Megalon WebClient no PC

Boa Noite, toda vez que entro no facebook, aparece propagandas, sobre um livro de sexo.....e agora, nos Programas e Recursos, tem o Megalon Web Client, que nunca cliquei nisso no facebook, e ele se instala aqui, ja desinstalei, e tudo o mais. No outro dia, como hoje, já apareceu isso aqui, o que eu faço ? desinstalar, ele aparece amanhã de novo......

Boa noite Andreata,

• Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ><[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ...Nicolas Coolman)
  
• Salve-o no Disco local (C ou D).
  
• Desabilite seu antivírus, e execute ZHPDiag.exe para instalar.
  
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Execute o ícone do pergaminho!
  
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Clique na opção "COMPLETA" e aguarde a conclusão.
  
• Clique OK e,ao concluir, poste o relatório! ( ZHPDiag.txt )
  
• Obs: O relatório por ser extenso deve ser postado em um desses sites:
  
• Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !
  

Um grande abraço.

Boa noite Andreata,

• Execute este script na ferramenta ZHPFix.
  
• Copie estas informações que estão em vermelho para o Bloco de notas.
  
• Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
  
• À seguir, minimize o Bloco de notas.
  
  Script ZHPFix
  SysRestore
  O2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Chave orfã    
  O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} Chave orfã    
  O4 - HKLM\..\Run: [Megalon] . (.The Megalon Team - Megalon WebClient.) -- C:\Program Files\Megalon\Megalon.exe
  O42 - Logiciel: Megalon WebClient - (.Megalon Group.) [HKLM][64Bits] -- Megalon
  [HKCU\Software\Megalon]
  [HKCU\Software\superdownloads.com.br]
  [HKLM\Software\PopDeals]
  EmptyClsid
  FirewallRaz
  EmptyPrefetch
  EmptyTemp
  EmptyFlash
  ShortcutFix
  
  
  
• Abra a ferramenta ZHPFix. <[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]>
  
• Clique em IMPORTAÇÃO > OK
  
• Clique "GO".
  
• Poste o Relatório!
  

Um grande abraço.  

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

caedurodrigues escreveu:Boa noite Andreata,

• Execute este script na ferramenta ZHPFix.
  
• Copie estas informações que estão em vermelho para o Bloco de notas.
  
• Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
  
• À seguir, minimize o Bloco de notas.
  
  Script ZHPFix
  SysRestore
  O2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Chave orfã    
  O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} Chave orfã    
  O4 - HKLM\..\Run: [Megalon] . (.The Megalon Team - Megalon WebClient.) -- C:\Program Files\Megalon\Megalon.exe
  O42 - Logiciel: Megalon WebClient - (.Megalon Group.) [HKLM][64Bits] -- Megalon
  [HKCU\Software\Megalon]
  [HKCU\Software\superdownloads.com.br]
  [HKLM\Software\PopDeals]
  EmptyClsid
  FirewallRaz
  EmptyPrefetch
  EmptyTemp
  EmptyFlash
  ShortcutFix
  
  
  
• Abra a ferramenta ZHPFix. <[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]>
  
• Clique em IMPORTAÇÃO > OK
  
• Clique "GO".
  
• Poste o Relatório!
  

Um grande abraço.  

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

Rapport de ZHPFix 2015.2.17.3 par Nicolas Coolman, Update du 17/02/2015
Fichier d'export Registre :
Run by Cliente at 23/02/2015 23:23:16
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 03s)
Prefetcher vazio
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\Megalon
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ:* HKLM\Software\PopDeals

========== Valores do Registo ==========
ELIMINÉ RunValue: Megalon
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Private) : TCP Query User{11FE5ADE-85FD-4189-8112-F1E0B0FA4616}C:\program files (x86)\steam\steamapps\common\ageofconan_us\ageofconandx10.exe
ELIMINÉ: FirewallRaz (Private) : UDP Query User{025A3745-7A83-4CDF-8E23-A3D3541D8F3A}C:\program files (x86)\steam\steamapps\common\ageofconan_us\ageofconandx10.exe
ELIMINÉ: FirewallRaz (Private) : TCP Query User{2C1ED19F-96DD-4D2A-9207-7910711C7462}C:\program files (x86)\steam\steamapps\common\ageofconan_us\ageofconan.exe
ELIMINÉ: FirewallRaz (Private) : UDP Query User{21834407-FB75-42CB-B319-99799A1164EA}C:\program files (x86)\steam\steamapps\common\ageofconan_us\ageofconan.exe

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (5)
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files\megalon\megalon.exe
ELIMINÉ Temporários windows (9) (1.406.948 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
3 : Chaves do Registo
7 : Valores do Registo
3 : Pastas
3 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 43s

========== Caminho do ficheiro do relatório ==========
C:\Users\Cliente.Cliente1-PC\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/11/2014 22:41:43 [1530]
C:\Users\Cliente.Cliente1-PC\AppData\Roaming\ZHP\ZHPFix[R2].txt - 28/01/2015 18:17:23 [1437]
C:\Users\Cliente.Cliente1-PC\AppData\Roaming\ZHP\ZHPFix[R3].txt - 23/02/2015 23:23:19 [2118]

Boa noite Andreata,

• Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]><(...by Smeenk)>
  
• Salve na sua área de trabalho!
  
• Execute o arquivo Zoek.exe.
  
• Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!
  
  QuickScan;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b
  emptyfolderscheck;delete
  
  
  
• Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
  
• Clique Run Script!
  
• Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
  
• Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
  
• Poste o relatório zoek-results.txt na sua próxima resposta.
  

Um grande abraço.

caedurodrigues escreveu:Boa noite Andreata,

• Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]><(...by Smeenk)>
  
• Salve na sua área de trabalho!
  
• Execute o arquivo Zoek.exe.
  
• Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!
  
  QuickScan;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b
  emptyfolderscheck;delete
  
  
  
• Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
  
• Clique Run Script!
  
• Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
  
• Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
  
• Poste o relatório zoek-results.txt na sua próxima resposta.
  

Um grande abraço.

Zoek.exe v5.0.0.0 Updated 23-February-2015
Tool run by Cliente on 24/02/2015 at 1:35:59,95.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cliente.Cliente1-PC\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-30-130212.log 10944 bytes
C:\zoek-results2015-01-29-150558.log 141652 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EasyAntiCheat deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\EasyAntiCheat deleted successfully

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Temp deleted
C:\PROGRA~2\Uninstall Information deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Cliente.Cliente1-PC\ZHPCleaner.exe deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\CLIENT~1.CLI\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-02-21 12:27:14 5E9E936ACC43E1D8639E6980A203DBA9 237864 ----a-w- C:\Windows\SysWOW64\EasyAntiCheat.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-02-21 12:27:29 E86527F311A52CC48DE74FA5E7AA6461 477464 ----a-w- C:\Windows\Sysnative\EasyAntiCheat.sys
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-02-23 12:53:57 -------- d-----w- C:\Program Files\Megalon
2015-01-26 12:10:04 -------- d-----w- C:\Program Files\Common Files\Clocker
2015-01-26 12:04:53 -------- d-----w- C:\Program Files\Common Files\WWS
======= C:\PROGRA~2 =====
2015-02-22 03:23:51 -------- d-----w- C:\PROGRA~2\MSI Afterburner
======= C: =====
====== C:\Users\Cliente.Cliente1-PC\AppData\Roaming ======
2015-02-23 01:53:30 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Local\Funcom
2015-02-23 01:53:30 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Local\Funcom
2015-02-22 03:24:05 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-02-22 03:24:05 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-02-22 02:41:46 45E91084483626304008004D639D9A0A 109296 ----a-w- C:\Windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-19 02:56:04 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Local\Steam
2015-02-19 02:56:04 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Local\Steam
2015-02-07 19:32:03 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Roaming\RIFT
2015-02-07 19:32:03 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Roaming\RIFT
2015-02-04 18:11:24 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Roaming\roi
2015-02-04 18:11:24 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Roaming\roi
2015-01-31 04:27:28 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Roaming\steam.transformice.com
2015-01-31 04:27:28 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Roaming\steam.transformice.com
2015-01-29 15:03:57 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-01-29 15:03:57 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-01-29 15:03:57 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2015-01-29 15:03:57 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Local\Temp
2015-01-29 15:03:57 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Local\Temp
====== C:\Users\Cliente.Cliente1-PC ======
2015-02-18 22:53:34 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Cliente.Cliente1-PC\Desktop\adwcleaner_4.111.exe
2015-02-18 22:53:34 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\CLIENT~1.CLI\Desktop\adwcleaner_4.111.exe
2015-01-28 19:40:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

