 12:31 - 2014-05-24 12:32 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DA4EC987-BD3F-4505-9D80-E95909532844}
2014-05-23 23:58 - 2014-05-23 23:58 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E36A888F-0CC5-4D1E-A837-F2129E2C095E}
2014-05-22 22:09 - 2014-05-22 22:10 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DED08E45-7BF6-41BC-A213-D471173D1287}
2014-05-21 11:46 - 2014-05-21 11:46 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6A642D44-37B9-4397-B2AE-EDC1E7580A0D}
2014-05-20 23:45 - 2014-05-20 23:45 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{70586B6D-D993-461A-B59B-D232D337C83D}
2014-05-19 20:06 - 2014-05-19 20:06 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{8D3C9C10-BA32-47D3-A057-153D83BDEC4E}
2014-05-18 12:16 - 2014-05-18 12:16 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{690AFFCC-5140-4A08-83D8-700C7D3D2295}
2014-05-17 18:19 - 2014-05-17 18:19 - 00918672 _____ (Google Inc.) C:\Users\alexandree\Downloads\ChromeSetup(2).exe
2014-05-17 17:13 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files\CouponDownloader
2014-05-17 17:13 - 2014-05-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Coupon Downloader
2014-05-17 11:11 - 2014-05-17 11:11 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{907760AC-D003-4F24-9FE0-949FA4BA0607}
2014-05-16 23:10 - 2014-05-16 23:11 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{B4CF6DB2-69D5-41BE-8CC3-76BADCFE5EC7}
2014-05-14 22:22 - 2014-05-14 22:24 - 00000000 ____D () C:\Program Files (x86)\Baixou Agora App
2014-05-14 22:22 - 2014-05-14 22:22 - 00001913 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Super Tela.lnk
2014-05-14 22:22 - 2014-05-14 22:22 - 00001907 _____ () C:\Users\Public\Desktop\Super Tela.lnk
2014-05-14 22:22 - 2014-05-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Super Tela
2014-05-14 22:20 - 2014-05-14 22:20 - 02775448 _____ () C:\Users\alexandree\Downloads\SuperTela-ptBR.exe
2014-05-14 20:23 - 2014-05-14 20:23 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{0A2CB8C3-3615-4605-8715-6C4161308AFF}
2014-05-13 20:56 - 2014-05-13 20:56 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{2C2EC8CA-9DF5-48A1-9097-CCE8F6D8758A}
2014-05-13 02:30 - 2014-05-13 02:30 - 00000000 ____D () C:\Users\alexandree\AppData\Local\TechSmith
2014-05-13 02:10 - 2014-05-24 02:06 - 00006656 _____ () C:\Users\alexandree\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-13 01:58 - 2014-05-13 01:58 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\TechSmith
2014-05-13 01:57 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\alexandree\Documents\Camtasia Studio
2014-05-13 01:56 - 2014-05-13 01:56 - 00001168 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-05-13 01:56 - 2014-05-13 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\ProgramData\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-13 01:43 - 2014-05-13 01:46 - 255523176 _____ () C:\Users\alexandree\Documents\653-camtasia.exe
2014-05-13 01:40 - 2014-05-24 16:26 - 00509328 _____ (A-installer) C:\Users\alexandree\Downloads\Camtasia%20Studio.exe
2014-05-13 01:26 - 2014-05-13 01:27 - 05831316 _____ () C:\Users\alexandree\aaa.flv
2014-05-13 01:25 - 2014-05-13 01:25 - 00000000 ____D () C:\Users\alexandree\dwhelper
2014-05-13 01:07 - 2014-05-14 20:26 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-05-13 01:05 - 2014-05-13 01:04 - 17109800 _____ (DsNET Corp) C:\Users\alexandree\Downloads\222-aTubeCatcher.exe
2014-05-13 01:03 - 2014-05-13 01:03 - 00623504 _____ () C:\Users\alexandree\Downloads\atube-catcher-387955-32-bits.exe
2014-05-12 21:34 - 2014-05-12 21:34 - 00215907 _____ () C:\Users\alexandree\Downloads\Auditor-Fiscal_Estrategia_PontoConcurso_Curso-Completo-AuditorRF-Todos-Cargos.rar
2014-05-12 00:42 - 2014-05-12 00:42 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{798D2E96-9D2E-4AAC-88E3-F40EC0141EA5}
2014-05-11 12:56 - 2014-05-11 12:56 - 00001730 _____ () C:\Users\alexandree\Desktop\02-05-2014.doc - Atalho.lnk
2014-05-11 12:40 - 2014-05-11 12:41 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{FD4CEB41-87DD-4C59-A5F6-EE1D5629FE04}
2014-05-11 00:56 - 2014-05-24 14:27 - 00000775 _____ () C:\Users\alexandree\Documents\mega.txt
2014-05-10 19:23 - 2014-05-10 19:23 - 00001186 _____ () C:\Users\alexandree\Concursos x - Atalho.lnk
2014-05-10 19:18 - 2014-05-10 19:18 - 00000000 ____D () C:\Users\alexandree\Documents\Concursos
2014-05-10 19:11 - 2014-05-10 19:11 - 00002025 _____ () C:\Users\alexandree\Desktop\Aula 1.3 - Questões 8 a 12. Organização administrativa.mp4 - Atalho.lnk
2014-05-10 19:11 - 2014-05-10 19:11 - 00001989 _____ () C:\Users\alexandree\Desktop\Aula 1.2 - Poderes administrativos. Questões 5 a 7.mp4 - Atalho.lnk
2014-05-10 16:50 - 2014-05-10 16:50 - 00817040 _____ () C:\Users\alexandree\Downloads\Setup(1).exe
2014-05-10 16:14 - 2014-05-10 16:14 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{151157DC-3F3D-4B92-9C25-C59CA04CAD9C}
2014-05-10 00:02 - 2014-05-10 00:03 - 00000000 ____D () C:\1ca92df86ae72faa729e15d0f5
2014-05-09 22:12 - 2014-05-25 14:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 20:30 - 2014-05-09 20:30 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DFB2CD8F-E07A-4CBC-92D0-BC19CFC52192}
2014-05-08 23:12 - 2014-05-14 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTV
2014-05-08 23:12 - 2014-05-14 22:19 - 00000000 ____D () C:\Program Files (x86)\aTV
2014-05-08 23:12 - 2014-05-08 23:12 - 01574901 _____ () C:\Users\alexandree\Downloads\Setup%20aTV5.1.exe
2014-05-08 23:11 - 2014-05-08 23:11 - 00812432 _____ () C:\Users\alexandree\Downloads\Setup.exe
2014-05-08 23:10 - 2014-05-08 23:10 - 00686328 _____ () C:\Users\alexandree\Downloads\atv-51-gerenciador-32-bits.exe
2014-05-08 22:51 - 2014-05-08 23:07 - 00000000 ____D () C:\Program Files (x86)\Megacubo
2014-05-08 22:50 - 2014-05-23 00:41 - 00000000 ____D () C:\Program Files\004
2014-05-08 22:48 - 2014-05-08 22:48 - 00706704 _____ () C:\Users\alexandree\Downloads\megacubo_setup.exe
2014-05-08 20:08 - 2014-05-08 20:09 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{962ECF2B-9F7D-4CD0-9516-408D5A1F58F0}
2014-05-07 21:22 - 2014-05-07 21:22 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{B313C669-B04B-427B-9570-809BC24EBA71}
2014-05-07 21:09 - 2014-05-07 21:09 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{CDCAB545-9452-4907-9220-BC32A776F9A7}
2014-05-06 22:36 - 2014-05-06 22:36 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{3E28A9C2-566A-4CE9-97BA-2E4B9D9BF19C}
2014-05-06 22:15 - 2014-05-06 22:15 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{0D8D3498-5080-4749-9179-07BCD45DF344}
2014-05-06 21:51 - 2014-05-06 21:51 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{1583B2F4-D826-48D5-A0C6-16158466DB87}
2014-05-06 20:59 - 2014-05-06 20:59 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{5EC56719-7F71-4F48-8F81-A5AFE1387ADD}
2014-05-05 23:22 - 2014-05-05 23:22 - 00611520 _____ () C:\Users\alexandree\Documents\calculo remuneração trt.xlsx
2014-05-04 23:35 - 2014-05-04 23:36 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{50408435-EC30-4792-956C-F8F83B41AD06}
2014-05-04 02:06 - 2014-05-04 02:08 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DAAD625F-9B0E-4E50-B5E5-1806578055E6}
2014-05-02 11:56 - 2014-05-03 00:21 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6CBC469F-6CF1-46D6-A893-6DE523A7C174}
2014-05-01 13:33 - 2014-05-01 13:33 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{218464B0-F868-47FC-8619-D84C6039D88F}
2014-05-01 12:02 - 2014-05-01 12:02 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{F61DCACF-041D-4371-862F-3A79EDCBA633}
2014-04-30 21:38 - 2014-04-30 21:38 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{508F9624-9C49-4BD8-AAA5-82AB5BC0E36B}
2014-04-29 21:17 - 2014-04-29 21:17 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{9E0EBA77-9648-43EA-9C8E-909176C6A722}
2014-04-28 21:00 - 2014-04-28 21:15 - 00000099 _____ () C:\Users\alexandree\Documents\pagamento não processado porto seguro.txt
2014-04-28 20:05 - 2014-04-28 20:05 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E98ABF0C-61B8-4D57-9B7D-639E0878BEB2}
2014-04-27 22:04 - 2014-05-05 23:53 - 00000000 ____D () C:\Users\alexandree\Desktop\concurseiro
2014-04-27 12:20 - 2014-04-27 12:21 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{72703B8F-BBD8-42B2-A1CF-8AED24AA1861}
2014-04-27 00:20 - 2014-04-27 00:20 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{C94C2EE3-B9B1-4510-B5B6-BAB2764FC0C6}
2014-04-26 12:19 - 2014-04-26 12:19 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{1B7DB38A-7239-4BAF-B070-A6F1486A998D}

