Kaspersky bloqueando propagandas e sites maliciosos

por Andreata Qua 25 Nov 2015, 22:49

Boa Noite , comprei o Kaspersky pago, antivirus, ele tá bloqueando sites maliciosos aqui a cada meia hora, e a cada clicada que dou no meu google Chrome aparece uma propaganda, qualquer enter que dou aparece propaganda, já desativei todas extensões no meu firefox......Isso foi coisa do meu filho que clicou em clipes aqui, mas não pornográficos, em algum lugar, e agora estou infectado com algo no pc, apesar do Kaspersky ter achado já um malware. e bloqueado já varios sites maliciosos. Mas as propagandas não param de aparecer, e o chrome ficou bem lento em games de flash.....preciso solução . grato
Mais tarde ou amanhã entro aqui de novo
E esquecendo quando cliquei p enviar a mensagem apareceu a propaganda em outro link,

por **caedurodrigues** Qui 26 Nov 2015, 08:32

Bom dia Andreata, eu vou analisar o seu caso.

Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ><[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ...Nicolas Coolman)
Na página, clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Salve-a no Desktop (Área de trabalho)
Dê um duplo clique para executar [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem].
Para Windows 7, 8 clique direito e depois em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique "Eu"
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique em Scanner
Após a Conclusão
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique em Relatório
Obs: O relatório por ser extenso deve ser postado em um desses sites:
Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !

por Andreata Qui 26 Nov 2015, 19:03

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

por **caedurodrigues** Sex 27 Nov 2015, 00:07

Boa noite Andreata, você está infectado.

---\\ Informações complémentaires do módulos (5) - 0s
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.DNSUnlocker
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.Skillbrains
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...by Nicolas Coolman)
Na página, clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Salve-a na Desktop (Área de trabalho)
Execute ZHPCleaner.exe.
Clique "Eu"
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique Scanner.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Ao concluir,clique Reparar.
Aguarde a Conclusão !
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique Relatório.
Poste o Relatório.

Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...par Xplode)
Ou aqui >>[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]<<
Salve-a na sua Desktop (área de trabalho).
Feche todos os programas e navegadores de internet abertos.
Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique em Examinar, para iniciar o escaneamento!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Ao término, clique em limpar
Copie o log ou clique "Relatório".
Poste: >> C:\AdwCleaner\AdwCleaner[C1].txt<<

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Mantenha desativados seus programas de proteção para não causar conflitos.

por Andreata Sex 27 Nov 2015, 01:18

caedurodrigues escreveu:Boa noite Andreata, você está infectado.
---\\ Informações complémentaires do módulos (5) - 0s
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.DNSUnlocker
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.Skillbrains
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...by Nicolas Coolman)
Na página, clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Salve-a na Desktop (Área de trabalho)
Execute ZHPCleaner.exe.
Clique "Eu"
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique Scanner.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Ao concluir,clique Reparar.
Aguarde a Conclusão !
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique Relatório.
Poste o Relatório.

Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...par Xplode)
Ou aqui >>[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]<<
Salve-a na sua Desktop (área de trabalho).
Feche todos os programas e navegadores de internet abertos.
Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Clique em Examinar, para iniciar o escaneamento!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Ao término, clique em limpar
Copie o log ou clique "Relatório".
Poste: >> C:\AdwCleaner\AdwCleaner[C1].txt<<

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Mantenha desativados seus programas de proteção para não causar conflitos.

AINDA ESTÁ aparecendo propagandas quando reiniciei o PC, os relatórios

~ ZHPCleaner v2015.11.25.385 by Nicolas Coolman (2015/11/25)
~ Run by Cliente (Administrator) (27/11/2015 01:07:17)
~ Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Cliente\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Cliente\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\ Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Navegadores de Internet (1)
SUPRIMIDO dados: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : <local>] =>Hijacker.Proxy

---\\ Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)

---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Explorer ( Arquivos, Pastas) (2)
MOVIDO arquivo: C:\Program Files (x86)\DNS Unlocker =>PUP.Optional.DNSUnlocker
MOVIDO arquivo: C:\Program Files\Reimage =>PUP.Optional.ReImageRepair

---\\ Registro ( Chaves, Valores, Dados ) (18)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\Software\APN PIP [] =>PUP.Optional.Conduit
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\Software\SkillBrains [] =>PUP.Optional.Skillbrains
SUPRIMIDO chave: HKCU\Software\APN PIP [] =>PUP.Optional.Conduit
SUPRIMIDO chave: HKCU\Software\SkillBrains [] =>PUP.Optional.Skillbrains
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\TypeLib\{20137857-D131-409C-A095-6A633E420205} [GrooveResourcePrivate] =>PUP.Optional.Shopper
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine [ReiEngine Class] =>PUP.Optional.GetLiveSupport
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 [ReiEngine Class] =>PUP.Optional.GetLiveSupport
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\groover241120151852 [] =>PUP.Optional.Shopper
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\24E806E0535EB873FB9C10053B74A3A4 [C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\pt-BR\SqlWorkflowInstanceStoreLogic.sql] =>PUP.Optional.CrossRider
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDB78C0B40F1D73C97CC1823E0D4A2D [C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\pt-BR\SqlWorkflowInstanceStoreLogic.sql] =>PUP.Optional.CrossRider
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\groover241120151852 [] =>PUP.Optional.Shopper
SUPRIMIDO chave: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{20137857-D131-409C-A095-6A633E420205} [GrooveResourcePrivate] =>PUP.Optional.Shopper
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1 [[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.DNSUnlocker
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Offercast33_ATU3__RASAPI32 [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Offercast33_ATU3__RASMANCS [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Offercast36_ATU3__RASAPI32 [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Offercast36_ATU3__RASMANCS [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b [] =>Hijacker.Browser

---\\ Resumo dos elementos encontrados na sua estação de trabalho (10)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.DNSUnlocker
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.ReImageRepair
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.Skillbrains
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.Shopper
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.GetLiveSupport
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Optional.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browser

---\\ Dodatkowe oczyszczenie. (0)
~ Chave de registro Tracing Supprimido (0)
~ Remover os relatórios antigos ZHPCleaner. (0)

---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)

---\\ Estatísticas
~ Items scan : 1096
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 21

~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-27112015-01_07_52.txt
ZHPCleaner-[S]-27112015-01_06_52.txt

por Andreata Sex 27 Nov 2015, 01:19

o outro relatório............