====== C: exe-files ==
2015-02-24 02:32:00 E7617E566EA58E2DA33E380A0282882D 78336 ----a-w- C:\Program Files\Megalon\Megalon.exe
2015-02-23 14:10:28 CC75BBD6E0418DFBCC49778AA80A6E2C 122880 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\Bin32\web\awesomium_pak_utility.exe
2015-02-23 14:09:50 F8205543AE01AAF513ED20BDA39B7D32 39336 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\Bin32\web\awesomium_process.exe
2015-02-23 14:09:41 498BBD23CE1E0ED755AA254A30411F71 120328 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\Bin32\PnzWebWrapper.exe
2015-02-23 14:08:57 DDCE338BB173B32024679D61FB4F2BA6 537432 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Redist\DX\DXSETUP.exe
2015-02-23 14:08:57 A3F69A9CA25C7EBF12CEB7F387B63860 313864 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzSteamLauncher.exe
2015-02-23 14:08:57 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Redist\VS\vcredist_x86.exe
2015-02-23 14:08:57 40395C175553CB14D2050888EFCCDF00 4961800 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Redist\VS\vcredist_x64.exe
2015-02-23 14:08:57 38A783524B07A38F8E7E4B8C78269693 421896 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Bin32\PnzUcAdm.exe
2015-02-23 14:08:57 0B99BF16ED23B9134921A91B3FE51FE3 8589832 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\start.exe
2015-02-23 14:08:57 0B99BF16ED23B9134921A91B3FE51FE3 8589832 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Installer\us\start.exe
2015-02-23 14:08:57 0B99BF16ED23B9134921A91B3FE51FE3 8589832 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Installer\ru\start.exe
2015-02-23 14:08:57 0B99BF16ED23B9134921A91B3FE51FE3 8589832 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Installer\com\start.exe
2015-02-23 14:08:56 A43CC5CD7B9DE177B128A50495CE9E00 2523144 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\Bin64\PnzCl.exe
2015-02-23 14:08:56 2B480D972F40C4090F1C594834DE898D 2524168 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\Bin32\PnzCl.exe
2015-02-22 03:23:51 5C7EFE2D94830727CC10C145006EBCCF 86069 ----a-w- C:\Program Files (x86)\MSI Afterburner\Uninstall.exe
2015-02-22 03:23:15 F8AB917987F50EC4B2D536DACB34EEF7 36420117 ----a-w- C:\Users\Cliente.Cliente1-PC\Desktop\Back- Up\Downloads\MSIAfterburnerSetup410.exe
2015-02-21 12:27:14 5E9E936ACC43E1D8639E6980A203DBA9 237864 ----a-w- C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-02-21 11:11:14 FF7FFD6962396B565838F04656F94004 437408 ----a-w- C:\Users\Cliente.Cliente1-PC\AppData\Local\NVIDIA\NvBackend\Packages\0000706b\CoProc update.19337009.exe
2015-02-20 18:14:21 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Program Files (x86)\Google\Update\Install\{E51BCB36-4138-47FC-A3FA-A7FEA56732DD}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
2015-02-20 18:14:21 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_40.0.2214.111_chrome_updater.exe
2015-02-19 21:21:19 935CD218C06721994ED48349361467F9 555320 ----a-w- C:\Program Files (x86)\GbPlugin\gbpsv.exe
2015-02-19 21:20:57 0401C613DDF8E3D4D9915F351240202A 5570344 ----a-w- C:\ProgramData\Temp\gbplugin_ie_bb_setup.exe
2015-02-18 22:53:34 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Cliente.Cliente1-PC\Desktop\adwcleaner_4.111.exe
2015-02-18 00:28:27 4B0D0C51DAC9B9F5ACE7C04AB0E03164 5020680 ----a-w- C:\Users\Cliente.Cliente1-PC\AppData\Local\NVIDIA\NvBackend\Packages\00007049\DAO.19325675.exe
2015-02-17 15:19:28 CEEAD3EE1AC23B22AD12F280DD39523D 675256 ----a-w- C:\Users\Cliente.Cliente1-PC\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2015-02-17 15:19:26 D0B6133A3F38786CAD39FF206D1DB49E 172984 ----a-w- C:\Users\Cliente.Cliente1-PC\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
=== C: other files ==
2015-02-21 12:27:29 E86527F311A52CC48DE74FA5E7AA6461 477464 ----a-w- C:\Windows\System32\EasyAntiCheat.sys
2015-02-19 21:21:16 9B06D67FEDAABE253A2A68B68F5CBD2A 24792 ----a-w- C:\Program Files (x86)\GbPlugin\wsftprp64.sys
2015-02-19 21:20:51 27572098616286AA3EA1A20C93FAAAE4 18933 ----a-w- C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\bb\sf.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"Megalon"="C:\Program Files\Megalon\Megalon.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO System Cleaner Finalize All]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="COMODO System Cleaner Finalize All"
"hkey"="HKLM"
"command"="\"C:\\Users\\Cliente.Cliente1-PC\\Desktop\\Back- Up\\Downloads\\COMODO System-Cleaner\\CSC.EXE\" //delete_all"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO System Cleaner SafeDelete]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="COMODO System Cleaner SafeDelete"
"hkey"="HKLM"
"command"="\"C:\\Users\\Cliente.Cliente1-PC\\Desktop\\Back- Up\\Downloads\\COMODO System-Cleaner\\CSC.EXE\" //safedeletion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSScheduler"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvBackend"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ShadowPlay"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^forteManager.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\forteManager.lnk"
"backup"="C:\\Windows\\pss\\forteManager.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\LGSOFT~1\\FORTEM~1\\bin\\Monitor.exe -startup"
"item"="forteManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Cliente.Cliente1-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk]
"path"="C:\\Users\\Cliente.Cliente1-PC\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Recorte de tela e Iniciador do OneNote 2007.lnk"
"backup"="C:\\Windows\\pss\\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~1\\Office12\\ONENOTEM.EXE /tsr"
"item"="Recorte de tela e Iniciador do OneNote 2007"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvNetworkService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvStreamSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Skype C2C Service]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04/02/2015 19:39]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\EVGAPrecisionX" [C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{53904776-AC9E-43EC-B70E-776173C3840E}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\CLIENT~1.CLI\AppData\Roaming\Mozilla\Firefox\Profiles\kod3lnf7.default
user_pref("browser.startup.homepage", "about:home");

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [19/02/2015 18:21]

==== Firefox Extensions ======================

ProfilePath: C:\Users\CLIENT~1.CLI\AppData\Roaming\Mozilla\Firefox\Profiles\kod3lnf7.default
- GBBD Banco do Brasil - C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
- Undetermined - {87F8774F-B485-47E2-A755-A40A8A5E886C}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Cliente.Cliente1-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kod3lnf7.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
1DE5D05F67114FAEA17AD47B5E01DF6F - C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
2BC6A052D9B153F6DC2F0E420FB4F407 - C:\Users\Cliente.Cliente1-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin
A7D38CD759C7AD594D1B255001BDDD8E - C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chromium Look ======================

Google Slides - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avira Browser Safety - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
Google Wallet - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avira Browser Safety - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
Google Wallet - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cliente.Cliente1-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cliente.Cliente1-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\CLIENT~1.CLI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\CLIENT~1.CLI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=49 folders=15 16786856 bytes)

==== Empty Temp Folders ======================

C:\Users\Cliente.Cliente1-PC\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\CLIENT~1.CLI\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\CLIENT~1.CLI\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 24/02/2015 at 1:56:48,37 ======================

Boa noite Andreata,

• Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Farbar)>
  
• Ou aqui:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Salve-a na Área de trabalho !
  
• Execute a ferramenta ! Clique "Yes" >> "Scan".
  
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Verifique se as caixinhas em "Whitelist" estão assinaladas.
  
• Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
  
• Será gerado o relatório! (FRST.txt)
  
• Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
  
• Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !
  

Um grande abraço.

caedurodrigues escreveu:Boa noite Andreata,

• Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Farbar)>
  
• Ou aqui:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Salve-a na Área de trabalho !
  
• Execute a ferramenta ! Clique "Yes" >> "Scan".
  
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Verifique se as caixinhas em "Whitelist" estão assinaladas.
  
• Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
  
• Será gerado o relatório! (FRST.txt)
  
• Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
  
• Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !
  

Um grande abraço.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Cliente (administrator) on CLIENTE1-PC on 24-02-2015 09:47:08
Running from C:\Users\Cliente.Cliente1-PC\Desktop
Loaded Profiles: Cliente (Available profiles: Cliente)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Greenwichers) C:\Program Files\Common Files\Clocker\Clocker.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(The Megalon Team) C:\Program Files\Megalon\Megalon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(The Security Team) C:\Program Files\Common Files\WWS\Watchdog.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [Megalon] => C:\Program Files\Megalon\Megalon.exe [78336 2015-02-23] (The Megalon Team)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3258268329-354441947-3349506184-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3258268329-354441947-3349506184-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3258268329-354441947-3349506184-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-3258268329-354441947-3349506184-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1836928 2015-01-13] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cliente.Cliente1-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kod3lnf7.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3258268329-354441947-3349506184-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cliente.Cliente1-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3258268329-354441947-3349506184-1000: gastecnologia.com.br/sf/bb -> C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3258268329-354441947-3349506184-1000: gastecnologia.com.br/sf/bb64 -> C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3258268329-354441947-3349506184-1000: gastecnologia.com.br/sf/cef -> C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll No File
FF Plugin HKU\S-1-5-21-3258268329-354441947-3349506184-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-3258268329-354441947-3349506184-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKU\S-1-5-21-3258268329-354441947-3349506184-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-02-19]

Chrome:
=======
CHR DefaultSuggestURL: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR Profile: C:\Users\Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-30]
CHR Extension: (Google Docs) - C:\Users\Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-29]
CHR Extension: (Google Drive) - C:\Users\Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-29]
CHR Extension: (YouTube) - C:\Users\Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-29]
CHR Extension: (Google Search) - C:\Users\Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-29]
CHR Extension: (Google Sheets) - C:\Users\Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-29]
CHR Extension: (Gmail) - C:\Users\Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ClockerService; C:\Program Files\Common Files\Clocker\Clocker.exe [80896 2015-02-15] (Greenwichers) [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [555320 2015-01-13] (GAS Tecnologia)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
R2 WatchdogService; C:\Program Files\Common Files\WWS\Watchdog.exe [77824 2015-02-15] (The Security Team) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2008-03-27] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [13312 2008-03-27] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-27] ()
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 09:47 - 2015-02-24 09:47 - 00015274 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\FRST.txt
2015-02-24 09:46 - 2015-02-24 09:46 - 02087424 _____ (Farbar) C:\Users\Cliente.Cliente1-PC\Desktop\FRST64.exe
2015-02-24 01:56 - 2015-02-24 01:56 - 00000338 _____ () C:\Windows\PFRO.log
2015-02-24 01:54 - 2015-02-24 01:35 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-24 01:37 - 2015-01-29 12:05 - 00141652 _____ () C:\zoek-results2015-01-29-150558.log
2015-02-24 01:33 - 2015-02-24 01:33 - 01304576 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\zoek.exe
2015-02-23 23:24 - 2015-02-23 23:23 - 00002212 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\ZHPFixReport.txt
2015-02-23 20:57 - 2015-02-23 20:57 - 00104113 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\ZHPDiag.txt
2015-02-23 20:53 - 2015-02-23 20:53 - 00001987 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\ZHPFix.lnk
2015-02-23 20:53 - 2015-02-23 20:53 - 00001860 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\ZHPDiag.lnk
2015-02-23 14:29 - 2015-02-23 14:29 - 00017741 _____ () C:\Windows\DirectX.log
2015-02-23 11:08 - 2015-02-23 11:08 - 00000222 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\Panzar.url
2015-02-23 09:53 - 2015-02-23 23:32 - 00000000 ____D () C:\Program Files\Megalon
2015-02-23 09:48 - 2015-02-24 09:00 - 00001008 _____ () C:\Windows\setupact.log
2015-02-23 09:48 - 2015-02-23 09:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-22 22:53 - 2015-02-22 22:53 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Local\Funcom
2015-02-22 00:24 - 2015-02-22 00:24 - 00001086 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\MSI Afterburner.lnk
2015-02-22 00:24 - 2015-02-22 00:24 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-02-22 00:23 - 2015-02-24 01:52 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-02-21 09:27 - 2015-02-21 09:27 - 00477464 _____ () C:\Windows\system32\EasyAntiCheat.sys
2015-02-21 09:27 - 2015-02-21 09:01 - 00237864 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-02-18 23:56 - 2015-02-18 23:56 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Local\Steam
2015-02-18 19:53 - 2015-02-18 19:54 - 02126848 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\adwcleaner_4.111.exe
2015-02-11 10:02 - 2015-02-11 10:02 - 00001626 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\Avira.lnk
2015-02-07 16:32 - 2015-02-15 23:23 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\RIFT
2015-02-07 16:32 - 2015-02-07 16:32 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\Documents\RIFT
2015-02-04 15:11 - 2015-02-04 15:11 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\roi
2015-02-01 20:00 - 2015-02-21 22:33 - 00000847 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\ZHPCleaner.lnk
2015-01-31 01:27 - 2015-01-31 01:27 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\steam.transformice.com
2015-01-30 17:30 - 2015-01-30 17:30 - 00000222 _____ () C:\Users\Cliente.Cliente1-PC\Desktop\Transformice.url
2015-01-29 11:48 - 2014-11-30 10:02 - 00010944 _____ () C:\zoek-results2014-11-30-130212.log
2015-01-28 23:32 - 2015-01-28 23:32 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-28 15:30 - 2015-02-24 09:03 - 00444919 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 16:58 - 2015-01-27 16:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 09:10 - 2015-01-26 09:10 - 00000705 _____ () C:\Windows\system32\InstallUtil.InstallLog
2015-01-26 09:10 - 2015-01-26 09:10 - 00000000 ____D () C:\Program Files\Common Files\Clocker
2015-01-26 09:04 - 2015-01-26 09:04 - 00000000 ____D () C:\Program Files\Common Files\WWS
2015-01-25 01:29 - 2015-01-25 01:29 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 09:47 - 2014-10-21 22:09 - 00000000 ____D () C:\FRST
2015-02-24 09:39 - 2014-04-02 17:36 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 09:12 - 2014-04-02 17:45 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 09:08 - 2009-07-14 01:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 09:08 - 2009-07-14 01:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 09:06 - 2009-07-14 14:55 - 00707974 _____ () C:\Windows\system32\prfh0416.dat
2015-02-24 09:06 - 2009-07-14 14:55 - 00147754 _____ () C:\Windows\system32\prfc0416.dat
2015-02-24 09:06 - 2009-07-14 02:13 - 01641426 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 09:00 - 2014-04-02 17:45 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 08:59 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 01:56 - 2014-11-30 09:47 - 00022440 _____ () C:\zoek-results.log
2015-02-24 01:51 - 2014-04-02 22:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-24 01:48 - 2014-11-30 09:45 - 00000000 ____D () C:\zoek_backup
2015-02-24 01:48 - 2014-04-02 17:26 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC
2015-02-24 00:03 - 2014-04-06 13:35 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\Awesomium
2015-02-23 23:24 - 2014-11-29 14:05 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\ZHP
2015-02-23 20:57 - 2014-11-29 14:08 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2015-02-23 20:53 - 2014-11-29 14:05 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2015-02-22 22:53 - 2014-05-13 12:33 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-02-22 22:53 - 2014-05-13 12:33 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-21 10:23 - 2014-12-01 13:26 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Local\Battle.net
2015-02-21 09:32 - 2014-04-23 22:25 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\.mono
2015-02-21 08:53 - 2014-04-06 13:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-19 23:31 - 2014-04-04 19:15 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2015-02-19 18:20 - 2014-12-01 13:52 - 00034850 _____ () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\unins001.dat
2015-02-18 19:56 - 2014-11-30 00:24 - 00000000 ____D () C:\AdwCleaner
2015-02-13 23:37 - 2014-04-07 00:31 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\Documents\My Games
2015-02-12 12:18 - 2014-04-03 19:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-10 21:26 - 2014-04-03 10:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-09 12:03 - 2009-07-14 02:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-07 16:49 - 2014-09-05 12:36 - 00000252 _____ () C:\Users\Cliente.Cliente1-PC\BullseyeCoverageError.txt
2015-02-07 01:56 - 2014-04-19 08:04 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\uTorrent
2015-02-06 22:33 - 2015-01-02 16:04 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-06 22:10 - 2014-12-20 15:18 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-02-05 02:07 - 2014-04-02 17:45 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 02:07 - 2014-04-02 17:45 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 19:39 - 2014-04-02 17:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 19:39 - 2014-04-02 17:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 19:39 - 2014-04-02 17:36 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 21:33 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-30 10:09 - 2014-06-21 10:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 11:58 - 2014-12-28 19:51 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\Desktop\Breno e Stéfani Não Apagar
2015-01-28 23:32 - 2014-06-21 10:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-27 22:00 - 2014-04-02 17:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 22:59 - 2014-04-17 21:40 - 00000000 ____D () C:\Users\Cliente.Cliente1-PC\AppData\Local\Google
2015-01-25 23:47 - 2014-10-30 23:32 - 00003862 _____ () C:\PureRa.txt