==================== One Month Modified Files and Folders =======

2014-05-25 15:34 - 2014-05-25 14:38 - 00023791 _____ () C:\Users\alexandree\Downloads\FRST.txt
2014-05-25 15:33 - 2014-05-25 14:37 - 00000000 ____D () C:\FRST
2014-05-25 15:30 - 2014-05-17 17:13 - 00000000 ____D () C:\Program Files\CouponDownloader
2014-05-25 15:29 - 2014-05-25 15:29 - 00048814 _____ () C:\Users\alexandree\Desktop\relatorio.txt
2014-05-25 15:27 - 2014-05-25 02:23 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 15:24 - 2009-07-14 01:45 - 00014160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 15:24 - 2009-07-14 01:45 - 00014160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 15:19 - 2014-05-25 15:18 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{C703EBE4-19B7-4C51-A5A2-2D37CA3E8002}
2014-05-25 15:19 - 2011-04-16 18:07 - 00000000 ____D () C:\Users\alexandree\AppData\Local\CrashDumps
2014-05-25 15:18 - 2014-05-25 15:17 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{EC855D40-82A2-483C-953A-8B1984546D64}
2014-05-25 15:18 - 2011-03-02 02:25 - 00000000 ____D () C:\Users\alexandree\Tracing
2014-05-25 15:17 - 2011-03-01 10:34 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-05-25 15:14 - 2009-07-14 02:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-25 15:14 - 2009-07-14 01:51 - 00184651 _____ () C:\windows\setupact.log
2014-05-25 15:13 - 2010-09-16 03:06 - 01485666 _____ () C:\windows\WindowsUpdate.log
2014-05-25 15:00 - 2011-03-02 02:00 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\Skype
2014-05-25 14:50 - 2014-05-25 14:50 - 00001518 _____ () C:\Users\alexandree\Desktop\fixlist.txt - Atalho.lnk
2014-05-25 14:42 - 2014-05-25 14:41 - 00038736 _____ () C:\Users\alexandree\Downloads\Addition.txt
2014-05-25 14:37 - 2014-05-25 14:37 - 02066944 _____ (Farbar) C:\Users\alexandree\Downloads\FRST64.exe
2014-05-25 14:31 - 2014-05-25 14:31 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6CE5DFF4-BD05-431E-9CAE-F48B0DD4FE8A}
2014-05-25 14:28 - 2010-09-15 12:21 - 05875714 _____ () C:\windows\PFRO.log
2014-05-25 14:27 - 2014-05-25 14:25 - 00000000 ____D () C:\AdwCleaner
2014-05-25 14:27 - 2014-05-09 22:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-25 14:22 - 2014-05-25 14:22 - 01326389 _____ () C:\Users\alexandree\Downloads\adwcleaner-3-210-en [1].exe
2014-05-25 14:22 - 2014-05-25 14:22 - 00683008 _____ ( ) C:\Users\alexandree\Downloads\adwcleaner-3-210-en.exe
2014-05-25 14:05 - 2013-03-12 23:04 - 00000902 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-25 12:10 - 2014-05-25 12:10 - 00000000 ____D () C:\windows\system32\SPReview
2014-05-25 02:22 - 2014-05-25 02:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 02:21 - 2014-05-25 02:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexandree\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 02:15 - 2014-05-25 02:14 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E76B7B17-458C-46E4-A345-9971BB5E4985}
2014-05-25 02:07 - 2011-04-20 12:49 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\SoftGrid Client
2014-05-24 17:45 - 2012-02-04 21:07 - 28582912 ___SH () C:\Users\alexandree\Downloads\Thumbs.db
2014-05-24 17:14 - 2014-05-24 17:14 - 08794112 _____ () C:\Users\alexandree\Downloads\Pretex_Gestão_de_Processos.indd
2014-05-24 17:14 - 2014-05-24 17:14 - 07217152 _____ () C:\Users\alexandree\Downloads\Postex_Gestão_de_Processos.indd
2014-05-24 17:14 - 2014-05-24 17:14 - 00077824 _____ () C:\Users\alexandree\Downloads\Ebook_Gestão_de_Processos.indb
2014-05-24 17:13 - 2014-05-24 17:13 - 18423808 _____ () C:\Users\alexandree\Downloads\Cap7_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 11419648 _____ () C:\Users\alexandree\Downloads\Cap5_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 10870784 _____ () C:\Users\alexandree\Downloads\Cap4_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 09170944 _____ () C:\Users\alexandree\Downloads\Cap6_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 06238208 _____ () C:\Users\alexandree\Downloads\Cap8_Gestão_de_Processos.indd
2014-05-24 17:12 - 2014-05-24 17:12 - 06533120 _____ () C:\Users\alexandree\Downloads\Cap2_Gestão_de_Processos.indd
2014-05-24 17:12 - 2014-05-24 17:12 - 06164480 _____ () C:\Users\alexandree\Downloads\Cap1_Gestão_de_Processos(1).indd
2014-05-24 17:12 - 2014-05-24 17:12 - 05394432 _____ () C:\Users\alexandree\Downloads\Cap3_Gestão_de_Processos.indd
2014-05-24 17:11 - 2014-05-24 17:11 - 06164480 _____ () C:\Users\alexandree\Downloads\Cap1_Gestão_de_Processos.indd
2014-05-24 16:26 - 2014-05-13 01:40 - 00509328 _____ (A-installer) C:\Users\alexandree\Downloads\Camtasia%20Studio.exe
2014-05-24 14:27 - 2014-05-11 00:56 - 00000775 _____ () C:\Users\alexandree\Documents\mega.txt
2014-05-24 12:32 - 2014-05-24 12:31 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DA4EC987-BD3F-4505-9D80-E95909532844}
2014-05-24 02:06 - 2014-05-13 02:10 - 00006656 _____ () C:\Users\alexandree\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-24 00:00 - 2013-06-21 22:25 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-05-23 23:58 - 2014-05-23 23:58 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E36A888F-0CC5-4D1E-A837-F2129E2C095E}
2014-05-23 01:38 - 2012-09-25 21:42 - 00000463 _____ () C:\windows\system32\checkdnsid.xml
2014-05-23 00:41 - 2014-05-08 22:50 - 00000000 ____D () C:\Program Files\004
2014-05-22 22:10 - 2014-05-22 22:09 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DED08E45-7BF6-41BC-A213-D471173D1287}
2014-05-21 22:21 - 2011-03-02 02:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-21 22:21 - 2011-03-02 02:00 - 00000000 ____D () C:\ProgramData\Skype
2014-05-21 11:46 - 2014-05-21 11:46 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6A642D44-37B9-4397-B2AE-EDC1E7580A0D}
2014-05-20 23:45 - 2014-05-20 23:45 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{70586B6D-D993-461A-B59B-D232D337C83D}
2014-05-19 20:06 - 2014-05-19 20:06 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{8D3C9C10-BA32-47D3-A057-153D83BDEC4E}
2014-05-18 12:16 - 2014-05-18 12:16 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{690AFFCC-5140-4A08-83D8-700C7D3D2295}
2014-05-17 18:28 - 2013-03-29 23:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-17 18:19 - 2014-05-17 18:19 - 00918672 _____ (Google Inc.) C:\Users\alexandree\Downloads\ChromeSetup(2).exe
2014-05-17 17:13 - 2014-05-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Coupon Downloader
2014-05-17 11:11 - 2014-05-17 11:11 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{907760AC-D003-4F24-9FE0-949FA4BA0607}
2014-05-16 23:11 - 2014-05-16 23:10 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{B4CF6DB2-69D5-41BE-8CC3-76BADCFE5EC7}
2014-05-16 02:22 - 2013-08-14 03:01 - 00000000 ____D () C:\windows\system32\MRT
2014-05-16 02:19 - 2011-04-20 12:48 - 01648720 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-05-16 02:19 - 2011-03-12 20:34 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-16 02:19 - 2010-09-16 03:48 - 00720242 _____ () C:\windows\system32\prfh0416.dat
2014-05-16 02:19 - 2010-09-16 03:48 - 00154918 _____ () C:\windows\system32\prfc0416.dat
2014-05-16 02:19 - 2009-07-14 02:13 - 01648720 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-14 22:24 - 2014-05-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Baixou Agora App
2014-05-14 22:22 - 2014-05-14 22:22 - 00001913 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Super Tela.lnk
2014-05-14 22:22 - 2014-05-14 22:22 - 00001907 _____ () C:\Users\Public\Desktop\Super Tela.lnk
2014-05-14 22:22 - 2014-05-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Super Tela
2014-05-14 22:20 - 2014-05-14 22:20 - 02775448 _____ () C:\Users\alexandree\Downloads\SuperTela-ptBR.exe
2014-05-14 22:19 - 2014-05-08 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTV
2014-05-14 22:19 - 2014-05-08 23:12 - 00000000 ____D () C:\Program Files (x86)\aTV
2014-05-14 22:11 - 2011-03-01 10:45 - 00090424 _____ () C:\Users\alexandree\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-14 20:26 - 2014-05-13 01:07 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-05-14 20:23 - 2014-05-14 20:23 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{0A2CB8C3-3615-4605-8715-6C4161308AFF}
2014-05-14 20:19 - 2012-06-15 22:41 - 00000398 __RSH () C:\ProgramData\ntuser.pol
2014-05-14 01:05 - 2013-03-12 23:04 - 00003840 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 01:05 - 2012-07-01 02:02 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 01:05 - 2011-05-19 00:14 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:56 - 2014-05-13 20:56 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{2C2EC8CA-9DF5-48A1-9097-CCE8F6D8758A}
2014-05-13 02:30 - 2014-05-13 02:30 - 00000000 ____D () C:\Users\alexandree\AppData\Local\TechSmith
2014-05-13 01:58 - 2014-05-13 01:58 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\TechSmith
2014-05-13 01:57 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\alexandree\Documents\Camtasia Studio
2014-05-13 01:56 - 2014-05-13 01:56 - 00001168 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-05-13 01:56 - 2014-05-13 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\ProgramData\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-13 01:46 - 2014-05-13 01:43 - 255523176 _____ () C:\Users\alexandree\Documents\653-camtasia.exe
2014-05-13 01:29 - 2012-06-03 17:42 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\vlc
2014-05-13 01:27 - 2014-05-13 01:26 - 05831316 _____ () C:\Users\alexandree\aaa.flv
2014-05-13 01:26 - 2011-03-01 10:34 - 00000000 ____D () C:\Users\alexandree
2014-05-13 01:25 - 2014-05-13 01:25 - 00000000 ____D () C:\Users\alexandree\dwhelper
2014-05-13 01:04 - 2014-05-13 01:05 - 17109800 _____ (DsNET Corp) C:\Users\alexandree\Downloads\222-aTubeCatcher.exe
2014-05-13 01:03 - 2014-05-13 01:03 - 00623504 _____ () C:\Users\alexandree\Downloads\atube-catcher-387955-32-bits.exe
2014-05-12 21:34 - 2014-05-12 21:34 - 00215907 _____ () C:\Users\alexandree\Downloads\Auditor-Fiscal_Estrategia_PontoConcurso_Curso-Completo-AuditorRF-Todos-Cargos.rar
2014-05-12 07:26 - 2014-05-25 02:22 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-25 02:22 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-25 02:22 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-12 00:42 - 2014-05-12 00:42 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{798D2E96-9D2E-4AAC-88E3-F40EC0141EA5}
2014-05-11 12:56 - 2014-05-11 12:56 - 00001730 _____ () C:\Users\alexandree\Desktop\02-05-2014.doc - Atalho.lnk
2014-05-11 12:41 - 2014-05-11 12:40 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{FD4CEB41-87DD-4C59-A5F6-EE1D5629FE04}
2014-05-11 12:35 - 2013-01-08 22:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 19:23 - 2014-05-10 19:23 - 00001186 _____ () C:\Users\alexandree\Concursos x - Atalho.lnk
2014-05-10 19:23 - 2012-06-15 23:15 - 28255232 ___SH () C:\Users\alexandree\Desktop\Thumbs.db
2014-05-10 19:20 - 2013-08-03 19:34 - 00000000 ____D () C:\Users\alexandree\Documents\k
2014-05-10 19:18 - 2014-05-10 19:18 - 00000000 ____D () C:\Users\alexandree\Documents\Concursos
2014-05-10 19:11 - 2014-05-10 19:11 - 00002025 _____ () C:\Users\alexandree\Desktop\Aula 1.3 - Questões 8 a 12. Organização administrativa.mp4 - Atalho.lnk
2014-05-10 19:11 - 2014-05-10 19:11 - 00001989 _____ () C:\Users\alexandree\Desktop\Aula 1.2 - Poderes administrativos. Questões 5 a 7.mp4 - Atalho.lnk
2014-05-10 16:50 - 2014-05-10 16:50 - 00817040 _____ () C:\Users\alexandree\Downloads\Setup(1).exe
2014-05-10 16:14 - 2014-05-10 16:14 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{151157DC-3F3D-4B92-9C25-C59CA04CAD9C}
2014-05-10 00:03 - 2014-05-10 00:02 - 00000000 ____D () C:\1ca92df86ae72faa729e15d0f5
2014-05-09 20:30 - 2014-05-09 20:30 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DFB2CD8F-E07A-4CBC-92D0-BC19CFC52192}
2014-05-08 23:12 - 2014-05-08 23:12 - 01574901 _____ () C:\Users\alexandree\Downloads\Setup%20aTV5.1.exe
2014-05-08 23:11 - 2014-05-08 23:11 - 00812432 _____ () C:\Users\alexandree\Downloads\Setup.exe
2014-05-08 23:10 - 2014-05-08 23:10 - 00686328 _____ () C:\Users\alexandree\Downloads\atv-51-gerenciador-32-bits.exe
2014-05-08 23:07 - 2014-05-08 22:51 - 00000000 ____D () C:\Program Files (x86)\Megacubo
2014-05-08 22:48 - 2014-05-08 22:48 - 00706704 _____ () C:\Users\alexandree\Downloads\megacubo_setup.exe
2014-05-08 22:42 - 2009-07-14 00:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-08 20:09 - 2014-05-08 20:08 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{962ECF2B-9F7D-4CD0-9516-408D5A1F58F0}
2014-05-07 21:38 - 2009-07-14 00:20 - 00000000 ____D () C:\windows\system32\NDF
2014-05-07 21:22 - 2014-05-07 21:22 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{B313C669-B04B-427B-9570-809BC24EBA71}
2014-05-07 21:09 - 2014-05-07 21:09 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{CDCAB545-9452-4907-9220-BC32A776F9A7}
2014-05-06 22:36 - 2014-05-06 22:36 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{3E28A9C2-566A-4CE9-97BA-2E4B9D9BF19C}
2014-05-06 22:15 - 2014-05-06 22:15 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{0D8D3498-5080-4749-9179-07BCD45DF344}
2014-05-06 21:51 - 2014-05-06 21:51 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{1583B2F4-D826-48D5-A0C6-16158466DB87}
2014-05-06 20:59 - 2014-05-06 20:59 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{5EC56719-7F71-4F48-8F81-A5AFE1387ADD}
2014-05-05 23:53 - 2014-04-27 22:04 - 00000000 ____D () C:\Users\alexandree\Desktop\concurseiro
2014-05-05 23:22 - 2014-05-05 23:22 - 00611520 _____ () C:\Users\alexandree\Documents\calculo remuneração trt.xlsx
2014-05-04 23:36 - 2014-05-04 23:35 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{50408435-EC30-4792-956C-F8F83B41AD06}
2014-05-04 02:08 - 2014-05-04 02:06 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DAAD625F-9B0E-4E50-B5E5-1806578055E6}
2014-05-03 00:21 - 2014-05-02 11:56 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6CBC469F-6CF1-46D6-A893-6DE523A7C174}
2014-05-01 13:33 - 2014-05-01 13:33 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{218464B0-F868-47FC-8619-D84C6039D88F}
2014-05-01 12:02 - 2014-05-01 12:02 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{F61DCACF-041D-4371-862F-3A79EDCBA633}
2014-04-30 21:38 - 2014-04-30 21:38 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{508F9624-9C49-4BD8-AAA5-82AB5BC0E36B}
2014-04-29 21:17 - 2014-04-29 21:17 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{9E0EBA77-9648-43EA-9C8E-909176C6A722}
2014-04-28 22:27 - 2011-10-22 13:57 - 00000000 ____D () C:\Users\alexandree\Documents\PORTO SEGURO
2014-04-28 21:15 - 2014-04-28 21:00 - 00000099 _____ () C:\Users\alexandree\Documents\pagamento não processado porto seguro.txt
2014-04-28 20:05 - 2014-04-28 20:05 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E98ABF0C-61B8-4D57-9B7D-639E0878BEB2}
2014-04-27 12:21 - 2014-04-27 12:20 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{72703B8F-BBD8-42B2-A1CF-8AED24AA1861}
2014-04-27 00:20 - 2014-04-27 00:20 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{C94C2EE3-B9B1-4510-B5B6-BAB2764FC0C6}
2014-04-26 12:19 - 2014-04-26 12:19 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{1B7DB38A-7239-4BAF-B070-A6F1486A998D}
2014-04-25 20:58 - 2014-03-26 20:27 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-04-25 20:57 - 2011-03-07 19:37 - 00000000 ____D () C:\ProgramData\GbPlugin