# AdwCleaner v5.022 - Relatório criado 27/11/2015 às 01:10:39
# Atualizado 22/11/2015 por Xplode
# Banco de dados : 2015-11-22.2 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x64)
# Usuário : Cliente - CLIENTE-PC
# Executando de : C:\Users\Cliente\Desktop\AdwCleaner.exe
# Opção : Limpar
# Apoio : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

***** [ Serviços ] *****

***** [ Pastas ] *****

[-] Pasta Excluído : C:\Program Files\groover241120151852
[-] Pasta Excluído : C:\Users\Cliente\AppData\Local\YSearchUtil
[-] Pasta Excluído : C:\Users\Cliente\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Pasta Excluído : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Arquivos ] *****

[-] Arquivo Excluído : C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\searchplugins\yahoo_ff.xml
[-] Arquivo Excluído : C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\user.js
[-] Arquivo Excluído : C:\Windows\Reimage.ini

***** [ DLLs ] *****

***** [ Atalhos ] *****

***** [ Tarefas agendadas ] *****

[-] Tarefa Excluída : amiupdaterExd
[-] Tarefa Excluída : amiupdaterExi
[-] Tarefa Excluída : DNSGERMANIA

***** [ Registro ] *****

[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Chave Excluída : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{1DBCD46C-EE4F-4FF7-81BB-0D2932AEFE72}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{52EDB183-9E7B-426D-B16F-67E2E4A195EA}
[!] Chave Não Excluída : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[!] Chave Não Excluída : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{85838333-B09C-4BAE-AEA6-77FCA123E0F7}
[!] Chave Não Excluída : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{1DBCD46C-EE4F-4FF7-81BB-0D2932AEFE72}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{52EDB183-9E7B-426D-B16F-67E2E4A195EA}
[!] Chave Não Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Chave Excluída : HKCU\Software\{89AA84BC-E37C-4239-b864-3FCBCFB4EE4F}
[-] Chave Excluída : HKU\.DEFAULT\Software\{89AA84BC-E37C-4239-b864-3FCBCFB4EE4F}
[-] Chave Excluída : HKU\S-1-5-19\Software\{89AA84BC-E37C-4239-b864-3FCBCFB4EE4F}
[-] Chave Excluída : HKU\S-1-5-20\Software\{89AA84BC-E37C-4239-b864-3FCBCFB4EE4F}
[-] Chave Excluída : HKU\S-1-5-21-3195528365-2483452637-1177309064-1000_Classes\Software\{89AA84BC-E37C-4239-b864-3FCBCFB4EE4F}
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8D9AD364-7D1D-45B3-93F9-26D28AD8E2AD}
[-] Dados Restaurar : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{44EF418C-E667-4D2C-BC3B-AC8248F15F92} [NameServer]
[-] Dados Restaurar : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{44EF418C-E667-4D2C-BC3B-AC8248F15F92} [NameServer]
[-] Dados Restaurar : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{44EF418C-E667-4D2C-BC3B-AC8248F15F92} [NameServer]

***** [ Navegadores ] *****

[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("keyword.URL", "hxxps://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=");
[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_VBATES_executeCode", "not set");
[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_VBATES_ga_redirected", "not set");
[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_VBATES_ga_redirectedUrl", "not set");
[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_VBATES_lastUpdate", "14484987300578641448498730058");
[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_VBATES_redirectURL", "not set");
[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_VBATES_referer", "not set");
[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_VBATES_status", "active");
[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_VBATES_whiteList", "not set");
[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_installer_name", "vbates_amonbrex-00-3687_.exe");
[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_pxl_VBATES_dailyPing", "dailyPing1448584559251");
[-] [C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\prefs.js] [Preference] Excluída : user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_temp_installer_name", "vbates_amonbrex-00-3687_.exe");
[-] [C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.ask.com
[-] [C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : npdicihegicnhaangkdmcgbjceoemeoo

*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8003 bytes] ##########

por **caedurodrigues** Sex 27 Nov 2015, 08:25

Bom dia Andreata, qualquer processo de desinfecção realmente é demorado, pois deve ser realizada uma limpeza profunda. Primeiro utilizamos as ferramentas automáticas para remover o maior número possível de problemas, e depois executamos as ferramentas que dependem de um script de remoção.

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...by Malwarebytes)
Dê um duplo-clique no mbam-setup.exe para instalar o programa.
Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"
Clique "Concluir".
Se houver atualizações a serem feitas, serão baixadas e instaladas !
Escolha Configurações >> Detecção e proteção >> Marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados), selecione Tratar detecções como malware.
Clique em Verificar. Em seguida Verificar Ameaça e por fim em Iniciar Verificação.
Começara então o escaneamento. Aguarde pois pode demorar.
Ps: Para determinadas infecções,o programa pedirá reboot. << Confirme!
Ao concluir, se houver ítens encontrados, clique no botão Remover Selecionados
O log é automaticamente salvo pelo MBAM, e para vê-lo clique na aba Histórico >> Logs de aplicativos na janela principal do programa.
Dê um duplo-clique em Scan Log. Depois clique no botão Exportar. Utilize o formato .txt para exportar o log e salve-o na área de trabalho.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
NÃO UTILIZAR O FORMATO .XML PARA EXPORTAR O LOG.
O log de Proteção e desnecessário para uma Análise, exporte sempre o log Correto.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez).
Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

por Andreata Sex 27 Nov 2015, 16:16

caedurodrigues escreveu:Bom dia Andreata, qualquer processo de desinfecção realmente é demorado, pois deve ser realizada uma limpeza profunda. Primeiro utilizamos as ferramentas automáticas para remover o maior número possível de problemas, e depois executamos as ferramentas que dependem de um script de remoção.

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...by Malwarebytes)
Dê um duplo-clique no mbam-setup.exe para instalar o programa.
Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"
Clique "Concluir".
Se houver atualizações a serem feitas, serão baixadas e instaladas !
Escolha Configurações >> Detecção e proteção >> Marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados), selecione Tratar detecções como malware.
Clique em Verificar. Em seguida Verificar Ameaça e por fim em Iniciar Verificação.
Começara então o escaneamento. Aguarde pois pode demorar.
Ps: Para determinadas infecções,o programa pedirá reboot. << Confirme!
Ao concluir, se houver ítens encontrados, clique no botão Remover Selecionados
O log é automaticamente salvo pelo MBAM, e para vê-lo clique na aba Histórico >> Logs de aplicativos na janela principal do programa.
Dê um duplo-clique em Scan Log. Depois clique no botão Exportar. Utilize o formato .txt para exportar o log e salve-o na área de trabalho.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
NÃO UTILIZAR O FORMATO .XML PARA EXPORTAR O LOG.
O log de Proteção e desnecessário para uma Análise, exporte sempre o log Correto.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez).
Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Desculpe a demora, em Histórico, Não tem opção log de aplicativo e sim Registros de Aplicativos,e não tem opção SCAN LOG, e sim EXCLUIR. e tem itens na quarentena 7 deles, o que faço veja o print

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e veja os itens de quarentena

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

por **caedurodrigues** Sex 27 Nov 2015, 20:21

Boa noite Andreata, Clique na aba Histórico -> Registros de aplicativos dê um duplo-clique no Registro de verificação. Clique no botão Exportar -> Arquivo texto (*.txt) e salve o log em sua área de trabalho. Logo em seguida poste o relatório. Um grande abraço.

por Andreata Sex 27 Nov 2015, 21:32

caedurodrigues escreveu:Boa noite Andreata, Clique na aba Histórico -> Registros de aplicativos dê um duplo-clique no Registro de verificação. Clique no botão Exportar -> Arquivo texto (*.txt) e salve o log em sua área de trabalho. Logo em seguida poste o relatório. Um grande abraço.