==================== Files in the root of some directories =======

2014-05-03 14:44 - 2014-05-03 14:44 - 0000028 _____ () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\ClipExtractor-UpdatePerformed.txt
2014-05-03 14:44 - 2014-05-03 15:16 - 0000608 _____ () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
2014-10-21 11:37 - 2014-10-21 11:37 - 0086699 _____ () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\icarus-dxdiag.xml
2014-11-28 15:50 - 2014-11-28 15:50 - 0017220 _____ () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\unins000.dat
2014-12-01 13:52 - 2015-02-19 18:20 - 0034850 _____ () C:\Users\Cliente.Cliente1-PC\AppData\Roaming\unins001.dat
2014-04-15 02:55 - 2014-08-17 17:01 - 0007605 _____ () C:\Users\Cliente.Cliente1-PC\AppData\Local\resmon.resmoncfg
2014-07-16 23:43 - 2014-10-08 12:43 - 0000465 _____ () C:\Users\Cliente.Cliente1-PC\AppData\Local\UserProducts.xml
2014-11-27 22:50 - 2014-11-27 22:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Cliente.Cliente1-PC\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 12:01

==================== End Of Log ============================

São 2 RELATÓRIOS ? SEGUE O ADITIONAL
E O GO GAMELON ESTÁ SENDO EXECUTADO..............

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2015
Ran by Cliente at 2015-02-24 09:48:17
Running from C:\Users\Cliente.Cliente1-PC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3258268329-354441947-3349506184-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Arquivo do WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Atualizações da NVIDIA 16.13.69 (Version: 16.13.69 - NVIDIA Corporation) Hidden
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
FormatFactory 2.10 (HKLM-x32\...\FormatFactory) (Version: 2.10 - Free Time)
forteManager (HKLM-x32\...\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}) (Version: 3.06 - LG Soft India)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: - )
Google Chrome (HKLM-x32\...\{E59AB510-8AEA-36BC-91D5-B25791AD224F}) (Version: 65.0.16546 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
K-Lite Mega Codec Pack 7.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.8.0 - )
Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Megalon WebClient (HKLM\...\Megalon) (Version: 1.0.0.7 - Megalon Group)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 pt-BR)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{22FB6750-ADDF-4726-B67F-6901E1991046}) (Version: 7.03.0993 - Nero AG)
NVIDIA Driver de áudio HD 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Driver de controle do 3D Vision 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA Driver de gráficos 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Painel de controle da NVIDIA 344.75 (Version: 344.75 - NVIDIA Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Panzar (HKLM-x32\...\Steam App 240320) (Version: - Troxit Service)
R.U.S.E (HKLM-x32\...\Steam App 21970) (Version: - Eugen Systems)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stronghold Crusader 2 (HKLM-x32\...\Steam App 232890) (Version: - FireFly Studios)
Stronghold Kingdoms (HKLM-x32\...\Steam App 47410) (Version: - FireFly Studios)
The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version: - Snowblind Studios)
Transformice (HKLM-x32\...\Steam App 335240) (Version: - Atelier 801)
Unity Web Player (HKU\S-1-5-21-3258268329-354441947-3349506184-1000\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
ZHPDiag 2015 (HKLM-x32\...\ZHPDiag_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3258268329-354441947-3349506184-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3258268329-354441947-3349506184-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)

==================== Restore Points =========================

23-02-2015 12:08:19 Ponto de Verificação Agendado
23-02-2015 14:28:22 DirectX instalado
23-02-2015 20:06:30 Removed DefianceRuntimes
23-02-2015 23:22:40 ZHPFix Restore System Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-06-21 13:13 - 2015-02-11 19:54 - 00000839 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {42DAE63A-DC20-4611-A416-591CD72023EB} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe
Task: {5229E393-0DAB-402B-ADD2-FF0DDCFB1F1C} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {69D27AAC-A263-4355-8C7B-DF721E627055} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {80B337C7-001C-4A72-8A0E-70B93AD92AE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {DB79C5DD-8A9E-4FC8-8027-019535069D75} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {F826E414-BDED-455C-B7D2-6217E94113CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-10-25 10:59 - 2014-11-12 18:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-02 17:35 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-02-20 15:16 - 2015-02-17 19:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 15:16 - 2015-02-17 19:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 15:16 - 2015-02-17 19:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-20 15:16 - 2015-02-17 19:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\System32:45944085_Bb.gbp
AlternateDataStreams: C:\Users\Cliente.Cliente1-PC\Desktop\Back- Up:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3258268329-354441947-3349506184-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliente.Cliente1-PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^forteManager.lnk => C:\Windows\pss\forteManager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Cliente.Cliente1-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk => C:\Windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: COMODO System Cleaner Finalize All => "C:\Users\Cliente.Cliente1-PC\Desktop\Back- Up\Downloads\COMODO System-Cleaner\CSC.EXE" //delete_all
MSCONFIG\startupreg: COMODO System Cleaner SafeDelete => "C:\Users\Cliente.Cliente1-PC\Desktop\Back- Up\Downloads\COMODO System-Cleaner\CSC.EXE" //safedeletion
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Accounts: =============================

Administrador (S-1-5-21-3258268329-354441947-3349506184-500 - Administrator - Disabled)
Cliente (S-1-5-21-3258268329-354441947-3349506184-1000 - Administrator - Enabled) => C:\Users\Cliente.Cliente1-PC
Convidado (S-1-5-21-3258268329-354441947-3349506184-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3258268329-354441947-3349506184-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2015 01:52:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: AwesomiumProcess.exe, versão: 0.0.0.0, carimbo de hora: 0x4f46a101
Nome do módulo de falhas: Awesomium.dll, versão: 1.6.0.4, carimbo de hora: 0x4f46a0fb
Código de exceção: 0xc0000005
Deslocamento com falha: 0x005e7182
Identificação do processo com falha: 0xcac
Hora de início do aplicativo com falha: 0xAwesomiumProcess.exe0
Caminho do aplicativo com falha: AwesomiumProcess.exe1
FCaminho do módulo de falhas: AwesomiumProcess.exe2
Identificação do Relatório: AwesomiumProcess.exe3

Error: (02/23/2015 00:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: AgeOfConanDX10.exe, versão: 1.0.0.0, carimbo de hora: 0x54db8910
Nome do módulo de falhas: d3d11.dll, versão: 6.2.9200.16570, carimbo de hora: 0x5153774d
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000a7da4
Identificação do processo com falha: 0xff8
Hora de início do aplicativo com falha: 0xAgeOfConanDX10.exe0
Caminho do aplicativo com falha: AgeOfConanDX10.exe1
FCaminho do módulo de falhas: AgeOfConanDX10.exe2
Identificação do Relatório: AgeOfConanDX10.exe3

Error: (02/21/2015 11:36:21 PM) (Source: ClockerService) (EventID: 0) (User: )
Description: Serviço não pode ser iniciado. O processo do serviço não pôde se conectar ao controlador do serviço

Error: (02/21/2015 10:47:01 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]

Error: (02/21/2015 07:54:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]

Error: (02/21/2015 04:20:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa DOMain.exe versão 4.5.4.31047 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: df0

Hora de Início: 01d04e08b8280499

Hora de Término: 58

Caminho do Aplicativo: C:\Program Files (x86)\Steam\steamapps\common\School of Dragons How to Train Your Dragon\DOMain.exe

Id do Relatório:

Error: (02/20/2015 03:41:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa NF2_CLIENT_Release.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 1264

Hora de Início: 01d04d3cd57ab71b

Hora de Término: 16

Caminho do Aplicativo: C:\Program Files (x86)\SD EnterNET\NavyFIELD 2\NF2_CLIENT_Release.exe

Id do Relatório: 191d140c-b930-11e4-bb70-90e6ba019fb2

Error: (02/19/2015 09:53:08 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Não é possível inicializar o índice.