Files to move or delete:
====================
C:\ProgramData\FileSplitUpLoad.dll


Some content of TEMP:
====================
C:\Users\alexandree\AppData\Local\Temp\baixouagora.exe
C:\Users\alexandree\AppData\Local\Temp\bdg1E2D.exe
C:\Users\alexandree\AppData\Local\Temp\hao123br-distribution.exe
C:\Users\alexandree\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\alexandree\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\alexandree\AppData\Local\Temp\nssA6D4.tmp.exe
C:\Users\alexandree\AppData\Local\Temp\Quarantine.exe
C:\Users\alexandree\AppData\Local\Temp\SuperTela-ptBR.exe
C:\Users\alexandree\AppData\Local\Temp\TsuF6C25FA6.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-23 03:46

==================== End Of Log ============================

Power Max escreveu:em todos os itens encontrados pelo Malwarebytes está constando que você não removeu, porque você não excluiu?

Ah, este relatório foi tirado pela manha...antes da exclusão...devo passar o Malwarebytes novamente para então postar os novos relatorios?

Você usou só a verificação de ameaças, que não é tão completa. Siga as dicas abaixo para fazer a limpeza completa:

Alterando o idioma do Malwarebytes para o português:

Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na próxima tela que surge, clique em Language e selecione a opção Portugueze (Brazil):

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
___________________________________________________________________________

Como executar uma verificação personalizada com o Malwarebytes:

- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:

Verificar Objetos na Memória
Verificar as Configurações da Inicialização e do Registro
Verificar Arquivos Compactados

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).

Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.

Terminado! Esse é o novo relatório! A única ameaça (Pop-up Somoto) já foi removida...