Agora entendi,

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data da verificação: 27/11/2015
Hora da verificação: 15:55
Arquivo de registro: aquivo texto.txt
Administrador: Sim

Versão: 2.2.0.1024
Banco de dados de malware: v2015.11.27.03
Banco de dados de rootkit: v2015.11.26.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Cliente

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 334688
Tempo decorrido: 13 min, 15 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 0
(Nenhum item malicioso detectado)

Valores de registro: 2
PUP.Optional.Groover.BrwsrFlsh, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{9DACF279-3008-4980-969B-EBA6470C839E}, C:\Program Files\groover241120151852\Firefox\{9DACF279-3008-4980-969B-EBA6470C839E}.xpi, Quarentena, [46b9bfc39eedcd6956fc2349867da957]
PUP.Optional.Groover.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{9DACF279-3008-4980-969B-EBA6470C839E}, C:\Program Files\groover241120151852\Firefox\{9DACF279-3008-4980-969B-EBA6470C839E}.xpi, Quarentena, [04fbc0c2107b57dff260afbddc277987]

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 2
PUP.Optional.VBates, C:\Users\Cliente\AppData\LocalLow\Company\Product\1.0, Quarentena, [fb04552d06850c2a038deccea36048b8],
PUP.Optional.VBates, C:\Users\Cliente\AppData\LocalLow\Company\Product, Quarentena, [fb04552d06850c2a038deccea36048b8],

Arquivos: 3
PUP.Optional.WinYahoo, C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi, Quarentena, [d926740e365591a56e09278733d015eb],
PUP.Optional.VBates, C:\Users\Cliente\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, Quarentena, [fb04552d06850c2a038deccea36048b8],
PUP.Optional.VBates, C:\Users\Cliente\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, Quarentena, [fb04552d06850c2a038deccea36048b8],

Setores físicos: 0
(Nenhum item malicioso detectado)

(end)

por Andreata Sex 27 Nov 2015, 22:58

Veja neste print o que é, do chrome ? a mensagem nunca vi esta mensagem ai em cima
dizendo VC QUIS ir a [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ?

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

por **caedurodrigues** Sáb 28 Nov 2015, 00:03

Boa noite Andreata,

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...by Smeenk)
Salve na sua Desktop (Área de trabalho) !
Execute o arquivo Zoek.exe.
Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
chromelook;
reset chrome;
chrdefaults;
shortcutfix;
emptyalltemp;
autoclean;

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
Clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem], aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
Anexe o zoek-results.txt na sua próxima resposta.

por Andreata Sáb 28 Nov 2015, 13:35

caedurodrigues escreveu:Boa noite Andreata,

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...by Smeenk)
Salve na sua Desktop (Área de trabalho) !
Execute o arquivo Zoek.exe.
Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
chromelook;
reset chrome;
chrdefaults;
shortcutfix;
emptyalltemp;
autoclean;

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
Clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem], aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
Anexe o zoek-results.txt na sua próxima resposta.

Estou executando o Zoek. mas e quanto ao Malwaresbyt ? Ainda não executei ele na opção Exlcuir.

por Andreata Sáb 28 Nov 2015, 14:30

28/11/2015 13:30:12 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Cliente\AppData\Roaming\Albion deleted successfully
C:\Users\Cliente\AppData\Roaming\Mouse Recorder Pro deleted successfully
C:\Users\Cliente\AppData\Roaming\Splitscreen Studios deleted successfully
C:\Users\Cliente\AppData\Local\0ad deleted successfully
C:\Users\Cliente\AppData\Local\MyComGames deleted successfully
C:\Users\Cliente\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\Software\Microsoft\Internet Explorer\SearchScopes\{89273821-111C-4526-B0F2-1D0EC8448245} deleted successfully
HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF1FF83-D72B-46DC-AC26-DEE8D1BD8B3F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully
HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{310CA7B9-D56B-499A-B786-D9648270585E} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{9DACF279-3008-4980-969B-EBA6470C839E} deleted successfully
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Approved Extensions\{9DACF279-3008-4980-969B-EBA6470C839E} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Approved Extensions\{9DACF279-3008-4980-969B-EBA6470C839E} deleted successfully
HKEY_USERS\S-1-5-21-3195528365-2483452637-1177309064-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{9DACF279-3008-4980-969B-EBA6470C839E} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");
user_pref("browser.startup.homepage", "https://br.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset");
---- Lines {9DACF279-3008-4980-969B-EBA6470C839E} removed from prefs.js ----
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.extensionFirstRun", false);
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.lastExtensionVersion", "2.0.0.477");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_injscs", "true|||8641448498159251");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_install_time", "24-11-2015");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_nb_timer", "true|||1448584562657");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_prepop_index", "0|||1448566583983");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_prepop_timer", "1448480183983|||1448566583983");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_prepop_url", "not set");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_product_name", "groover241120151852");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_product_version", "2.0.0.477");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_temp_version", "2.0.0.477|||8641448402350836");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_toolbarID", "8C80EF6781804193838882615606C012");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.ScriptData_vbts_geo", "BR|||8641448402473936");
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.setdefaultsearch_2.0.0.477", false);
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.setdnscatch_2.0.0.477", false);
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.sethomepage_2.0.0.477", false);
user_pref("{9DACF279-3008-4980-969B-EBA6470C839E}.setndsvalue_2.0.0.477", false);
---- FireFox user.js and prefs.js backups ----

prefs_112015_1343_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\Users\Cliente\AppData\Local\node-webkit deleted
C:\Users\Cliente\AppData\Local\Unity deleted
C:\Users\Cliente\AppData\LocalLow\Unity deleted
C:\Users\Cliente\AppData\LocalLow\Company deleted
C:\Users\Cliente\AppData\LocalLow\Yahoo deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\REN1D6.tmp deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default\Yahoo Inc deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"url_advisor@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com" [18/07/2015 00:01]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default
- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default
F114FBA6246530B89DD1E04351E0EAC5 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll - Shockwave Flash

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dbhjdbfgekjfcfkkfjjmlmojhbllhbho - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[03/01/2014 02:32]
npdicihegicnhaangkdmcgbjceoemeoo - No path found[]

Google Drive - Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky Protection - Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho
Chrome Web Store Payments - Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Drive - Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky Protection - Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho
Chrome Web Store Payments - Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==== Reset Google Chrome ======================