Detalhes:
O catálogo do índice de conteúdo está corrompido. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/19/2015 09:53:08 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Não é possível inicializar o aplicativo.

Contexto: Aplicativo Windows

Detalhes:
O catálogo do índice de conteúdo está corrompido. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/19/2015 09:53:08 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Não é possível inicializar o objeto coletor.

Contexto: Aplicativo Windows, Catálogo SystemIndex

Detalhes:
O catálogo do índice de conteúdo está corrompido. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (02/24/2015 09:01:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Agrupamento de Rede de Mesmo Nível depende do serviço Protocolo PNRP, mas não foi possível iniciá-lo devido ao seguinte erro:
%%-2140993535

Error: (02/24/2015 09:01:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Protocolo PNRP terminou com o erro:
%%-2140993535

Error: (02/24/2015 09:01:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Agrupamento de Rede de Mesmo Nível depende do serviço Protocolo PNRP, mas não foi possível iniciá-lo devido ao seguinte erro:
%%-2140993535

Error: (02/24/2015 09:01:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Protocolo PNRP terminou com o erro:
%%-2140993535

Error: (02/24/2015 09:01:24 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (02/24/2015 09:01:24 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (02/24/2015 09:01:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Protocolo PNRP terminou com o erro:
%%-2140993535

Error: (02/24/2015 09:01:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Agrupamento de Rede de Mesmo Nível depende do serviço Protocolo PNRP, mas não foi possível iniciá-lo devido ao seguinte erro:
%%-2140993535

Error: (02/24/2015 09:01:14 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (02/24/2015 02:02:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Agrupamento de Rede de Mesmo Nível depende do serviço Protocolo PNRP, mas não foi possível iniciá-lo devido ao seguinte erro:
%%-2140993535


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-09-09 23:37:05.156
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-09 23:37:05.140
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-09 22:54:35.068
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-09 22:54:35.037
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-09 22:54:10.490
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-09 22:54:10.458
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-09 22:46:15.788
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-09 22:46:15.756
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-09 22:45:42.329
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-09 22:45:42.297
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9505 @ 2.83GHz
Percentage of memory in use: 55%
Total physical RAM: 4095.24 MB
Available physical RAM: 1824.48 MB
Total Pagefile: 8188.66 MB
Available Pagefile: 4983.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:456.41 GB) (Free:303.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 465.8 GB) (Disk ID: 0007457D)
Partition 1: (Active) - (Size=456.4 GB) - (Type=07 NTFS)

Boa noite Andreata,

• Copie estas informações que estão em vermelho,para o Bloco de Notas.
  
• Salve-a com o nome fixlist.txt
  
• Salve-a no mesmo local em que se encontra a FRST
  
  start
  CloseProcesses:
  (The Megalon Team) C:\Program Files\Megalon\Megalon.exe
  HKLM\...\Run: [Megalon] => C:\Program Files\Megalon\Megalon.exe [78336 2015-02-23] (The Megalon Team)
  HKU\S-1-5-21-3258268329-354441947-3349506184-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-21-3258268329-354441947-3349506184-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  SearchScopes: HKU\S-1-5-21-3258268329-354441947-3349506184-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
  FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
  CHR DefaultSuggestURL: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
  2015-02-24 01:56 - 2015-02-24 01:56 - 00000338 _____ () C:\Windows\PFRO.log
  2015-02-23 09:53 - 2015-02-23 23:32 - 00000000 ____D () C:\Program Files\Megalon
  2015-02-23 09:48 - 2015-02-24 09:00 - 00001008 _____ () C:\Windows\setupact.log
  2015-02-23 09:48 - 2015-02-23 09:48 - 00000000 _____ () C:\Windows\setuperr.log
  C:\Users\Cliente.Cliente1-PC\AppData\Local\Temp\avgnt.exe
  Megalon WebClient (HKLM\...\Megalon) (Version: 1.0.0.7 - Megalon Group)
  Task: {5229E393-0DAB-402B-ADD2-FF0DDCFB1F1C} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
  HOSTS:
  CMD: bitsadmin /reset /allusers
  CMD: ipconfig /flushdns
  emptytemp:
  end
  
• Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
  
• Poste o relatório! (Fixlog.txt)
  

Um grande abraço.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

Boa noite. Estou com o mesmo problema. Já desinstalei e ele se reinstala: Megalon WebClient. Posso baixar e seguir os passos acima descritos?

Boa noite Verner, os procedimentos acima descritos deve ser estritamente utilizado no equipamento aqui em analise. Por favor crie um topico, onde o seu caso sera analisado por um de nossos especialistas. Um grande abraco.

caedurodrigues escreveu:Boa noite Andreata,

• Copie estas informações que estão em vermelho,para o Bloco de Notas.
  
• Salve-a com o nome fixlist.txt
  
• Salve-a no mesmo local em que se encontra a FRST
  
  start
  CloseProcesses:
  (The Megalon Team) C:\Program Files\Megalon\Megalon.exe
  HKLM\...\Run: [Megalon] => C:\Program Files\Megalon\Megalon.exe [78336 2015-02-23] (The Megalon Team)
  HKU\S-1-5-21-3258268329-354441947-3349506184-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-21-3258268329-354441947-3349506184-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  SearchScopes: HKU\S-1-5-21-3258268329-354441947-3349506184-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
  FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
  CHR DefaultSuggestURL: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
  2015-02-24 01:56 - 2015-02-24 01:56 - 00000338 _____ () C:\Windows\PFRO.log
  2015-02-23 09:53 - 2015-02-23 23:32 - 00000000 ____D () C:\Program Files\Megalon
  2015-02-23 09:48 - 2015-02-24 09:00 - 00001008 _____ () C:\Windows\setupact.log
  2015-02-23 09:48 - 2015-02-23 09:48 - 00000000 _____ () C:\Windows\setuperr.log
  C:\Users\Cliente.Cliente1-PC\AppData\Local\Temp\avgnt.exe
  Megalon WebClient (HKLM\...\Megalon) (Version: 1.0.0.7 - Megalon Group)
  Task: {5229E393-0DAB-402B-ADD2-FF0DDCFB1F1C} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
  HOSTS:
  CMD: bitsadmin /reset /allusers
  CMD: ipconfig /flushdns
  emptytemp:
  end
  
• Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
  
• Poste o relatório! (Fixlog.txt)
  