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 25/05/2014
Hora da Verificação: 15:59:13
Logfile: rel 2.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.05.25.06
Rootkit Database: v2014.05.21.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado

OS: Windows 7
CPU: x64
Sistema de Arquivo: NTFS
Usuário: alexandree

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 512294
Tempo Decorrido: 2 hr, 45 min, 2 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 0
(No malicious items detected)

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 1
PUP.Optional.Somoto, C:\Users\alexandree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QGIC41AL\UpdateCheckerSetup[1].exe, No Action By User, [6b2f74e1a7d4f343ad45e244fb055aa6],

Physical Sectors: 0
(No malicious items detected)


(end)

Em seguida, passei novamente o FRST...eis o relatório...mandei tb em anexo...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 01
Ran by alexandree (administrator) on ALEXANDREE-PC on 25-05-2014 18:48:28
Running from C:\Users\alexandree\Downloads
Platform: Windows 7 Professional (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\CouponDownloader\CouponDownloaderService64.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] => C:\windows\system32\NvCpl.dll [16413288 2010-02-09] (NVIDIA Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1742064 2014-04-08] (Bitdefender)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-03] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [X]
Winlogon\Notify\ GbPluginBb-x32: C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-04-08] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-04-08] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-04-08] (Bitdefender)
HKU\.DEFAULT\...\Run: [Agente da Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-04-08] (Bitdefender)
HKU\.DEFAULT\...\Run: [Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-04-08] (Bitdefender)
HKU\.DEFAULT\...\Run: [Agente de Aplicativo de Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-04-08] (Bitdefender)
HKU\S-1-5-21-873655147-2502061236-4147198141-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-873655147-2502061236-4147198141-1000\...\Run: [Agente da Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-04-08] (Bitdefender)
HKU\S-1-5-21-873655147-2502061236-4147198141-1000\...\Run: [Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-04-08] (Bitdefender)
HKU\S-1-5-21-873655147-2502061236-4147198141-1000\...\Run: [Agente de Aplicativo de Carteira Bitdefender] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-04-08] (Bitdefender)
HKU\S-1-5-21-873655147-2502061236-4147198141-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {23638960-AFE1-4BA6-85C1-4EDB969F961C} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {4F275F1D-F12B-41BC-BDDB-FD9F11481537} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {4FA95BD0-43F0-4F99-88D0-7942C23A1831} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Carteira Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Carteira Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1582632 2014-02-21] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default
FF SearchEngineOrder.user_pref("browser.search.order.1S", "");: user_pref("browser.search.order.1S", "");
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: gastecnologia.com.br/sf/bb - C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ []
FF HKLM-x32\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-12-21]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-05-19]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: search.certified-toolbar.com
CHR DefaultSearchProvider: Web Search
CHR DefaultSearchURL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17]
CHR Extension: (Google Drive) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-17]
CHR Extension: (YouTube) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-17]
CHR Extension: (Bitdefender Wallet) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-05-17]
CHR Extension: (Pesquisa do Google) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17]
CHR Extension: (No Name) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpaeeflekdffkcflihellcgkhgbjgibl [2014-05-17]
CHR Extension: (No Name) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje [2014-05-17]
CHR Extension: (Skype Click to Call) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-17]
CHR Extension: (Google Wallet) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh [2014-05-17]
CHR Extension: (Gmail) - C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-17]
CHR HKCU\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2013-06-21]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2013-12-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
R2 CouponDownloaderService64; c:\Program Files\CouponDownloader\CouponDownloaderService64.exe [172544 2014-05-01] ()
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [167632 2012-08-27] (F-Secure Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720 2014-02-21] (GAS Tecnologia)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-04-03] (McAfee, Inc.)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1523728 2014-04-08] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-02-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-02-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-12-04] (Kaspersky Lab ZAO)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [40464 2009-10-14] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27152 2009-09-14] (Kaspersky Lab)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [772944 2013-04-03] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 avfwim; system32\DRIVERS\avfwim.sys [X]
S1 badriver; system32\drivers\badriver.sys [X]
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [X]
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-25 18:44 - 2014-05-25 18:44 - 00001317 _____ () C:\Users\alexandree\Desktop\rel 2.txt
2014-05-25 15:36 - 2014-05-25 15:36 - 00055698 _____ () C:\Users\alexandree\Desktop\FRST.txt
2014-05-25 15:29 - 2014-05-25 15:29 - 00048814 _____ () C:\Users\alexandree\Desktop\relatorio.txt
2014-05-25 15:18 - 2014-05-25 15:19 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{C703EBE4-19B7-4C51-A5A2-2D37CA3E8002}
2014-05-25 15:17 - 2014-05-25 15:18 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{EC855D40-82A2-483C-953A-8B1984546D64}
2014-05-25 14:50 - 2014-05-25 14:50 - 00001518 _____ () C:\Users\alexandree\Desktop\fixlist.txt - Atalho.lnk
2014-05-25 14:41 - 2014-05-25 14:42 - 00038736 _____ () C:\Users\alexandree\Downloads\Addition.txt
2014-05-25 14:38 - 2014-05-25 18:48 - 00023791 _____ () C:\Users\alexandree\Downloads\FRST.txt
2014-05-25 14:37 - 2014-05-25 18:48 - 00000000 ____D () C:\FRST
2014-05-25 14:37 - 2014-05-25 14:37 - 02066944 _____ (Farbar) C:\Users\alexandree\Downloads\FRST64.exe
2014-05-25 14:31 - 2014-05-25 14:31 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6CE5DFF4-BD05-431E-9CAE-F48B0DD4FE8A}
2014-05-25 14:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-25 14:25 - 2014-05-25 14:27 - 00000000 ____D () C:\AdwCleaner
2014-05-25 14:22 - 2014-05-25 14:22 - 01326389 _____ () C:\Users\alexandree\Downloads\adwcleaner-3-210-en [1].exe
2014-05-25 14:22 - 2014-05-25 14:22 - 00683008 _____ ( ) C:\Users\alexandree\Downloads\adwcleaner-3-210-en.exe
2014-05-25 12:10 - 2014-05-25 12:10 - 00000000 ____D () C:\windows\system32\SPReview
2014-05-25 02:23 - 2014-05-25 15:39 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 02:22 - 2014-05-25 02:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 02:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-25 02:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-25 02:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-25 02:20 - 2014-05-25 02:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexandree\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 02:14 - 2014-05-25 02:15 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E76B7B17-458C-46E4-A345-9971BB5E4985}
2014-05-24 17:14 - 2014-05-24 17:14 - 08794112 _____ () C:\Users\alexandree\Downloads\Pretex_Gestão_de_Processos.indd
2014-05-24 17:14 - 2014-05-24 17:14 - 07217152 _____ () C:\Users\alexandree\Downloads\Postex_Gestão_de_Processos.indd
2014-05-24 17:14 - 2014-05-24 17:14 - 00077824 _____ () C:\Users\alexandree\Downloads\Ebook_Gestão_de_Processos.indb
2014-05-24 17:13 - 2014-05-24 17:13 - 18423808 _____ () C:\Users\alexandree\Downloads\Cap7_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 11419648 _____ () C:\Users\alexandree\Downloads\Cap5_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 10870784 _____ () C:\Users\alexandree\Downloads\Cap4_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 09170944 _____ () C:\Users\alexandree\Downloads\Cap6_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 06238208 _____ () C:\Users\alexandree\Downloads\Cap8_Gestão_de_Processos.indd
2014-05-24 17:12 - 2014-05-24 17:12 - 06533120 _____ () C:\Users\alexandree\Downloads\Cap2_Gestão_de_Processos.indd
2014-05-24 17:12 - 2014-05-24 17:12 - 06164480 _____ () C:\Users\alexandree\Downloads\Cap1_Gestão_de_Processos(1).indd
2014-05-24 17:12 - 2014-05-24 17:12 - 05394432 _____ () C:\Users\alexandree\Downloads\Cap3_Gestão_de_Processos.indd
2014-05-24 17:11 - 2014-05-24 17:11 - 06164480 _____ () C:\Users\alexandree\Downloads\Cap1_Gestão_de_Processos.indd
2014-05-24 12:31 - 2014-05-24 12:32 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DA4EC987-BD3F-4505-9D80-E95909532844}
2014-05-23 23:58 - 2014-05-23 23:58 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E36A888F-0CC5-4D1E-A837-F2129E2C095E}
2014-05-22 22:09 - 2014-05-22 22:10 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DED08E45-7BF6-41BC-A213-D471173D1287}
2014-05-21 11:46 - 2014-05-21 11:46 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6A642D44-37B9-4397-B2AE-EDC1E7580A0D}
2014-05-20 23:45 - 2014-05-20 23:45 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{70586B6D-D993-461A-B59B-D232D337C83D}
2014-05-19 20:06 - 2014-05-19 20:06 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{8D3C9C10-BA32-47D3-A057-153D83BDEC4E}
2014-05-18 12:16 - 2014-05-18 12:16 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{690AFFCC-5140-4A08-83D8-700C7D3D2295}
2014-05-17 18:19 - 2014-05-17 18:19 - 00918672 _____ (Google Inc.) C:\Users\alexandree\Downloads\ChromeSetup(2).exe
2014-05-17 17:13 - 2014-05-25 18:48 - 00000000 ____D () C:\Program Files\CouponDownloader
2014-05-17 17:13 - 2014-05-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Coupon Downloader
2014-05-17 11:11 - 2014-05-17 11:11 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{907760AC-D003-4F24-9FE0-949FA4BA0607}
2014-05-16 23:10 - 2014-05-16 23:11 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{B4CF6DB2-69D5-41BE-8CC3-76BADCFE5EC7}
2014-05-14 22:22 - 2014-05-14 22:24 - 00000000 ____D () C:\Program Files (x86)\Baixou Agora App
2014-05-14 22:22 - 2014-05-14 22:22 - 00001913 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Super Tela.lnk
2014-05-14 22:22 - 2014-05-14 22:22 - 00001907 _____ () C:\Users\Public\Desktop\Super Tela.lnk
2014-05-14 22:22 - 2014-05-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Super Tela
2014-05-14 22:20 - 2014-05-14 22:20 - 02775448 _____ () C:\Users\alexandree\Downloads\SuperTela-ptBR.exe
2014-05-14 20:23 - 2014-05-14 20:23 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{0A2CB8C3-3615-4605-8715-6C4161308AFF}
2014-05-13 20:56 - 2014-05-13 20:56 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{2C2EC8CA-9DF5-48A1-9097-CCE8F6D8758A}
2014-05-13 02:30 - 2014-05-13 02:30 - 00000000 ____D () C:\Users\alexandree\AppData\Local\TechSmith
2014-05-13 02:10 - 2014-05-24 02:06 - 00006656 _____ () C:\Users\alexandree\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-13 01:58 - 2014-05-13 01:58 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\TechSmith
2014-05-13 01:57 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\alexandree\Documents\Camtasia Studio
2014-05-13 01:56 - 2014-05-13 01:56 - 00001168 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-05-13 01:56 - 2014-05-13 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\ProgramData\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-13 01:43 - 2014-05-13 01:46 - 255523176 _____ () C:\Users\alexandree\Documents\653-camtasia.exe
2014-05-13 01:40 - 2014-05-24 16:26 - 00509328 _____ (A-installer) C:\Users\alexandree\Downloads\Camtasia%20Studio.exe
2014-05-13 01:26 - 2014-05-13 01:27 - 05831316 _____ () C:\Users\alexandree\aaa.flv
2014-05-13 01:25 - 2014-05-13 01:25 - 00000000 ____D () C:\Users\alexandree\dwhelper
2014-05-13 01:07 - 2014-05-14 20:26 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-05-13 01:05 - 2014-05-13 01:04 - 17109800 _____ (DsNET Corp) C:\Users\alexandree\Downloads\222-aTubeCatcher.exe
2014-05-13 01:03 - 2014-05-13 01:03 - 00623504 _____ () C:\Users\alexandree\Downloads\atube-catcher-387955-32-bits.exe
2014-05-12 21:34 - 2014-05-12 21:34 - 00215907 _____ () C:\Users\alexandree\Downloads\Auditor-Fiscal_Estrategia_PontoConcurso_Curso-Completo-AuditorRF-Todos-Cargos.rar
2014-05-12 00:42 - 2014-05-12 00:42 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{798D2E96-9D2E-4AAC-88E3-F40EC0141EA5}
2014-05-11 12:56 - 2014-05-11 12:56 - 00001730 _____ () C:\Users\alexandree\Desktop\02-05-2014.doc - Atalho.lnk
2014-05-11 12:40 - 2014-05-11 12:41 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{FD4CEB41-87DD-4C59-A5F6-EE1D5629FE04}
2014-05-11 00:56 - 2014-05-24 14:27 - 00000775 _____ () C:\Users\alexandree\Documents\mega.txt
2014-05-10 19:23 - 2014-05-10 19:23 - 00001186 _____ () C:\Users\alexandree\Concursos x - Atalho.lnk
2014-05-10 19:18 - 2014-05-10 19:18 - 00000000 ____D () C:\Users\alexandree\Documents\Concursos
2014-05-10 19:11 - 2014-05-10 19:11 - 00002025 _____ () C:\Users\alexandree\Desktop\Aula 1.3 - Questões 8 a 12. Organização administrativa.mp4 - Atalho.lnk
2014-05-10 19:11 - 2014-05-10 19:11 - 00001989 _____ () C:\Users\alexandree\Desktop\Aula 1.2 - Poderes administrativos. Questões 5 a 7.mp4 - Atalho.lnk
2014-05-10 16:50 - 2014-05-10 16:50 - 00817040 _____ () C:\Users\alexandree\Downloads\Setup(1).exe
2014-05-10 16:14 - 2014-05-10 16:14 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{151157DC-3F3D-4B92-9C25-C59CA04CAD9C}
2014-05-10 00:02 - 2014-05-10 00:03 - 00000000 ____D () C:\1ca92df86ae72faa729e15d0f5
2014-05-09 22:12 - 2014-05-25 14:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 20:30 - 2014-05-09 20:30 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DFB2CD8F-E07A-4CBC-92D0-BC19CFC52192}
2014-05-08 23:12 - 2014-05-14 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTV
2014-05-08 23:12 - 2014-05-14 22:19 - 00000000 ____D () C:\Program Files (x86)\aTV
2014-05-08 23:12 - 2014-05-08 23:12 - 01574901 _____ () C:\Users\alexandree\Downloads\Setup%20aTV5.1.exe
2014-05-08 23:11 - 2014-05-08 23:11 - 00812432 _____ () C:\Users\alexandree\Downloads\Setup.exe
2014-05-08 23:10 - 2014-05-08 23:10 - 00686328 _____ () C:\Users\alexandree\Downloads\atv-51-gerenciador-32-bits.exe
2014-05-08 22:51 - 2014-05-08 23:07 - 00000000 ____D () C:\Program Files (x86)\Megacubo
2014-05-08 22:50 - 2014-05-23 00:41 - 00000000 ____D () C:\Program Files\004
2014-05-08 22:48 - 2014-05-08 22:48 - 00706704 _____ () C:\Users\alexandree\Downloads\megacubo_setup.exe
2014-05-08 20:08 - 2014-05-08 20:09 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{962ECF2B-9F7D-4CD0-9516-408D5A1F58F0}
2014-05-07 21:22 - 2014-05-07 21:22 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{B313C669-B04B-427B-9570-809BC24EBA71}
2014-05-07 21:09 - 2014-05-07 21:09 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{CDCAB545-9452-4907-9220-BC32A776F9A7}
2014-05-06 22:36 - 2014-05-06 22:36 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{3E28A9C2-566A-4CE9-97BA-2E4B9D9BF19C}
2014-05-06 22:15 - 2014-05-06 22:15 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{0D8D3498-5080-4749-9179-07BCD45DF344}
2014-05-06 21:51 - 2014-05-06 21:51 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{1583B2F4-D826-48D5-A0C6-16158466DB87}
2014-05-06 20:59 - 2014-05-06 20:59 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{5EC56719-7F71-4F48-8F81-A5AFE1387ADD}
2014-05-05 23:22 - 2014-05-05 23:22 - 00611520 _____ () C:\Users\alexandree\Documents\calculo remuneração trt.xlsx
2014-05-04 23:35 - 2014-05-04 23:36 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{50408435-EC30-4792-956C-F8F83B41AD06}
2014-05-04 02:06 - 2014-05-04 02:08 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DAAD625F-9B0E-4E50-B5E5-1806578055E6}
2014-05-02 11:56 - 2014-05-03 00:21 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6CBC469F-6CF1-46D6-A893-6DE523A7C174}
2014-05-01 13:33 - 2014-05-01 13:33 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{218464B0-F868-47FC-8619-D84C6039D88F}
2014-05-01 12:02 - 2014-05-01 12:02 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{F61DCACF-041D-4371-862F-3A79EDCBA633}
2014-04-30 21:38 - 2014-04-30 21:38 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{508F9624-9C49-4BD8-AAA5-82AB5BC0E36B}
2014-04-29 21:17 - 2014-04-29 21:17 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{9E0EBA77-9648-43EA-9C8E-909176C6A722}
2014-04-28 21:00 - 2014-04-28 21:15 - 00000099 _____ () C:\Users\alexandree\Documents\pagamento não processado porto seguro.txt
2014-04-28 20:05 - 2014-04-28 20:05 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E98ABF0C-61B8-4D57-9B7D-639E0878BEB2}
2014-04-27 22:04 - 2014-05-05 23:53 - 00000000 ____D () C:\Users\alexandree\Desktop\concurseiro
2014-04-27 12:20 - 2014-04-27 12:21 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{72703B8F-BBD8-42B2-A1CF-8AED24AA1861}
2014-04-27 00:20 - 2014-04-27 00:20 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{C94C2EE3-B9B1-4510-B5B6-BAB2764FC0C6}
2014-04-26 12:19 - 2014-04-26 12:19 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{1B7DB38A-7239-4BAF-B070-A6F1486A998D}