C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Cliente\Desktop\AlbionOnline.lnk - C:\Program Files (x86)\AlbionOnline\launcher\AlbionLauncher.exe
C:\Users\Cliente\Desktop\Auslogics DiskDefrag.lnk - C:\Program Files (x86)\Auslogics\DiskDefrag\DiskDefrag.exe
C:\Users\Cliente\Desktop\Glyph.lnk - C:\Program Files (x86)\Glyph\GlyphClient.exe
C:\Users\Cliente\Desktop\KUF2Launcher.lnk - C:\Leadhope\KUF2\KUF2Launcher.exe
C:\Users\Cliente\Desktop\MSI Afterburner.lnk - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Users\Cliente\Desktop\windirstat.lnk - C:\Program Files (x86)\WinDirStat\windirstat.exe
C:\Users\Cliente\Desktop\ZHPCleaner.lnk - C:\Users\Cliente\AppData\Roaming\ZHP\ZHPCleaner.exe
C:\Users\Cliente\Desktop\µTorrent.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\conversa jogo.LNK - C:\Users\Cliente\Desktop\conversa jogo.docx
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\CONVITES DONA VANDA.LNK - C:\Users\Cliente\Desktop\Arquivos salvos\Desktop\Back- Up\Documents\CONVITES DONA VANDA.doc
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\Documentos.LNK - C:\Users\Cliente\Desktop\Arquivos salvos\Desktop\Back- Up\Documents
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\Documents.LNK - C:\Users\Cliente\Desktop\Arquivos Cliente\Desktop\Arquivos salvos\Documents
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\Modelos.LNK - C:\Users\Cliente\AppData\Roaming\Microsoft\Modelos
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\PRINT DO JOGO.LNK - C:\Users\Cliente\Desktop\PRINT DO JOGO.docx
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\PRINTS DO JOGO REIS (2).LNK - C:\Users\Cliente\Desktop\PRINTS DO JOGO REIS.docx
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\PRINTS DO JOGO REIS.LNK - C:\Users\Cliente\Desktop\PRINTS DO JOGO REIS.docx
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\SENHA CAIXA.CAPITALIZAÇÃO.doc.LNK -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\SENHA CAIXA.CAPITALIZAÇÃO.LNK -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\wagner.LNK - C:\Users\Cliente\Desktop\Arquivos Cliente\Desktop\Arquivos salvos\Desktop\Back- Up\Downloads\backups\wagner
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\Área de Trabalho (2).LNK -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Office\Recente\Área de Trabalho.LNK -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Recent\System Volume Information.lnk - C:\System Volume Information
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk - C:\Windows\system32\cmd.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk - C:\Windows\system32\control.exe /name Microsoft.EaseOfAccessCenter
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk - C:\Windows\system32\magnify.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk - C:\Windows\system32\eudcedit.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio\The Elder Scrolls V Skyrim\Atualizador GameVicio.lnk - C:\Program Files (x86)\GameVicio\The Elder Scrolls V Skyrim\Atualizador.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio\The Elder Scrolls V Skyrim\Desinstalar a Tradução.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio\The Elder Scrolls V Skyrim\Leia-me.lnk - C:\Program Files (x86)\GameVicio\The Elder Scrolls V Skyrim\notas.html
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio\The Elder Scrolls V Skyrim\Problemas Técnicos.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio\The Elder Scrolls V Skyrim\Página GameVicio Brasil®.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\MSI Afterburner.lnk - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\ReadMe.lnk - C:\Program Files (x86)\MSI Afterburner\Doc\ReadMe.pdf
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\Uninstall.lnk - C:\Program Files (x86)\MSI Afterburner\Uninstall.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\MSI Afterburner localization reference.lnk - C:\Program Files (x86)\MSI Afterburner\SDK\Doc\Localization reference.pdf
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\MSI Afterburner skin format reference.lnk - C:\Program Files (x86)\MSI Afterburner\SDK\Doc\USF skin format reference.pdf
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\Samples.lnk - C:\Program Files (x86)\MSI Afterburner\SDK\Samples
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships\Uninstall World of Warships.lnk - C:\Games\World_of_Warships\unins000.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships\World of Warships.lnk - C:\Games\World_of_Warships\WoWSLauncher.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\Desktop\Arquivos salvos\Desktop\Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\Desktop\Arquivos salvos\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Cliente\Desktop\Arquivos Cliente\Desktop\Arquivos salvos\Desktop\Back- Up\Links\Desktop.lnk - C:\Users\Cliente\Desktop
C:\Users\Cliente\Desktop\Arquivos Cliente\Desktop\Arquivos salvos\Desktop\Back- Up\Links\Downloads.lnk - C:\Users\Cliente\Downloads
C:\Users\Cliente\Desktop\Arquivos Cliente\Desktop\Arquivos salvos\Links\Desktop.lnk - C:\Users\Cliente\Desktop
C:\Users\Cliente\Desktop\Arquivos Cliente\Desktop\Arquivos salvos\Links\Downloads.lnk - C:\Users\Cliente\Downloads
C:\Users\Cliente\Desktop\Arquivos Cliente\Desktop\Arquivos salvos\Links\Músicas - Atalho.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\Desktop\Arquivos salvos\Links\RecentPlaces.lnk -
C:\Users\Cliente\Desktop\Arquivos Cliente\Documents\Heroes of the Storm\T_57151727_729@1.lnk - C:\Users\Cliente\Desktop\Arquivos Cliente\Documents\Heroes of the Storm\Accounts\85865094\1-Hero-1-1362608
C:\Users\Cliente\Desktop\Arquivos Cliente\Links\Desktop.lnk - C:\Users\Cliente\Desktop
C:\Users\Cliente\Desktop\Arquivos Cliente\Links\Downloads.lnk - C:\Users\Cliente\Downloads
C:\Users\Cliente\Desktop\Arquivos Cliente\Links\RecentPlaces.lnk -
C:\Users\Cliente\Desktop\Breno e Stéfani Não Apagar\P1010122 - Cópia.JPG - Atalho (2).lnk -
C:\Users\Cliente\Desktop\Breno e Stéfani Não Apagar\P1010122 - Cópia.JPG - Atalho.lnk -
C:\Users\Cliente\Desktop\Breno e Stéfani Não Apagar\P1010122.JPG - Atalho (2).lnk -
C:\Users\Cliente\Desktop\Breno e Stéfani Não Apagar\P1010122.JPG - Atalho.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\CPUID HWMonitor.lnk - C:\Program Files (x86)\CPUID\HWMonitor\HWMonitor.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
C:\Users\Public\Desktop\Kingdom Online.lnk - C:\NTTGame\Kingdom\KOWPreLauncher.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online\AlbionOnline.lnk - C:\Program Files (x86)\AlbionOnline\launcher\AlbionLauncher.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online\Uninstall.lnk - C:\Program Files (x86)\AlbionOnline\uninstall.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\MSI Afterburner.lnk - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\ReadMe.lnk - C:\Program Files (x86)\MSI Afterburner\Doc\ReadMe.pdf
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\Uninstall.lnk - C:\Program Files (x86)\MSI Afterburner\Uninstall.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\MSI Afterburner localization reference.lnk - C:\Program Files (x86)\MSI Afterburner\SDK\Doc\Localization reference.pdf
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\MSI Afterburner skin format reference.lnk - C:\Program Files (x86)\MSI Afterburner\SDK\Doc\USF skin format reference.pdf
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\Samples.lnk - C:\Program Files (x86)\MSI Afterburner\SDK\Samples
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games\My.com Game Center.lnk - C:\Users\Cliente\AppData\Local\MyComGames\MyComGames.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Vindictus.lnk - C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\ReadMe.lnk - C:\Program Files (x86)\RivaTuner Statistics Server\Doc\ReadMe.pdf
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\RivaTuner Statistics Server.lnk - C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\Uninstall.lnk - C:\Program Files (x86)\RivaTuner Statistics Server\Uninstall.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\SDK\RivaTuner Statistics Server localization reference.lnk - C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Doc\Localization reference.pdf
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\SDK\RivaTuner Statistics Server skin format reference.lnk - C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Doc\USF skin format reference.pdf
C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server\SDK\Samples.lnk - C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Samples

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk - C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk - C:\Program Files\CPUID\HWMonitor\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph\Glyph.lnk - C:\Program Files (x86)\Glyph\GlyphClient.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph\Uninstall Glyph.lnk - C:\Program Files (x86)\Glyph\GlyphUninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_65\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_65\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kingdom\Kingdom Online.lnk - C:\NTTGame\Kingdom\KOWPreLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kingdom\Removing Kingdom Online.lnk - C:\NTTGame\Kingdom\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager\Motorola Device Manager.lnk - C:\Windows\Installer\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}\_EED70B3E82A514A7A6E8F1.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\Changelog.lnk - C:\Program Files\MPC-HC\Changelog.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\Desinstalar MPC-HC.lnk - C:\Program Files\MPC-HC\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64\MPC-HC x64.lnk - C:\Program Files\MPC-HC\mpc-hc64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest\NCLauncher\Uninstall - NCLauncher.lnk - C:\Program Files (x86)\NCWest\NCLauncher\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk - C:\Program Files\TeamSpeak 3 Client\Uninstall.exe

==== shortcuts in Quick Launch ======================

C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 1"
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyComGames deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCUpdateHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftEther VPN Client UI Helper deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cliente\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Cliente\Desktop\Arquivos Cliente\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cliente\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=399 folders=247 75321980 bytes)

==== Empty Temp Folders ======================

C:\Users\Cliente\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Cliente\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Cliente\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 28/11/2015 at 14:28:02,85 ======================

por **caedurodrigues** Sáb 28 Nov 2015, 16:18

Boa tarde Andreata,

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Farbar)>
Ou aqui:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Salve-a na Área de trabalho !
Execute a ferramenta ! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Verifique se as caixinhas em "Whitelist" estão assinaladas.
Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
Marque também a checkbox 90 Days Files
Será gerado o relatório! (FRST.txt)
Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !

ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.

por Andreata Sáb 28 Nov 2015, 17:46

caedurodrigues escreveu:Boa tarde Andreata,

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Farbar)>
Ou aqui:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Salve-a na Área de trabalho !
Execute a ferramenta ! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Verifique se as caixinhas em "Whitelist" estão assinaladas.
Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
Marque também a checkbox 90 Days Files
Será gerado o relatório! (FRST.txt)
Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !

ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\wmi64.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyServer: [S-1-5-21-3195528365-2483452637-1177309064-1000] => 118.189.13.178:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{44EF418C-E667-4D2C-BC3B-AC8248F15F92}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3195528365-2483452637-1177309064-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3195528365-2483452637-1177309064-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-07-17] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-11-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-07-17] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-11-20] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-07-18] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-07-18] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195528365-2483452637-1177309064-1000: @my.com/Games -> C:\Users\Cliente\AppData\Local\MyComGames\NPMyComDetector.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-3195528365-2483452637-1177309064-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cliente\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [Nenhum Arquivo]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-07-18] [não assinado]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-07-18] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2015-07-18] [não assinado]

Chrome:
=======
CHR DefaultSearchURL: Profile 1 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSearchKeyword: Profile 1 -> Yahoo
CHR DefaultSuggestURL: Profile 1 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR Session Restore: Profile 1 -> está habilitado.
CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Kaspersky Protection) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-28]
CHR Extension: (YouTube) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-28]
CHR Extension: (Google Search) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-28]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-28]
CHR Extension: (Gmail) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-28]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3512928 2015-07-22] (INCA Internet Co., Ltd.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-19] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2015-11-15] (REALiX(tm))
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-07-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-07-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0009.sys [38432 2015-11-16] (SoftEther Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-06-01] ()
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2015-01-13] (The OpenVPN Project)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
S3 cpuz134; \??\C:\Users\Cliente\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-11-28 17:18 - 2015-11-28 17:18 - 00016251 _____ C:\Users\Cliente\Desktop\FRST.txt
2015-11-28 17:17 - 2015-11-28 17:18 - 00000000 ____D C:\FRST
2015-11-28 17:16 - 2015-11-28 17:16 - 02349056 _____ (Farbar) C:\Users\Cliente\Desktop\FRST64.exe
2015-11-28 14:33 - 2015-11-28 14:33 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Albion
2015-11-28 13:49 - 2015-11-28 13:29 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-11-28 13:29 - 2015-11-28 13:45 - 00000000 ____D C:\zoek_backup
2015-11-28 13:28 - 2015-11-28 13:28 - 01309184 _____ C:\Users\Cliente\Desktop\zoek.exe
2015-11-27 21:32 - 2015-11-27 21:32 - 00002433 _____ C:\Users\Cliente\Desktop\aquivo texto.txt
2015-11-27 15:52 - 2015-11-28 13:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-27 15:52 - 2015-11-27 15:52 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-27 15:52 - 2015-11-27 15:52 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2015-11-27 15:52 - 2015-11-27 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-27 15:52 - 2015-11-27 15:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-27 15:52 - 2015-11-27 15:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-27 15:52 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-27 15:52 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-27 15:52 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-27 01:08 - 2015-11-27 01:10 - 00000000 ____D C:\AdwCleaner
2015-11-27 01:01 - 2015-11-27 01:01 - 01733632 _____ C:\Users\Cliente\Desktop\AdwCleaner.exe
2015-11-27 00:58 - 2015-11-27 02:10 - 00000834 _____ C:\Users\Cliente\Desktop\ZHPCleaner.lnk
2015-11-26 18:57 - 2015-11-27 02:15 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\ZHP
2015-11-25 10:25 - 2015-11-25 10:25 - 00001182 _____ C:\Users\Cliente\Desktop\AlbionOnline.lnk
2015-11-25 10:25 - 2015-11-25 10:25 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online
2015-11-24 20:04 - 2015-11-28 17:09 - 00003436 _____ C:\Windows\System32\Tasks\SteamClient
2015-11-24 17:11 - 2015-11-24 17:11 - 00262144 _____ C:\Windows\system32\config\elam
2015-11-24 17:10 - 2015-11-24 17:10 - 00000000 ____D C:\uninst
2015-11-24 17:03 - 2015-11-24 17:03 - 00000000 ____D C:\Users\Cliente\Documents\My Games
2015-11-19 14:07 - 2015-11-24 23:56 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-11-19 14:07 - 2015-11-19 14:07 - 00001001 _____ C:\Users\Cliente\Desktop\Glyph.lnk
2015-11-19 14:07 - 2015-11-19 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-11-17 18:25 - 2015-11-17 18:25 - 00000000 ____D C:\Users\Cliente\AppData\Local\Overwolf
2015-11-17 18:22 - 2015-11-24 02:43 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\TS3Client
2015-11-17 18:22 - 2015-11-17 23:08 - 00001011 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-11-17 18:22 - 2015-11-17 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-11-17 18:22 - 2015-11-17 18:22 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-11-17 13:33 - 2015-11-19 15:37 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen
2015-11-17 11:54 - 2015-11-22 00:28 - 00000000 ____D C:\download
2015-11-17 11:41 - 2015-11-17 11:41 - 00000000 ____D C:\Users\Todos os Usuários\WEBZEN
2015-11-17 11:41 - 2015-11-17 11:41 - 00000000 ____D C:\ProgramData\WEBZEN
2015-11-16 22:50 - 2015-11-16 23:42 - 00000000 ____D C:\Users\Todos os Usuários\NexonUS
2015-11-16 22:50 - 2015-11-16 23:42 - 00000000 ____D C:\ProgramData\NexonUS
2015-11-16 22:50 - 2015-11-16 22:50 - 00000000 ____D C:\Users\Todos os Usuários\Nexon
2015-11-16 22:50 - 2015-11-16 22:50 - 00000000 ____D C:\ProgramData\Nexon
2015-11-16 22:46 - 2015-11-16 22:50 - 00000000 ____D C:\Users\Cliente\Documents\Vindictus
2015-11-16 22:45 - 2015-11-16 22:45 - 00038432 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_0009.sys
2015-11-16 19:50 - 2015-11-16 19:50 - 00144104 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2015-11-16 18:48 - 2015-11-16 18:48 - 00000000 ____D C:\Users\Cliente\AppData\Local\AAA_Internet_Publishing,_
2015-11-16 18:48 - 2015-04-08 15:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL
2015-11-16 18:20 - 2015-11-16 18:20 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2015-11-16 13:41 - 2015-11-19 12:16 - 00000000 ____D C:\Users\Cliente\AppData\Local\NexonLauncher
2015-11-15 22:56 - 2015-11-24 00:11 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2015-11-15 22:56 - 2015-11-15 22:56 - 00001090 _____ C:\Users\Cliente\Desktop\MSI Afterburner.lnk
2015-11-15 22:56 - 2015-11-15 22:56 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-11-15 22:56 - 2015-11-15 22:56 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-11-15 22:55 - 2015-11-24 00:12 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2015-11-15 14:11 - 2015-11-15 14:11 - 00027552 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2015-11-15 13:40 - 2015-11-15 13:40 - 00002932 _____ C:\Windows\System32\Tasks\HWiNFO
2015-11-15 01:45 - 2015-11-15 01:45 - 00002984 _____ C:\Windows\System32\Tasks\{0F031549-EDB4-44C3-AADC-EE6CED2555E0}
2015-11-14 23:16 - 2015-11-14 23:16 - 00000000 ____D C:\Users\Cliente\Downloads\Beasts.Of.No.Nation.2015.WEB-DL.XviD.Dual.Audio-MAGiCO
2015-11-14 01:52 - 2015-11-14 01:52 - 00000000 ____D C:\Users\Cliente\Documents\BnS
2015-11-13 22:09 - 2015-11-13 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2015-11-12 16:01 - 2015-11-20 17:58 - 00112137 _____ C:\Users\Cliente\Desktop\Banco do Brasil.htm
2015-11-12 16:01 - 2015-11-12 16:01 - 00000000 ____D C:\Users\Cliente\Desktop\Banco do Brasil_arquivos
2015-11-12 15:52 - 2015-11-23 23:36 - 00000000 ____D C:\Users\Todos os Usuários\Glyph