Um grande abraço.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2015
Ran by Cliente at 2015-02-24 22:58:29 Run:2
Running from C:\Users\Cliente.Cliente1-PC\Desktop
Loaded Profiles: Cliente (Available profiles: Cliente)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
(The Megalon Team) C:\Program Files\Megalon\Megalon.exe
HKLM\...\Run: [Megalon] => C:\Program Files\Megalon\Megalon.exe [78336 2015-02-23] (The Megalon Team)
HKU\S-1-5-21-3258268329-354441947-3349506184-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3258268329-354441947-3349506184-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-3258268329-354441947-3349506184-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
CHR DefaultSuggestURL: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
2015-02-24 01:56 - 2015-02-24 01:56 - 00000338 _____ () C:\Windows\PFRO.log
2015-02-23 09:53 - 2015-02-23 23:32 - 00000000 ____D () C:\Program Files\Megalon
2015-02-23 09:48 - 2015-02-24 09:00 - 00001008 _____ () C:\Windows\setupact.log
2015-02-23 09:48 - 2015-02-23 09:48 - 00000000 _____ () C:\Windows\setuperr.log
C:\Users\Cliente.Cliente1-PC\AppData\Local\Temp\avgnt.exe
Megalon WebClient (HKLM\...\Megalon) (Version: 1.0.0.7 - Megalon Group)
Task: {5229E393-0DAB-402B-ADD2-FF0DDCFB1F1C} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
HOSTS:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
*****************

Processes closed successfully.
C:\Program Files\Megalon\Megalon.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Megalon => value deleted successfully.
"HKU\S-1-5-21-3258268329-354441947-3349506184-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3258268329-354441947-3349506184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
"HKU\S-1-5-21-3258268329-354441947-3349506184-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml => Moved successfully.
Chrome DefaultSuggestURL not detected.
IntcAzAudAddService => Service deleted successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Program Files\Megalon => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\Users\Cliente.Cliente1-PC\AppData\Local\Temp\avgnt.exe => Moved successfully.
Megalon WebClient (HKLM\...\Megalon) (Version: 1.0.0.7 - Megalon Group) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5229E393-0DAB-402B-ADD2-FF0DDCFB1F1C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5229E393-0DAB-402B-ADD2-FF0DDCFB1F1C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========= End of CMD: =========

EmptyTemp: => Removed 218.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:58:38 ====

Boa noite Andreata, como está o PC ?

caedurodrigues escreveu:Boa noite Andreata, como está o PC ?

Bom dia, liguei o pc, está bom , rapido, mas
entrei no facebook, e logo após, entrou uma página, com a propaganda, GO.MEGALON, e abre outra com propaganda, de aparelhos celulares. No painel de controle, em Programas e Recursos , fui ver, está lá o  MEGALON WEB CLIENT , sem ter autorização minha de instalar. Porque ? Toda vez que acesso o facebook, entra isso no pc ? Todos estes procedimentos, desinstalou o programa, e quando reinicia o pc, e entro no facebook, agora, entrei neste site também........de onde está vindo este MEGALON ?

Bom dia Andreata, é o que estamos tentando descobrir. Uma remoção de malware, ou um programa renitente como este as vezes demora um pouco.

• Execute o arquivo Zoek.exe.
  
• Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!
  
  c:\program files (x86)\Megalon\megalon.exe;f
  c:\program files\common files\wws\watchdog.exe;f
  c:\program files\common files\clocker\clocker.exe;f
  c:\program files (x86)\Megalon;fs
  c:\program files\common files\wws;fs
  c:\program files\common files\clocker;fs
  megalon;a
  megalon;z
  
  
  
• Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
  
• Clique Run Script!
  
• Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
  
• Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
  
• Poste o relatório zoek-results.txt na sua próxima resposta.
  

Um grande abraço.

caedurodrigues escreveu:Bom dia Andreata, é o que estamos tentando descobrir. Uma remoção de malware, ou um programa renitente como este as vezes demora um pouco.

• Execute o arquivo Zoek.exe.
  
• Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!
  
  c:\program files (x86)\Megalon\megalon.exe;f
  c:\program files\common files\wws\watchdog.exe;f
  c:\program files\common files\clocker\clocker.exe;f
  c:\program files (x86)\Megalon;fs
  c:\program files\common files\wws;fs
  c:\program files\common files\clocker;fs
  megalon;a
  megalon;z
  
  
  
• Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
  
• Clique Run Script!
  
• Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
  
• Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
  
• Poste o relatório zoek-results.txt na sua próxima resposta.
  

Um grande abraço.

Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Cliente on 25/02/2015 at 10:46:47,85.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cliente.Cliente1-PC\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-30-130212.log 10944 bytes
C:\zoek-results2015-01-29-150558.log 141652 bytes
C:\zoek-results2015-02-24-045648.log 22440 bytes

==== Deleting Files \ Folders ======================

c:\program files (x86)\Megalon not found
"c:\program files (x86)\Megalon\megalon.exe" not found
"c:\program files\common files\wws\Watchdog.exe" deleted
"c:\program files\common files\clocker\Clocker.exe" deleted
"c:\program files\common files\WWS\Watchdog.exe" deleted
"c:\program files\common files\Clocker\Clocker.exe" deleted
"c:\program files\common files\WWS" not deleted
"c:\program files\common files\Clocker" not deleted

==== Folders Found ======================

2015-02-25 01:56:01 2015-02-25 01:56:01 -------- d-----w- C:\FRST\Quarantine\C\Program Files\Megalon
2015-02-25 02:05:06 2015-02-25 02:05:06 -------- d-----w- C:\Program Files\Megalon

==== Files Found ======================


--- C:\FRST\Quarantine\C\Program Files\Megalon\Megalon.exe ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-25 01:56:01
Modified time: 2015-02-25 01:55:51
MD5: DC1C3048BFE9C756118E5E08EF9F6B19
SHA1: C8C7AB1A02B6575C578996311574F88E8E6C8036


--- C:\Program Files\Megalon\Megalon.exe ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-25 02:05:06
Modified time: 2015-02-25 02:04:54
MD5: 12DE9A7C09D933DA9E0D95E9165B868B
SHA1: 7A06496E48B9015DE7FD2AD4AEABEB5AFB6BD74C


--- C:\Users\Cliente.Cliente1-PC\AppData\Roaming\ZHP\Quarantine\megalon.exe.VIR ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-23 12:53:57
Modified time: 2015-02-23 12:53:45
MD5: D9209D8F5FF857B7D1429A5553B8904C
SHA1: 75A75EA062A325640BCA3A6DEE3C31CAF5CB2897


--- C:\Windows\Prefetch\MEGALON.EXE-F1225F0F.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 67506
Created time: 2015-02-24 02:32:16
Modified time: 2015-02-25 02:05:22
MD5: E48D6F6861739682EEA3BF8CA9E3B151
SHA1: 0044DE94FA45E04814E49994637535D6DB22C92E


==== Registry Search Results for "megalon" ======================


[HKEY_USERS\S-1-5-21-3258268329-354441947-3349506184-1000\Software\Megalon]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=57 folders=17 17120977 bytes)

==== After Reboot ======================

==== Deleting Files / Folders ======================

"c:\program files\common files\wws\Watchdog.exesearch" not found
"c:\program files\common files\clocker\Clocker.exesearch" not found
"c:\program files\common files\WWS" not found
"c:\program files\common files\Clocker" not found

==== EOF on 25/02/2015 at 10:53:20,22 ======================

Desculpe postar uma resposta rápida depois que rodei o ZOEK.exe
diz que deletou o Megatron,
mas não é no facebook, que abro, e aparece, qualquer página da internet, fiz um teste, abri uma página , depois do site aqui, fechei ele, e quando abri, veio a página GO.MEGALON,

Ok, tudo bem. Daqui ha pouco eu te passo outro procedimento.

Boa tarde Andreata, execute novamente a ferramenta Zoek.

emptyfolderscheck;delete
C:\Program Files\Megalon;fs
C:\Program Files\Megalon\Megalon.exe;f
C:\Windows\Prefetch\MEGALON.EXE-F1225F0F.pf;f
[-HKEY_USERS\S-1-5-21-3258268329-354441947-3349506184-1000\Software\Megalon];r64
[-HKEY_USERS\S-1-5-21-3258268329-354441947-3349506184-1000\Software\Megalon];r
megalon;a
megalon;z
quickscan;
emptytemp;
emptyclsid;
Um grande abraço.

• Copie e cole estas informações,que estão em vermelho,no campo da ferramenta Zoek.
  
• Clique "Run Script".
  
• Aguarde o término. Ao final abrirá o bloco de notas com o relatório.
  
• Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
  
• Anexe o zoek-results.txt na sua próxima resposta.
  