==================== One Month Modified Files and Folders =======

2014-05-25 18:48 - 2014-05-25 14:38 - 00023791 _____ () C:\Users\alexandree\Downloads\FRST.txt
2014-05-25 18:48 - 2014-05-25 14:37 - 00000000 ____D () C:\FRST
2014-05-25 18:48 - 2014-05-17 17:13 - 00000000 ____D () C:\Program Files\CouponDownloader
2014-05-25 18:44 - 2014-05-25 18:44 - 00001317 _____ () C:\Users\alexandree\Desktop\rel 2.txt
2014-05-25 18:05 - 2013-03-12 23:04 - 00000902 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-25 17:01 - 2011-03-02 02:00 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\Skype
2014-05-25 16:12 - 2010-09-16 03:06 - 01496590 _____ () C:\windows\WindowsUpdate.log
2014-05-25 15:39 - 2014-05-25 02:23 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 15:36 - 2014-05-25 15:36 - 00055698 _____ () C:\Users\alexandree\Desktop\FRST.txt
2014-05-25 15:29 - 2014-05-25 15:29 - 00048814 _____ () C:\Users\alexandree\Desktop\relatorio.txt
2014-05-25 15:24 - 2009-07-14 01:45 - 00014160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 15:24 - 2009-07-14 01:45 - 00014160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 15:19 - 2014-05-25 15:18 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{C703EBE4-19B7-4C51-A5A2-2D37CA3E8002}
2014-05-25 15:19 - 2011-04-16 18:07 - 00000000 ____D () C:\Users\alexandree\AppData\Local\CrashDumps
2014-05-25 15:18 - 2014-05-25 15:17 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{EC855D40-82A2-483C-953A-8B1984546D64}
2014-05-25 15:18 - 2011-03-02 02:25 - 00000000 ____D () C:\Users\alexandree\Tracing
2014-05-25 15:17 - 2011-03-01 10:34 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-05-25 15:14 - 2009-07-14 02:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-25 15:14 - 2009-07-14 01:51 - 00184651 _____ () C:\windows\setupact.log
2014-05-25 14:50 - 2014-05-25 14:50 - 00001518 _____ () C:\Users\alexandree\Desktop\fixlist.txt - Atalho.lnk
2014-05-25 14:42 - 2014-05-25 14:41 - 00038736 _____ () C:\Users\alexandree\Downloads\Addition.txt
2014-05-25 14:37 - 2014-05-25 14:37 - 02066944 _____ (Farbar) C:\Users\alexandree\Downloads\FRST64.exe
2014-05-25 14:31 - 2014-05-25 14:31 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6CE5DFF4-BD05-431E-9CAE-F48B0DD4FE8A}
2014-05-25 14:28 - 2010-09-15 12:21 - 05875714 _____ () C:\windows\PFRO.log
2014-05-25 14:27 - 2014-05-25 14:25 - 00000000 ____D () C:\AdwCleaner
2014-05-25 14:27 - 2014-05-09 22:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-25 14:22 - 2014-05-25 14:22 - 01326389 _____ () C:\Users\alexandree\Downloads\adwcleaner-3-210-en [1].exe
2014-05-25 14:22 - 2014-05-25 14:22 - 00683008 _____ ( ) C:\Users\alexandree\Downloads\adwcleaner-3-210-en.exe
2014-05-25 12:10 - 2014-05-25 12:10 - 00000000 ____D () C:\windows\system32\SPReview
2014-05-25 02:22 - 2014-05-25 02:22 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 02:22 - 2014-05-25 02:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 02:21 - 2014-05-25 02:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexandree\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 02:15 - 2014-05-25 02:14 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E76B7B17-458C-46E4-A345-9971BB5E4985}
2014-05-25 02:07 - 2011-04-20 12:49 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\SoftGrid Client
2014-05-24 17:45 - 2012-02-04 21:07 - 28582912 ___SH () C:\Users\alexandree\Downloads\Thumbs.db
2014-05-24 17:14 - 2014-05-24 17:14 - 08794112 _____ () C:\Users\alexandree\Downloads\Pretex_Gestão_de_Processos.indd
2014-05-24 17:14 - 2014-05-24 17:14 - 07217152 _____ () C:\Users\alexandree\Downloads\Postex_Gestão_de_Processos.indd
2014-05-24 17:14 - 2014-05-24 17:14 - 00077824 _____ () C:\Users\alexandree\Downloads\Ebook_Gestão_de_Processos.indb
2014-05-24 17:13 - 2014-05-24 17:13 - 18423808 _____ () C:\Users\alexandree\Downloads\Cap7_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 11419648 _____ () C:\Users\alexandree\Downloads\Cap5_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 10870784 _____ () C:\Users\alexandree\Downloads\Cap4_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 09170944 _____ () C:\Users\alexandree\Downloads\Cap6_Gestão_de_Processos.indd
2014-05-24 17:13 - 2014-05-24 17:13 - 06238208 _____ () C:\Users\alexandree\Downloads\Cap8_Gestão_de_Processos.indd
2014-05-24 17:12 - 2014-05-24 17:12 - 06533120 _____ () C:\Users\alexandree\Downloads\Cap2_Gestão_de_Processos.indd
2014-05-24 17:12 - 2014-05-24 17:12 - 06164480 _____ () C:\Users\alexandree\Downloads\Cap1_Gestão_de_Processos(1).indd
2014-05-24 17:12 - 2014-05-24 17:12 - 05394432 _____ () C:\Users\alexandree\Downloads\Cap3_Gestão_de_Processos.indd
2014-05-24 17:11 - 2014-05-24 17:11 - 06164480 _____ () C:\Users\alexandree\Downloads\Cap1_Gestão_de_Processos.indd
2014-05-24 16:26 - 2014-05-13 01:40 - 00509328 _____ (A-installer) C:\Users\alexandree\Downloads\Camtasia%20Studio.exe
2014-05-24 14:27 - 2014-05-11 00:56 - 00000775 _____ () C:\Users\alexandree\Documents\mega.txt
2014-05-24 12:32 - 2014-05-24 12:31 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DA4EC987-BD3F-4505-9D80-E95909532844}
2014-05-24 02:06 - 2014-05-13 02:10 - 00006656 _____ () C:\Users\alexandree\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-24 00:00 - 2013-06-21 22:25 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-05-23 23:58 - 2014-05-23 23:58 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E36A888F-0CC5-4D1E-A837-F2129E2C095E}
2014-05-23 01:38 - 2012-09-25 21:42 - 00000463 _____ () C:\windows\system32\checkdnsid.xml
2014-05-23 00:41 - 2014-05-08 22:50 - 00000000 ____D () C:\Program Files\004
2014-05-22 22:10 - 2014-05-22 22:09 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DED08E45-7BF6-41BC-A213-D471173D1287}
2014-05-21 22:21 - 2011-03-02 02:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-21 22:21 - 2011-03-02 02:00 - 00000000 ____D () C:\ProgramData\Skype
2014-05-21 11:46 - 2014-05-21 11:46 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6A642D44-37B9-4397-B2AE-EDC1E7580A0D}
2014-05-20 23:45 - 2014-05-20 23:45 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{70586B6D-D993-461A-B59B-D232D337C83D}
2014-05-19 20:06 - 2014-05-19 20:06 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{8D3C9C10-BA32-47D3-A057-153D83BDEC4E}
2014-05-18 12:16 - 2014-05-18 12:16 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{690AFFCC-5140-4A08-83D8-700C7D3D2295}
2014-05-17 18:28 - 2013-03-29 23:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-17 18:19 - 2014-05-17 18:19 - 00918672 _____ (Google Inc.) C:\Users\alexandree\Downloads\ChromeSetup(2).exe
2014-05-17 17:13 - 2014-05-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Coupon Downloader
2014-05-17 11:11 - 2014-05-17 11:11 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{907760AC-D003-4F24-9FE0-949FA4BA0607}
2014-05-16 23:11 - 2014-05-16 23:10 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{B4CF6DB2-69D5-41BE-8CC3-76BADCFE5EC7}
2014-05-16 02:22 - 2013-08-14 03:01 - 00000000 ____D () C:\windows\system32\MRT
2014-05-16 02:19 - 2011-04-20 12:48 - 01648720 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-05-16 02:19 - 2011-03-12 20:34 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-16 02:19 - 2010-09-16 03:48 - 00720242 _____ () C:\windows\system32\prfh0416.dat
2014-05-16 02:19 - 2010-09-16 03:48 - 00154918 _____ () C:\windows\system32\prfc0416.dat
2014-05-16 02:19 - 2009-07-14 02:13 - 01648720 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-14 22:24 - 2014-05-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Baixou Agora App
2014-05-14 22:22 - 2014-05-14 22:22 - 00001913 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Super Tela.lnk
2014-05-14 22:22 - 2014-05-14 22:22 - 00001907 _____ () C:\Users\Public\Desktop\Super Tela.lnk
2014-05-14 22:22 - 2014-05-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Super Tela