2015-11-12 15:52 - 2015-11-23 23:36 - 00000000 ____D C:\ProgramData\Glyph
2015-11-10 13:02 - 2015-11-10 13:02 - 00000749 _____ C:\Users\Public\Desktop\Kingdom Online.lnk
2015-11-10 13:02 - 2015-11-10 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kingdom
2015-11-10 12:58 - 2015-11-10 12:58 - 00000000 ____D C:\NTTGame
2015-11-09 23:17 - 2015-11-09 23:17 - 00000000 ____D C:\Users\Todos os Usuários\FreeHideIP
2015-11-09 23:17 - 2015-11-09 23:17 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\FreeHideIP
2015-11-09 23:17 - 2015-11-09 23:17 - 00000000 ____D C:\ProgramData\FreeHideIP
2015-11-07 17:25 - 2015-11-07 17:25 - 00000783 _____ C:\Users\Cliente\Desktop\KUF2Launcher.lnk
2015-11-07 17:23 - 2015-11-07 17:23 - 00000000 ____D C:\Leadhope
2015-11-07 17:18 - 2015-11-07 17:18 - 00000000 ____D C:\Users\Todos os Usuários\FlyVPN
2015-11-07 17:18 - 2015-11-07 17:18 - 00000000 ____D C:\ProgramData\FlyVPN
2015-11-07 16:21 - 2015-11-07 16:24 - 00000000 ____D C:\Users\Cliente\AppData\Local\Nemex
2015-11-07 16:21 - 2015-11-07 16:21 - 00000000 ____D C:\Users\Cliente\Documents\My Recorded Scripts
2015-11-07 01:50 - 2015-11-07 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 12:14 - 2015-11-06 12:14 - 00000000 ____D C:\Users\Cliente\AppData\LocalLow\Escalation Studios
2015-11-06 01:37 - 2015-11-14 01:13 - 00000000 ____D C:\Users\Cliente\Documents\NCSOFT
2015-11-05 19:15 - 2015-11-18 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2015-11-05 19:12 - 2015-11-05 19:12 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\NCSOFT
2015-11-05 00:31 - 2015-11-05 00:31 - 00000000 ____D C:\Users\Cliente\Documents\Black Desert
2015-11-05 00:29 - 2015-11-05 00:29 - 00000000 __SHD C:\Users\Todos os Usuários\Info
2015-11-05 00:29 - 2015-11-05 00:29 - 00000000 __SHD C:\ProgramData\Info
2015-11-02 17:14 - 2015-11-02 17:14 - 00000000 ____D C:\Users\Cliente\Documents\GameNet Themes
2015-11-02 17:07 - 2015-11-05 02:39 - 00000000 ____D C:\Users\Cliente\AppData\Local\THORN
2015-11-02 17:06 - 2015-11-05 01:51 - 00004296 _____ C:\Windows\System32\Tasks\GameNet
2015-11-02 17:06 - 2015-11-02 17:06 - 00000000 ____D C:\Users\Cliente\AppData\Local\Vebanaul
2015-10-31 13:29 - 2015-10-31 13:29 - 00000000 ____D C:\Users\Todos os Usuários\Aeria Games
2015-10-31 13:29 - 2015-10-31 13:29 - 00000000 ____D C:\ProgramData\Aeria Games
2015-10-31 11:55 - 2015-11-05 12:18 - 00000000 ____D C:\Users\Cliente\AppData\Local\Akamai
2015-10-30 18:07 - 2015-10-30 18:14 - 00000000 ____D C:\Users\Cliente\AppData\LocalLow\Daybreak Game Company
2015-10-30 18:07 - 2015-10-30 18:07 - 00000000 ____D C:\Users\Cliente\AppData\Local\Daybreak Game Company
2015-10-28 14:56 - 2015-10-28 14:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-10-28 14:56 - 2015-10-28 14:56 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Motorola Mobility
2015-10-28 14:55 - 2015-10-28 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2015-10-28 14:55 - 2015-10-28 14:55 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2015-10-28 14:54 - 2015-11-18 10:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-28 14:54 - 2015-10-28 14:54 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
2015-10-28 14:34 - 2015-10-28 14:34 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Motorola
2015-10-24 09:47 - 2015-11-28 14:33 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\AlbionOnline
2015-10-23 17:21 - 2015-11-23 23:35 - 00000000 ____D C:\Users\Cliente\Documents\ArcheAge
2015-10-23 13:30 - 2015-11-25 00:00 - 00000000 ____D C:\Users\Cliente\AppData\Local\Glyph
2015-10-23 12:01 - 2015-11-25 10:24 - 00000000 ____D C:\Program Files (x86)\AlbionOnline
2015-10-21 00:52 - 2015-10-21 00:54 - 00000000 ____D C:\Users\Cliente\Downloads\Apocalipse (2015) 720p 5.1Ch Dublado - Alan_680
2015-10-14 10:59 - 2015-10-23 11:56 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-14 10:59 - 2015-10-23 11:56 - 00000000 ____D C:\Program Files\Java
2015-10-14 10:58 - 2015-10-23 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-14 01:35 - 2015-10-18 09:39 - 00000974 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-10-14 01:35 - 2015-10-14 01:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-10-14 01:35 - 2015-10-14 01:35 - 00000000 ____D C:\Program Files\CPUID
2015-10-14 00:45 - 2015-10-14 00:45 - 00000000 ____D C:\Users\Cliente\AppData\Local\DunDefLauncher
2015-10-02 18:05 - 2015-10-02 18:05 - 00000000 ____D C:\Users\Cliente\aTubeCatcher
2015-09-30 11:29 - 2008-08-18 20:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2015-09-24 01:05 - 2015-09-24 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-09-24 01:04 - 2015-11-28 17:08 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2015-09-24 01:04 - 2015-11-28 17:08 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-24 00:12 - 2015-09-13 22:29 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-09-24 00:12 - 2015-09-13 22:29 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-09-24 00:12 - 2015-09-13 20:09 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-09-24 00:12 - 2015-09-13 20:09 - 03496056 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-09-24 00:12 - 2015-09-13 20:09 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-09-24 00:12 - 2015-09-13 20:09 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-09-24 00:12 - 2015-09-13 20:09 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-09-24 00:12 - 2015-09-13 20:09 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-24 00:12 - 2015-09-13 19:50 - 00574072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-09-24 00:12 - 2015-09-11 10:17 - 05231082 _____ C:\Windows\system32\nvcoproc.bin
2015-09-24 00:11 - 2015-09-13 22:29 - 42840368 _____ C:\Windows\system32\nvcompiler.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 17082928 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 16637528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 15513208 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 14635600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 13660648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 12514824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 12185344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 11096696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-24 00:11 - 2015-09-13 22:29 - 03530608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 03116160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 02940024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 02627192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435598.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435598.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 01105976 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 01074808 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 01064056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00944760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00943712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00033079 _____ C:\Windows\system32\nvinfo.pb
2015-09-18 21:40 - 2015-09-18 21:40 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\steam.transformice.com
2015-09-18 21:35 - 2015-09-18 21:35 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\com.playsaurus.heroclicker
2015-09-15 12:34 - 2015-09-15 12:34 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\The Creative Assembly
2015-09-15 11:15 - 2015-09-15 11:15 - 00000222 _____ C:\Users\Cliente\Desktop\Total War Arena.url
2015-09-08 00:43 - 2015-09-27 15:34 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2015-09-07 19:22 - 2015-09-07 19:22 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2015-09-07 04:33 - 2015-09-07 04:33 - 00000000 ____D C:\Windows\system32\appmgmt
2015-09-06 13:15 - 2015-11-28 14:28 - 00000008 __RSH C:\Users\Cliente\ntuser.pol
2015-09-06 13:10 - 2015-09-06 13:10 - 01056768 _____ C:\Users\Cliente\defltbase.sdb
2015-09-04 10:33 - 2015-11-12 10:29 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-04 01:52 - 2015-11-24 20:11 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Steam
2015-09-03 02:16 - 2015-09-03 02:16 - 00000000 ____D C:\Users\Cliente\AppData\Local\Star_Vault
2015-08-31 00:43 - 2015-08-31 00:43 - 00000000 ____D C:\Users\Cliente\AppData\Local\UnrealEngine
2015-08-30 14:37 - 2015-08-30 14:37 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-08-30 14:36 - 2015-08-30 14:37 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-30 14:35 - 2015-10-22 16:00 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-30 14:35 - 2015-08-30 14:35 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Roaming\Media Center Programs
2015-08-30 14:35 - 2015-08-30 14:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-08-30 14:35 - 2015-08-30 14:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-08-30 14:14 - 2015-08-30 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2015-08-30 14:14 - 2015-08-30 14:14 - 00000000 ____D C:\Program Files\MPC-HC