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

caedurodrigues escreveu:Boa tarde Andreata, execute novamente a ferramenta Zoek.

emptyfolderscheck;deleteC:\Program Files\Megalon;fsC:\Program Files\Megalon\Megalon.exe;fC:\Windows\Prefetch\MEGALON.EXE-F1225F0F.pf;f[-HKEY_USERS\S-1-5-21-3258268329-354441947-3349506184-1000\Software\Megalon];r64[-HKEY_USERS\S-1-5-21-3258268329-354441947-3349506184-1000\Software\Megalon];rmegalon;amegalon;zquickscan;emptytemp;emptyclsid;Um grande abraço.
• Copie e cole estas informações,que estão em vermelho,no campo da ferramenta Zoek.
  
• Clique "Run Script".
  
• Aguarde o término. Ao final abrirá o bloco de notas com o relatório.
  
• Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
  
• Anexe o zoek-results.txt na sua próxima resposta.
  

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Cliente on 26/02/2015 at 13:48:28,33.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cliente.Cliente1-PC\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-30-130212.log 10944 bytes
C:\zoek-results2015-01-29-150558.log 141652 bytes
C:\zoek-results2015-02-24-045648.log 22440 bytes
C:\zoek-results2015-02-25-135320.log 3712 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-3258268329-354441947-3349506184-1000\Software\Megalon]

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-3258268329-354441947-3349506184-1000\Software\Megalon]

==== Deleting Files \ Folders ======================

"C:\Windows\Prefetch\MEGALON.EXE-F1225F0F.pf" not found
"C:\Program Files\Megalon\Megalon.exe" deleted
"C:\Program Files\Megalon\Megalon.exe" deleted
"C:\Program Files\Megalon" not deleted

==== Folders Found ======================

2015-02-25 01:56:01 2015-02-25 01:56:01 -------- d-----w- C:\FRST\Quarantine\C\Program Files\Megalon
2015-02-25 02:05:06 2015-02-26 16:49:30 -------- d-----w- C:\Program Files\Megalon
2015-02-25 13:54:38 2015-02-25 13:54:38 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Megalon.exe_b98b4e17e5681b43573bade5879a6c1fb268aeb_cab_0e55eb67
2015-02-26 16:49:28 2015-02-26 16:49:28 -------- d---a-w- C:\zoek_backup\C_Program Files_Megalon

==== Files Found ======================


--- C:\FRST\Quarantine\C\Program Files\Megalon\Megalon.exe ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright © 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-25 01:56:01
Modified time: 2015-02-25 01:55:51
MD5: DC1C3048BFE9C756118E5E08EF9F6B19
SHA1: C8C7AB1A02B6575C578996311574F88E8E6C8036


--- C:\Program Files\Megalon\Megalon.exesearch ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright © 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-25 02:05:06
Modified time: 2015-02-25 02:04:54
MD5: 12DE9A7C09D933DA9E0D95E9165B868B
SHA1: 7A06496E48B9015DE7FD2AD4AEABEB5AFB6BD74C


--- C:\Users\Cliente.Cliente1-PC\AppData\Roaming\ZHP\Quarantine\megalon.exe.VIR ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright © 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-23 12:53:57
Modified time: 2015-02-23 12:53:45
MD5: D9209D8F5FF857B7D1429A5553B8904C
SHA1: 75A75EA062A325640BCA3A6DEE3C31CAF5CB2897


--- C:\zoek_backup\C_Program Files_Megalon_Megalon.exe.vir ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright © 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-26 16:49:28
Modified time: 2015-02-25 02:04:54
MD5: 12DE9A7C09D933DA9E0D95E9165B868B
SHA1: 7A06496E48B9015DE7FD2AD4AEABEB5AFB6BD74C


--- C:\zoek_backup\C_Program Files_Megalon\Megalon.exe ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright © 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-26 16:49:28
Modified time: 2015-02-25 02:04:54
MD5: 12DE9A7C09D933DA9E0D95E9165B868B
SHA1: 7A06496E48B9015DE7FD2AD4AEABEB5AFB6BD74C


==== Registry Search Results for "megalon" ======================


[HKEY_USERS\S-1-5-21-3258268329-354441947-3349506184-1000\Software\Microsoft\Windows\Windows Error Reporting\Debug]
"StoreLocation"="C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\NonCritical_Megalon.exe_b98b4e17e5681b43573bade5879a6c1fb268aeb_cab_0e55eb67"

[HKEY_USERS\S-1-5-21-3258268329-354441947-3349506184-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Program Files\\Megalon\\Megalon.exe"=dword:00000020

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\CLIENT~1.CLI\AppData\Local\Temp ====
2015-02-25 02:00:14 B2EED4AB3DF0481FD30D5FE3A448CEA8 53496 ----a-w- C:\Users\Cliente.Cliente1-PC\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2015-02-25 02:00:14 B2EED4AB3DF0481FD30D5FE3A448CEA8 53496 ----a-w- C:\Users\CLIENT~1.CLI\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-02-21 12:27:14 5E9E936ACC43E1D8639E6980A203DBA9 237864 ----a-w- C:\Windows\SysWOW64\EasyAntiCheat.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-02-21 12:27:29 E86527F311A52CC48DE74FA5E7AA6461 477464 ----a-w- C:\Windows\Sysnative\EasyAntiCheat.sys
====== C:\Windows\Sysnative\drivers =====
2015-02-24 23:21:55 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
====== C:\Windows\Tasks ======
2015-02-25 13:54:37 AA10A2C2D75C59E9C3EE3879B16C4169 3106 ----a-w- C:\Windows\Sysnative\Tasks\{F244C3E2-6722-4EA2-A283-53959B734B33}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-02-25 02:05:06 -------- d-----w- C:\Program Files\Megalon
======= C:\PROGRA~2 =====
2015-02-22 03:23:51 -------- d-----w- C:\PROGRA~2\MSI Afterburner
======= C: =====
====== C:\Users\Cliente.Cliente1-PC\AppData\Roaming ======
2015-02-24 04:54:51 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-02-24 04:54:51 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-02-24 04:54:51 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2015-02-24 04:54:50 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Local\Temp
2015-02-24 04:54:50 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Local\Temp
2015-02-23 01:53:30 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Local\Funcom
2015-02-23 01:53:30 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Local\Funcom
2015-02-22 03:24:05 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-02-22 03:24:05 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-02-22 02:41:46 45E91084483626304008004D639D9A0A 109296 ----a-w- C:\Windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-19 02:56:04 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Local\Steam
2015-02-19 02:56:04 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Local\Steam
2015-02-07 19:32:03 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Roaming\RIFT
2015-02-07 19:32:03 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Roaming\RIFT
2015-02-04 18:11:24 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Roaming\roi
2015-02-04 18:11:24 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Roaming\roi
2015-01-31 04:27:28 -------- d-----w- C:\Users\Cliente.Cliente1-PC\AppData\Roaming\steam.transformice.com
2015-01-31 04:27:28 -------- d-----w- C:\Users\CLIENT~1.CLI\AppData\Roaming\steam.transformice.com
====== C:\Users\Cliente.Cliente1-PC ======
2015-02-24 17:13:08 0E7C696F4066B6D314CA2CD83EF0CFB5 1733632 ----a-w- C:\Users\Cliente.Cliente1-PC\ZHPCleaner.exe
2015-02-24 17:13:08 0E7C696F4066B6D314CA2CD83EF0CFB5 1733632 ----a-w- C:\Users\CLIENT~1.CLI\ZHPCleaner.exe
2015-02-24 12:46:27 9E1D2B37031B96A7DC858D65B1FA92FF 2087424 ----a-w- C:\Users\Cliente.Cliente1-PC\Desktop\FRST64.exe
2015-02-24 12:46:27 9E1D2B37031B96A7DC858D65B1FA92FF 2087424 ----a-w- C:\Users\CLIENT~1.CLI\Desktop\FRST64.exe
2015-02-18 22:53:34 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Cliente.Cliente1-PC\Desktop\adwcleaner_4.111.exe
2015-02-18 22:53:34 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\CLIENT~1.CLI\Desktop\adwcleaner_4.111.exe
2015-01-28 19:40:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