2014-05-14 22:20 - 2014-05-14 22:20 - 02775448 _____ () C:\Users\alexandree\Downloads\SuperTela-ptBR.exe
2014-05-14 22:19 - 2014-05-08 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTV
2014-05-14 22:19 - 2014-05-08 23:12 - 00000000 ____D () C:\Program Files (x86)\aTV
2014-05-14 22:11 - 2011-03-01 10:45 - 00090424 _____ () C:\Users\alexandree\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-14 20:26 - 2014-05-13 01:07 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-05-14 20:23 - 2014-05-14 20:23 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{0A2CB8C3-3615-4605-8715-6C4161308AFF}
2014-05-14 20:19 - 2012-06-15 22:41 - 00000398 __RSH () C:\ProgramData\ntuser.pol
2014-05-14 01:05 - 2013-03-12 23:04 - 00003840 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 01:05 - 2012-07-01 02:02 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 01:05 - 2011-05-19 00:14 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:56 - 2014-05-13 20:56 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{2C2EC8CA-9DF5-48A1-9097-CCE8F6D8758A}
2014-05-13 02:30 - 2014-05-13 02:30 - 00000000 ____D () C:\Users\alexandree\AppData\Local\TechSmith
2014-05-13 01:58 - 2014-05-13 01:58 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\TechSmith
2014-05-13 01:57 - 2014-05-13 01:57 - 00000000 ____D () C:\Users\alexandree\Documents\Camtasia Studio
2014-05-13 01:56 - 2014-05-13 01:56 - 00001168 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-05-13 01:56 - 2014-05-13 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\ProgramData\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-13 01:55 - 2014-05-13 01:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-13 01:46 - 2014-05-13 01:43 - 255523176 _____ () C:\Users\alexandree\Documents\653-camtasia.exe
2014-05-13 01:29 - 2012-06-03 17:42 - 00000000 ____D () C:\Users\alexandree\AppData\Roaming\vlc
2014-05-13 01:27 - 2014-05-13 01:26 - 05831316 _____ () C:\Users\alexandree\aaa.flv
2014-05-13 01:26 - 2011-03-01 10:34 - 00000000 ____D () C:\Users\alexandree
2014-05-13 01:25 - 2014-05-13 01:25 - 00000000 ____D () C:\Users\alexandree\dwhelper
2014-05-13 01:04 - 2014-05-13 01:05 - 17109800 _____ (DsNET Corp) C:\Users\alexandree\Downloads\222-aTubeCatcher.exe
2014-05-13 01:03 - 2014-05-13 01:03 - 00623504 _____ () C:\Users\alexandree\Downloads\atube-catcher-387955-32-bits.exe
2014-05-12 21:34 - 2014-05-12 21:34 - 00215907 _____ () C:\Users\alexandree\Downloads\Auditor-Fiscal_Estrategia_PontoConcurso_Curso-Completo-AuditorRF-Todos-Cargos.rar
2014-05-12 07:26 - 2014-05-25 02:22 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-25 02:22 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-25 02:22 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-12 00:42 - 2014-05-12 00:42 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{798D2E96-9D2E-4AAC-88E3-F40EC0141EA5}
2014-05-11 12:56 - 2014-05-11 12:56 - 00001730 _____ () C:\Users\alexandree\Desktop\02-05-2014.doc - Atalho.lnk
2014-05-11 12:41 - 2014-05-11 12:40 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{FD4CEB41-87DD-4C59-A5F6-EE1D5629FE04}
2014-05-11 12:35 - 2013-01-08 22:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 19:23 - 2014-05-10 19:23 - 00001186 _____ () C:\Users\alexandree\Concursos x - Atalho.lnk
2014-05-10 19:23 - 2012-06-15 23:15 - 28255232 ___SH () C:\Users\alexandree\Desktop\Thumbs.db
2014-05-10 19:20 - 2013-08-03 19:34 - 00000000 ____D () C:\Users\alexandree\Documents\k
2014-05-10 19:18 - 2014-05-10 19:18 - 00000000 ____D () C:\Users\alexandree\Documents\Concursos
2014-05-10 19:11 - 2014-05-10 19:11 - 00002025 _____ () C:\Users\alexandree\Desktop\Aula 1.3 - Questões 8 a 12. Organização administrativa.mp4 - Atalho.lnk
2014-05-10 19:11 - 2014-05-10 19:11 - 00001989 _____ () C:\Users\alexandree\Desktop\Aula 1.2 - Poderes administrativos. Questões 5 a 7.mp4 - Atalho.lnk
2014-05-10 16:50 - 2014-05-10 16:50 - 00817040 _____ () C:\Users\alexandree\Downloads\Setup(1).exe
2014-05-10 16:14 - 2014-05-10 16:14 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{151157DC-3F3D-4B92-9C25-C59CA04CAD9C}
2014-05-10 00:03 - 2014-05-10 00:02 - 00000000 ____D () C:\1ca92df86ae72faa729e15d0f5
2014-05-09 20:30 - 2014-05-09 20:30 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DFB2CD8F-E07A-4CBC-92D0-BC19CFC52192}
2014-05-08 23:12 - 2014-05-08 23:12 - 01574901 _____ () C:\Users\alexandree\Downloads\Setup%20aTV5.1.exe
2014-05-08 23:11 - 2014-05-08 23:11 - 00812432 _____ () C:\Users\alexandree\Downloads\Setup.exe
2014-05-08 23:10 - 2014-05-08 23:10 - 00686328 _____ () C:\Users\alexandree\Downloads\atv-51-gerenciador-32-bits.exe
2014-05-08 23:07 - 2014-05-08 22:51 - 00000000 ____D () C:\Program Files (x86)\Megacubo
2014-05-08 22:48 - 2014-05-08 22:48 - 00706704 _____ () C:\Users\alexandree\Downloads\megacubo_setup.exe
2014-05-08 22:42 - 2009-07-14 00:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-08 20:09 - 2014-05-08 20:08 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{962ECF2B-9F7D-4CD0-9516-408D5A1F58F0}
2014-05-07 21:38 - 2009-07-14 00:20 - 00000000 ____D () C:\windows\system32\NDF
2014-05-07 21:22 - 2014-05-07 21:22 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{B313C669-B04B-427B-9570-809BC24EBA71}
2014-05-07 21:09 - 2014-05-07 21:09 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{CDCAB545-9452-4907-9220-BC32A776F9A7}
2014-05-06 22:36 - 2014-05-06 22:36 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{3E28A9C2-566A-4CE9-97BA-2E4B9D9BF19C}
2014-05-06 22:15 - 2014-05-06 22:15 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{0D8D3498-5080-4749-9179-07BCD45DF344}
2014-05-06 21:51 - 2014-05-06 21:51 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{1583B2F4-D826-48D5-A0C6-16158466DB87}
2014-05-06 20:59 - 2014-05-06 20:59 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{5EC56719-7F71-4F48-8F81-A5AFE1387ADD}
2014-05-05 23:53 - 2014-04-27 22:04 - 00000000 ____D () C:\Users\alexandree\Desktop\concurseiro
2014-05-05 23:22 - 2014-05-05 23:22 - 00611520 _____ () C:\Users\alexandree\Documents\calculo remuneração trt.xlsx
2014-05-04 23:36 - 2014-05-04 23:35 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{50408435-EC30-4792-956C-F8F83B41AD06}
2014-05-04 02:08 - 2014-05-04 02:06 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{DAAD625F-9B0E-4E50-B5E5-1806578055E6}
2014-05-03 00:21 - 2014-05-02 11:56 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{6CBC469F-6CF1-46D6-A893-6DE523A7C174}
2014-05-01 13:33 - 2014-05-01 13:33 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{218464B0-F868-47FC-8619-D84C6039D88F}
2014-05-01 12:02 - 2014-05-01 12:02 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{F61DCACF-041D-4371-862F-3A79EDCBA633}
2014-04-30 21:38 - 2014-04-30 21:38 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{508F9624-9C49-4BD8-AAA5-82AB5BC0E36B}
2014-04-29 21:17 - 2014-04-29 21:17 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{9E0EBA77-9648-43EA-9C8E-909176C6A722}
2014-04-28 22:27 - 2011-10-22 13:57 - 00000000 ____D () C:\Users\alexandree\Documents\PORTO SEGURO
2014-04-28 21:15 - 2014-04-28 21:00 - 00000099 _____ () C:\Users\alexandree\Documents\pagamento não processado porto seguro.txt
2014-04-28 20:05 - 2014-04-28 20:05 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{E98ABF0C-61B8-4D57-9B7D-639E0878BEB2}
2014-04-27 12:21 - 2014-04-27 12:20 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{72703B8F-BBD8-42B2-A1CF-8AED24AA1861}
2014-04-27 00:20 - 2014-04-27 00:20 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{C94C2EE3-B9B1-4510-B5B6-BAB2764FC0C6}
2014-04-26 12:19 - 2014-04-26 12:19 - 00000000 ____D () C:\Users\alexandree\AppData\Local\{1B7DB38A-7239-4BAF-B070-A6F1486A998D}
2014-04-25 20:58 - 2014-03-26 20:27 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-04-25 20:57 - 2011-03-07 19:37 - 00000000 ____D () C:\ProgramData\GbPlugin