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-11-28 17:17 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2015-11-28 17:15 - 2009-07-14 02:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-28 17:15 - 2009-07-14 02:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-28 17:08 - 2015-07-19 00:38 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-28 17:08 - 2015-07-17 20:24 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2015-11-28 17:08 - 2015-07-17 20:24 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-28 17:08 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-28 17:00 - 2015-07-17 18:02 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-28 16:08 - 2015-07-19 00:38 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-28 14:28 - 2015-07-17 17:29 - 00000000 ____D C:\Users\Cliente
2015-11-28 13:43 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-11-28 11:41 - 2015-07-18 00:17 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-28 02:39 - 2009-07-14 03:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-27 22:09 - 2011-04-12 11:40 - 00708738 _____ C:\Windows\system32\prfh0416.dat
2015-11-27 22:09 - 2011-04-12 11:40 - 00148518 _____ C:\Windows\system32\prfc0416.dat
2015-11-27 22:09 - 2009-07-14 03:13 - 01643802 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-27 22:09 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2015-11-26 16:42 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-26 16:40 - 2015-07-17 18:05 - 00000000 ____D C:\Users\Cliente\AppData\Local\ElevatedDiagnostics
2015-11-25 17:37 - 2015-05-04 02:54 - 00003686 _____ C:\PureRa.txt
2015-11-25 12:42 - 2009-07-14 03:08 - 00007254 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-24 21:03 - 2015-07-19 02:25 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\uTorrent
2015-11-17 09:38 - 2015-07-26 03:18 - 00000000 ____D C:\Windows\pss
2015-11-15 22:57 - 2015-07-17 20:02 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-11-15 22:57 - 2015-07-17 20:02 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-11-14 17:40 - 2015-08-03 00:48 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Awesomium
2015-11-13 12:10 - 2015-07-17 18:02 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-13 12:10 - 2015-07-17 18:02 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-13 12:10 - 2015-07-17 18:02 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 15:11 - 2015-07-19 00:41 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-10 13:13 - 2015-08-21 02:38 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\NVIDIA
2015-11-10 13:05 - 2015-07-17 17:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-10 13:02 - 2012-09-19 20:46 - 00000000 ____D C:\temp
2015-11-07 11:42 - 2015-07-17 18:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-05 02:07 - 2015-03-29 17:12 - 00000000 ____D C:\Games
2015-10-30 18:21 - 2014-09-25 18:21 - 00000000 ____D C:\f360c73e5ba918ed4b4e90fe

==================== Arquivos na raiz de alguns diretórios =======

2015-07-17 23:06 - 2015-07-17 23:06 - 0007597 _____ () C:\Users\Cliente\AppData\Local\Resmon.ResmonCfg
2015-07-17 17:55 - 2015-07-17 17:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2015-11-21 14:35

==================== Fim de FRST.txt ============================

por Andreata Sáb 28 Nov 2015, 18:47

Por favor, revise sobre ALBION , é um game online que comprei recentemente, e algum programa ai desativou ele, ou bloqueou, não sei qual, programa. Grato

por **caedurodrigues** Sáb 28 Nov 2015, 23:40

Boa noite Andreata, são dois os arquivos criados pela FRST. E você só postou um deles, e mesmo assim não foi postado o relatório completo. Refaça o escaneamento e poste os dois relatórios por favor. Um é o FRST e o outro é o Addition.txt.

por Andreata Dom 29 Nov 2015, 01:21

caedurodrigues escreveu:Boa noite Andreata, são dois os arquivos criados pela FRST. E você só postou um deles, e mesmo assim não foi postado o relatório completo. Refaça o escaneamento e poste os dois relatórios por favor. Um é o FRST e o outro é o Addition.txt.