====== C: exe-files ==
2015-02-26 13:32:31 DD45E9B6C862A9DEEC1F59B2259C31B6 438152 ----a-w- C:\Users\Cliente.Cliente1-PC\AppData\Local\NVIDIA\NvBackend\Packages\00007099\CoProc update.19353367.exe
2015-02-25 01:56:01 DC1C3048BFE9C756118E5E08EF9F6B19 78336 ----a-w- C:\FRST\Quarantine\C\Program Files\Megalon\Megalon.exe
2015-02-24 17:13:08 0E7C696F4066B6D314CA2CD83EF0CFB5 1733632 ----a-w- C:\Users\Cliente.Cliente1-PC\ZHPCleaner.exe
2015-02-24 12:46:27 9E1D2B37031B96A7DC858D65B1FA92FF 2087424 ----a-w- C:\Users\Cliente.Cliente1-PC\Desktop\FRST64.exe
2015-02-23 14:10:28 CC75BBD6E0418DFBCC49778AA80A6E2C 122880 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\Bin32\web\awesomium_pak_utility.exe
2015-02-23 14:09:50 F8205543AE01AAF513ED20BDA39B7D32 39336 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\Bin32\web\awesomium_process.exe
2015-02-23 14:09:41 498BBD23CE1E0ED755AA254A30411F71 120328 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\Bin32\PnzWebWrapper.exe
2015-02-23 14:08:57 DDCE338BB173B32024679D61FB4F2BA6 537432 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Redist\DX\DXSETUP.exe
2015-02-23 14:08:57 A3F69A9CA25C7EBF12CEB7F387B63860 313864 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzSteamLauncher.exe
2015-02-23 14:08:57 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Redist\VS\vcredist_x86.exe
2015-02-23 14:08:57 40395C175553CB14D2050888EFCCDF00 4961800 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Redist\VS\vcredist_x64.exe
2015-02-23 14:08:57 38A783524B07A38F8E7E4B8C78269693 421896 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Bin32\PnzUcAdm.exe
2015-02-23 14:08:57 0B99BF16ED23B9134921A91B3FE51FE3 8589832 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\start.exe
2015-02-23 14:08:57 0B99BF16ED23B9134921A91B3FE51FE3 8589832 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Installer\us\start.exe
2015-02-23 14:08:57 0B99BF16ED23B9134921A91B3FE51FE3 8589832 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Installer\ru\start.exe
2015-02-23 14:08:57 0B99BF16ED23B9134921A91B3FE51FE3 8589832 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\PnzTools\Installer\com\start.exe
2015-02-23 14:08:56 A43CC5CD7B9DE177B128A50495CE9E00 2523144 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\Bin64\PnzCl.exe
2015-02-23 14:08:56 2B480D972F40C4090F1C594834DE898D 2524168 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Panzar\Bin32\PnzCl.exe
2015-02-22 03:23:51 5C7EFE2D94830727CC10C145006EBCCF 86069 ----a-w- C:\Program Files (x86)\MSI Afterburner\Uninstall.exe
2015-02-22 03:23:15 F8AB917987F50EC4B2D536DACB34EEF7 36420117 ----a-w- C:\Users\Cliente.Cliente1-PC\Desktop\Back- Up\Downloads\MSIAfterburnerSetup410.exe
2015-02-21 12:27:14 5E9E936ACC43E1D8639E6980A203DBA9 237864 ----a-w- C:\Windows\SysWOW64\EasyAntiCheat.exe
2015-02-20 18:14:21 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Program Files (x86)\Google\Update\Install\{E51BCB36-4138-47FC-A3FA-A7FEA56732DD}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
2015-02-20 18:14:21 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_40.0.2214.111_chrome_updater.exe
2015-02-19 21:21:19 935CD218C06721994ED48349361467F9 555320 ----a-w- C:\Program Files (x86)\GbPlugin\gbpsv.exe
2015-02-19 21:20:57 0401C613DDF8E3D4D9915F351240202A 5570344 ----a-w- C:\ProgramData\Temp\gbplugin_ie_bb_setup.exe
=== C: other files ==
2015-02-21 12:27:29 E86527F311A52CC48DE74FA5E7AA6461 477464 ----a-w- C:\Windows\System32\EasyAntiCheat.sys
2015-02-19 21:21:16 9B06D67FEDAABE253A2A68B68F5CBD2A 24792 ----a-w- C:\Program Files (x86)\GbPlugin\wsftprp64.sys
2015-02-19 21:20:51 27572098616286AA3EA1A20C93FAAAE4 18933 ----a-w- C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\bb\sf.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"Megalon"="C:\Program Files\Megalon\Megalon.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO System Cleaner Finalize All]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="COMODO System Cleaner Finalize All"
"hkey"="HKLM"
"command"="\"C:\\Users\\Cliente.Cliente1-PC\\Desktop\\Back- Up\\Downloads\\COMODO System-Cleaner\\CSC.EXE\" //delete_all"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO System Cleaner SafeDelete]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="COMODO System Cleaner SafeDelete"
"hkey"="HKLM"
"command"="\"C:\\Users\\Cliente.Cliente1-PC\\Desktop\\Back- Up\\Downloads\\COMODO System-Cleaner\\CSC.EXE\" //safedeletion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSScheduler"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvBackend"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ShadowPlay"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^forteManager.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\forteManager.lnk"
"backup"="C:\\Windows\\pss\\forteManager.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\LGSOFT~1\\FORTEM~1\\bin\\Monitor.exe -startup"
"item"="forteManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Cliente.Cliente1-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk]
"path"="C:\\Users\\Cliente.Cliente1-PC\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Recorte de tela e Iniciador do OneNote 2007.lnk"
"backup"="C:\\Windows\\pss\\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~1\\Office12\\ONENOTEM.EXE /tsr"
"item"="Recorte de tela e Iniciador do OneNote 2007"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvNetworkService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvStreamSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Skype C2C Service]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\EVGAPrecisionX" [C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{53904776-AC9E-43EC-B70E-776173C3840E}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\CLIENT~1.CLI\AppData\Roaming\Mozilla\Firefox\Profiles\kod3lnf7.default
user_pref("browser.startup.homepage", "about:home");

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [19/02/2015 18:21]

==== Firefox Extensions ======================

ProfilePath: C:\Users\CLIENT~1.CLI\AppData\Roaming\Mozilla\Firefox\Profiles\kod3lnf7.default
- GBBD Banco do Brasil - C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
- Undetermined - {87F8774F-B485-47E2-A755-A40A8A5E886C}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Cliente.Cliente1-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kod3lnf7.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
1DE5D05F67114FAEA17AD47B5E01DF6F - C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
2BC6A052D9B153F6DC2F0E420FB4F407 - C:\Users\Cliente.Cliente1-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin
A7D38CD759C7AD594D1B255001BDDD8E - C:\Users\Cliente.Cliente1-PC\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chromium Look ======================

Google Slides - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avira Browser Safety - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
Google Wallet - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Cliente.Cliente1-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avira Browser Safety - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
Google Wallet - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - CLIENT~1.CLI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== C:\zoek_backup content ======================

C:\zoek_backup (files=59 folders=18 17277795 bytes)

==== Empty Temp Folders ======================

C:\Users\Cliente.Cliente1-PC\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\CLIENT~1.CLI\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\CLIENT~1.CLI\AppData\Local\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files\Megalon\Megalon.exesearch" not found
"C:\Program Files\Megalon" not found

==== EOF on 26/02/2015 at 13:57:00,10 ======================

Boa tarde Andreata, como está o PC ?

caedurodrigues escreveu:Boa tarde Andreata, como está o PC ?

Boa Tarde, desliguei pc, entrei aqui, abri paginas da internet e não aparece mais o Megatron.
PC está ótimo.
grato

Boa tarde Andreata, Ainda há algum problema com o PC ? Caso não, siga os passos abaixo para encerrar o tópico.

Agora vamos remover as ferramentas utilizadas na desinfecção.

• Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...par Xplode)
  
• Salve-a na sua área de trabalho.
  
• Dê dois cliques no delfix.exe para executá-lo.
  
• Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo delfix.exe,depois clique em: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
  
• Marque as caixinhas, de acordo com a imagem.
  
• Clique no botão Executar.
  
• Reinicie o computador!
  
• Tudo OK ?
  

Um grande abraço.