Files to move or delete:
====================
C:\ProgramData\FileSplitUpLoad.dll


Some content of TEMP:
====================
C:\Users\alexandree\AppData\Local\Temp\baixouagora.exe
C:\Users\alexandree\AppData\Local\Temp\bdg1E2D.exe
C:\Users\alexandree\AppData\Local\Temp\hao123br-distribution.exe
C:\Users\alexandree\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\alexandree\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\alexandree\AppData\Local\Temp\nssA6D4.tmp.exe
C:\Users\alexandree\AppData\Local\Temp\Quarantine.exe
C:\Users\alexandree\AppData\Local\Temp\SuperTela-ptBR.exe
C:\Users\alexandree\AppData\Local\Temp\TsuF6C25FA6.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-23 03:46

==================== End Of Log ============================

Bom...depois de td isso, continuo com algumas palavras em azul, espalhadas pelos textos da web...o srv que se abre a cada clique, deve estar ainda por aqui...o que eu devo fazer agora?

Seu relatório está em análise.

Peço que aguarde os próximos procedimentos.

Olá psicostasia. Você chegou a usar o programa AdwCleaner? Se tiver usado, poste o relatório dele também para análise.

Passei o Adw Cleaner pela manhã, mas não estou achando nem o relatório, nem o programa..vou baixar d novo, passá-lo no PC e, em seguida, posto o relatório...

Caso seja útil: passei o Bitdefender no PC...eis o relatório...




statisticsRefreshInterval="1000"
scanSpeed="1.000000"
lowPriority="0"
enableExclusions="1"
enableTaskExclusions="0"
scanAdware="1"
scanSpyware="1"
scanApplications="1"
scanDialers="1"
scanKeyloggers="1"
scanFiles="1"
scanAllFiles="1"
scanProgramsOnly="0"
useCustomPrograms="0"
customPrograms=""
scanUserDefined="0"
scanPacked="1"
scanArchives="1"
useSmartScan="1"
scanEmails="1"
scanRootkits="0"
scanAllRootkits="1"
scanBoot="1"
scanMemory="1"
scanRegistry="1"
quickScan="1"
quickScanMemory="0"
quickScanAutoruns="0"
quickScanPlugins="1"
scanCookies="1"
shutdownAfter="0"
passwordPrompt="0"
onlyAllowedActions="1"
deepArchiveScan="1"
maxArchiveLevel="15"
maxArchiveSize="0"
infectedAction1="3"
infectedAction2="7"
suspectAction1="7"
suspectAction2="1"
rootkitAction="3"
userDefinedExtensions=""
>


C:\
D:\
Q:\










totalSignatures="11823968"
/>

scannedArchives="32"
scannedPacked="42"
startTime="1401055369"
duration="2295212"
>

scanned="31"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

scanned="546"
infected="8"
suspicious="0"
disinfected="0"
deleted="8"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

scanned="577805"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

scanned="0"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

scanned="4342"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

scanned="1750"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

scanned="97"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>























skipped="474004"
ioerrors="7"
archiveBombs="0"
passwordProtected="205"
>

O relatório do Adwcleaner fica neste local: C:\AdwCleaner\AdwCleaner[S0].txt

Eis o relatório do ADw Cleaner...aparentemente, a página "srv123" nao está mais abrindo a cada clique...entretanto, os textos das paginas da web continuam com algumas palavras em azul, sugerindo links a abrindo pop-ups qdo eu passo o mouse sobre essas palavras...

# AdwCleaner v3.210 - Relatório criado 25/05/2014 às 20:03:28
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional (64 bits)
# Usuário : alexandree - ALEXANDREE-PC
# Executando de : C:\Users\alexandree\Downloads\adwcleaner_3.210.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js ]


-\\ Google Chrome v

[ Arquivo : C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [22158 octets] - [25/05/2014 14:25:19]
AdwCleaner[R1].txt - [1177 octets] - [25/05/2014 20:01:00]
AdwCleaner[S0].txt - [18977 octets] - [25/05/2014 14:27:14]
AdwCleaner[S1].txt - [1094 octets] - [25/05/2014 20:03:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1154 octets] ##########

só pra ter uma ideia, tem um pop-up chamado Coupon Downloader que persiste no rodapé da página do uol...já nos outros sites, o q eu vejo são algumas palavras sublinhadas e em cor azul, as quais abrem pop-ups se eu passar o mouse sobre elas...

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

O site "srv123" não aparece mais qdo eu clico em um site...entretanto, msm depois de passar o ADW Cleaner e o Zoek, o tal de Coupon Downloader continua infestando as telas q eu abro...não consigo me livrar dele...alguma sugestão?

Eis o relatório do Zoek:


Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by alexandree on 25/05/2014 at 20:22:18,35.
Microsoft Windows 7 Professional 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\alexandree\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25/05/2014 20:25:26 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-873655147-2502061236-4147198141-1000\Software\Microsoft\Internet Explorer\SearchScopes\{23638960-AFE1-4BA6-85C1-4EDB969F961C} deleted successfully
HKEY_USERS\S-1-5-21-873655147-2502061236-4147198141-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4F275F1D-F12B-41BC-BDDB-FD9F11481537} deleted successfully
HKEY_USERS\S-1-5-21-873655147-2502061236-4147198141-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4FA95BD0-43F0-4F99-88D0-7942C23A1831} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\ALEXAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com.br/");
user_pref("browser.search.defaulturl", "");
user_pref("browser.search.selectedEngineS", "");
user_pref("browser.search.order.1S", "");
user_pref("browser.search.useDBForOrder", false);

Added to C:\Users\ALEXAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Coupon Downloader deleted
C:\PROGRA~2\CrossriderWebApps deleted
C:\PROGRA~2\Ss.Helper deleted
C:\PROGRA~2\wxDownload Fast deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\PROGRA~3\InstallMate deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDownload Fast deleted
C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Security Toolbar deleted
C:\user.js deleted
C:\Users\alexandree\AppData\Roaming\unins000.exe deleted
C:\Users\alexandree\Downloads\Setup.exe deleted
"c:\windows\Installer\15ef0ff.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [03/12/2013 16:12]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [19/05/2014 20:58]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ALEXAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default
- Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\alexandree\AppData\Roaming\Mozilla\Firefox\Profiles\07juqngy.default
B52EFEC8EEF9A7809376795ED3699826 - C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
A58DE0A570148AF5FF3512B2A340D09F - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
7B448B2B45428218D0D87376A2FF9FC2 - C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bmiabdepfhhiieiipmeecdmeljggmfee - No path found[]
ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[08/04/2014 23:52]
heoldelcflnigdllmlopiefhkkobendj - No path found[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 11:45]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\alexandree\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[19/05/2014 20:58]

Google Docs - alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Bitdefender Wallet - alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl
Google Search - alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - alexandree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1400116903804&tguid=77324-18194-1400116903804-9B597215C0F76592DDE9D36C717225BB&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-873655147-2502061236-4147198141-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A876E312-7D08-401a-B7A6-FAFC5DC2F292} deleted successfully
HKEY_USERS\S-1-5-21-873655147-2502061236-4147198141-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A876E312-7D08-401a-B7A6-FAFC5DC2F292} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A876E312-7D08-401a-B7A6-FAFC5DC2F292} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A876E312-7D08-401a-B7A6-FAFC5DC2F292} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\alexandree\Desktop\02-05-2014.doc - Atalho.lnk - C:\Users\alexandree\Downloads\02-05-2014.doc
C:\Users\alexandree\Desktop\20-03-2014_katia_mattos.docx - Atalho.lnk - C:\Users\alexandree\Downloads\20-03-2014_katia_mattos.docx
C:\Users\alexandree\Desktop\396401_334729553216449_100000382211622_1108772_805990183_n (2) - Atalho.lnk - \\ALEXANDREE-PC\Users\alexandree\Downloads\396401_334729553216449_100000382211622_1108772_805990183_n (1).jpg
C:\Users\alexandree\Desktop\Aula 1.2 - Poderes administrativos. Questões 5 a 7.mp4 - Atalho.lnk -
C:\Users\alexandree\Desktop\Aula 1.3 - Questões 8 a 12. Organização administrativa.mp4 - Atalho.lnk -
C:\Users\alexandree\Desktop\bitdefender-tsecurity.exe - Atalho.lnk - C:\Users\alexandree\Downloads\bitdefender-tsecurity.exe
C:\Users\alexandree\Desktop\CyberLink DVD Suite.lnk - C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\alexandree\Desktop\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Users\alexandree\Desktop\ESPN Brasil (TV Gol).lnk - C:\Program Files (x86)\Megacubo\megacubo.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Brasil (TV Gol)
C:\Users\alexandree\Desktop\fixlist.txt - Atalho.lnk - C:\Users\alexandree\Downloads\fixlist.txt
C:\Users\alexandree\Desktop\IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\alexandree\Desktop\IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\alexandree\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\alexandree\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\alexandree\Desktop\Kantaris.lnk - C:\Program Files (x86)\Kantaris\kantaris.exe
C:\Users\alexandree\Desktop\VOTORELAT66-100013772006185.doc - Atalho.lnk - C:\Users\alexandree\AppData\Local\Temp\VOTORELAT66-100013772006185.doc
C:\Users\alexandree\Desktop\Black Bee\Black Bee - Atalho.lnk - C:\Users\alexandree\Desktop\Black Bee
C:\Users\alexandree\Desktop\musicas juliana\Unidade de CD - Atalho.lnk - E:\
C:\Users\Default\Desktop\CyberLink DVD Suite.lnk - C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\Default\Desktop\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Users\Default User\Desktop\CyberLink DVD Suite.lnk - C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\Default User\Desktop\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Bitdefender Safepay.lnk - C:\Program Files (x86)\Bitdefender\Bitdefender\antispam32\obk.exe
C:\Users\Public\Desktop\Bitdefender Total Security.lnk - C:\Program Files (x86)\Bitdefender\Bitdefender\seccenter.exe
C:\Users\Public\Desktop\Camtasia Studio 8.lnk - C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
C:\Users\Public\Desktop\ChargeableUSB.lnk - C:\Program Files\SAMSUNG\ChargeableUSB\Executor.exe
C:\Users\Public\Desktop\Easy Network Manager.lnk - C:\Program Files (x86)\Samsung\Easy Network Manager\ENM.exe
C:\Users\Public\Desktop\Game Pack.lnk - C:\Program Files (x86)\Game Pack\GameConsole\GamePack.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Samsung Recovery Solution 4.lnk - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\Manager1.exe
C:\Users\Public\Desktop\Samsung Support Center.lnk - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCMain.exe
C:\Users\Public\Desktop\Samsung Update Plus.lnk - C:\Program Files (x86)\Samsung\Samsung Update Plus\SupClientApp.exe
C:\Users\Public\Desktop\Skype.lnk - C:\windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Super Tela.lnk - C:\Program Files (x86)\Super Tela\Super Tela.exe
C:\Users\Public\Desktop\User Guide.lnk - C:\Program Files\Samsung\SamsungManual\RunManual.exe

==== shortcuts in Users Start Menu ======================

C:\Users\alexandree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD 8\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe
C:\Users\alexandree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD 8\Online registration.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\OLRSubmission\OLRSubmission.exe /LANG:Enu
C:\Users\alexandree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD 8\PowerDVD 8 Help file.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Enu\PowerDVD8.CHM
C:\Users\alexandree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD 8\Read Me.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Enu\Readme.htm
C:\Users\alexandree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD 8\Uninstall PowerDVD 8.lnk - C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe /z-uninstall

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Super Tela.lnk - C:\Program Files (x86)\Super Tela\Super Tela.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Recorder 8.lnk - C:\windows\Installer\{5303CFB5-D635-44F0-A94B-9611E81F07C4}\CamtasiaIcons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Studio 8.lnk - C:\windows\Installer\{5303CFB5-D635-44F0-A94B-9611E81F07C4}\CamtasiaIcons.exe

==== shortcuts in Quick Launch ======================

C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\windows\system32\calc.exe
C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word Starter 2010.lnk - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604160000"
C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\windows\system32\mspaint.exe
C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word Starter 2010.lnk - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604160000"
C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
C:\Users\alexandree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\526AB318AF0B8D84B9579557C9882C91 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37A7410F-F90D-CDEC-619D-29153549E84D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4CCD610C-DD29-F582-28EE-520A0DD404AA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CFEF0DF0-9EDD-5CE8-4149-E556235BAE57} deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\alexandree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\alexandree\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\alexandree\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\alexandree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN6UHLAV will be deleted at reboot
C:\Users\alexandree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\alexandree\AppData\Local\Mozilla\Firefox\Profiles\07juqngy.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\alexandree\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1210 folders=134 49886687 bytes)

==== Empty Temp Folders ======================

C:\Users\alexandree\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\ALEXAN~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\alexandree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Users\alexandree\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN6UHLAV" not found

==== EOF on 25/05/2014 at 21:18:40,92 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

Parece um castigo, mas essas m.. do Coupon Dowloader ainda está por aqui

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by alexandree on 25/05/2014 at 21:56:22,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\alexandree\AppData\Roaming\mozilla\firefox\profiles\07juqngy.default\minidumps [277 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/05/2014 at 22:18:49,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

TÓPICO ARQUIVADO

Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.