Aditional

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:28-11-2015
Executado por Cliente (2015-11-28 17:19:08)
Executando a partir de C:\Users\Cliente\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-07-17 19:28:59)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

Administrador (S-1-5-21-3195528365-2483452637-1177309064-500 - Administrator - Disabled)
Cliente (S-1-5-21-3195528365-2483452637-1177309064-1000 - Administrator - Enabled) => C:\Users\Cliente
Convidado (S-1-5-21-3195528365-2483452637-1177309064-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3195528365-2483452637-1177309064-1002 - Limited - Enabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Kaspersky Anti-Virus (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-3195528365-2483452637-1177309064-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3195528365-2483452637-1177309064-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Albion Online (HKLM-x32\...\SandboxAlbionOnline) (Version: - Sandbox Interactive GmbH)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.0.0 - Auslogics Labs Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Devilian Beta-US (HKLM-x32\...\Glyph Devilian Beta-US) (Version: - Trion Worlds, Inc.)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Kingdom (HKLM-x32\...\KingdomClient_is1) (Version: 1.0 - NoahGlobal, Inc.)
Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 42.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 pt-BR)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA Driver de áudio HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Driver de controle do 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Driver de gráficos 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Painel de controle da NVIDIA 355.98 (Version: 355.98 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype

6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Total War: Arena (HKLM-x32\...\Steam App 227520) (Version: - Creative Assembly)
Warsaw 1.8.0.10356 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.8.0.10356 - GAS Tecnologia)
WinDirStat 1.1.2 (HKU\S-1-5-21-3195528365-2483452637-1177309064-1000\...\WinDirStat) (Version: - )
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Pontos de Restauração =========================

24-11-2015 13:52:00 Ponto de Verificação Agendado
25-11-2015 10:24:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
28-11-2015 13:29:57 zoek.exe restore point

==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-14 00:34 - 2015-07-30 16:28 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {2F540F5F-68B7-4223-B205-E1F08B81D1E8} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE
Task: {69B6AAF8-D757-4A4A-8C68-DF33CE76834B} - System32\Tasks\{0F031549-EDB4-44C3-AADC-EE6CED2555E0} => C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe
Task: {7D0588E2-AC9D-4F30-B366-C541162F423C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)
Task: {8007E57F-0719-4197-B01A-45AABDCDCE69} - System32\Tasks\GameNet => C:\Program Files (x86)\QGNA\qGNA.exe
Task: {98904612-01FB-4B78-9A19-B7B4FC8BC5A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {9B253C27-BB05-48B5-9375-8AC8310F17D5} - System32\Tasks\SteamClient => C:\Users\Cliente\AppData\Roaming\Steam\SteamHelper.exe [2015-10-09] (Valve Corporation ) <==== ATENÇÃO
Task: {A16DEF41-D6D7-4E7D-8747-8C0136FFED35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)
Task: {A27DCDD3-AC83-4A21-A52C-AEC65EC09E88} - \Mhletxh -> Nenhum Arquivo <==== ATENÇÃO
Task: {C486AEE0-1A92-40F5-8B0E-EBF49BC312AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-13] (Adobe Systems Incorporated)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2014-03-06 16:00 - 2014-03-06 16:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll
2015-11-11 15:11 - 2015-11-07 02:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 15:11 - 2015-11-07 02:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

==================== EXE Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)

==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-3195528365-2483452637-1177309064-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Atualmente não há nenhuma correção automática para esta seção.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Thorn => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Cliente\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Diebold - Warsaw => C:\Program Files\Diebold\Warsaw\core.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{70D46B2A-DEF9-4E63-9155-804C8C181CE4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DDA4EFCE-1415-47B1-B06D-5905F74AD296}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9E78CCD6-5638-4E1C-ABD0-A8CC68536EA7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0DDDF90A-F04A-43F0-B902-E47FBD5C5A95}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EAFEA22C-2C16-4C1C-AA1A-D7C074ADA5C5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D3DC30CD-9B13-45E6-A2D2-C48BF35656B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B144CD29-E085-4461-A5F6-EB4E8E9F1954}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A88D205F-4421-4018-B434-A0ADBEC43BA7}] => (Allow) C:\Users\Cliente\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39768467-9ED6-4878-8857-2C280CD5023A}] => (Allow) C:\Users\Cliente\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0BB0011C-4E75-4A22-A032-A87434F694EA}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [TCP Query User{E8F55FB6-E64F-4994-907D-4B04173B2FFC}C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe
FirewallRules: [UDP Query User{3E07B701-57AD-428B-A667-AD8A27DF43B3}C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe
FirewallRules: [TCP Query User{CDE7F039-1E1E-4049-A0EE-B1FB358BE49B}C:\users\cliente\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cliente\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FC2C2B36-9B7A-41FA-BF07-42D98FF801EB}C:\users\cliente\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cliente\appdata\local\akamai\netsession_win.exe
FirewallRules: [{3EEA34A5-18C8-4603-B8EB-D80831AA57A5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{860C84A2-C8CE-40E0-B19F-7F56160D97D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{667C77DF-9B4C-4326-A7B5-D1D0CC9E5330}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2D4EF8C5-9209-4C8F-BFE8-4BBB58906027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{C27AE2EA-9765-49DE-83B2-8D6704AD258C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe

==================== Dispositivos Apresentando Falhas No Gerenciador =============

==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (11/28/2015 05:10:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 02:29:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 01:11:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 09:03:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2015 02:35:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2015 10:48:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2015 10:06:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2015 07:44:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2015 05:34:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2015 04:11:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Erros de Sistema:
=============
Error: (11/28/2015 05:08:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço PST Service devido ao seguinte erro:
%%2

Error: (11/28/2015 02:27:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço PST Service devido ao seguinte erro:
%%2

Error: (11/28/2015 01:43:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (11/28/2015 01:43:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (11/28/2015 01:43:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (11/28/2015 01:43:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (11/28/2015 01:43:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (11/28/2015 01:10:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço PST Service devido ao seguinte erro:
%%2

Error: (11/28/2015 09:01:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço PST Service devido ao seguinte erro:
%%2

Error: (11/28/2015 02:34:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço PST Service devido ao seguinte erro:
%%2

CodeIntegrity:
===================================
Date: 2015-11-28 14:07:01.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-28 14:07:01.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-28 14:07:01.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-28 14:07:01.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-28 14:07:01.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-28 14:07:01.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-27 16:36:25.841
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-27 16:36:25.840
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-27 16:36:25.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-27 16:36:25.831
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Informações da Memória ===========================

Processador: Intel(R) Core(TM)2 Quad CPU Q9505 @ 2.83GHz
Percentagem de memória em uso: 34%
RAM física total: 4095.24 MB
RAM física disponível: 2687.76 MB
Virtual Total: 4293.44 MB
Virtual disponível: 2808.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:456.41 GB) (Free:388.38 GB) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)]

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool

(Size: 465.8 GB) (Disk ID: 0007457D)
Partition 1: (Active) - (Size=456.4 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt ============================

por Andreata Dom 29 Nov 2015, 01:23

E O RFST é este tamanho aqui,

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:28-11-2015
Executado por Cliente (administrador) em CLIENTE-PC (28-11-2015 17:18:23)
Executando a partir de C:\Users\Cliente\Desktop
Perfis Carregados: Cliente (Perfis Disponíveis: Cliente)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\wmi64.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyServer: [S-1-5-21-3195528365-2483452637-1177309064-1000] => 118.189.13.178:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{44EF418C-E667-4D2C-BC3B-AC8248F15F92}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3195528365-2483452637-1177309064-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3195528365-2483452637-1177309064-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-07-17] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-11-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-07-17] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-11-20] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Cliente\AppData\Roaming\Mozilla\Firefox\Profiles\gfyuq2l4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-13] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-07-18] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-07-18] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195528365-2483452637-1177309064-1000: @my.com/Games -> C:\Users\Cliente\AppData\Local\MyComGames\NPMyComDetector.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-3195528365-2483452637-1177309064-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cliente\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [Nenhum Arquivo]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-07-18] [não assinado]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-07-18] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2015-07-18] [não assinado]

Chrome:
=======
CHR DefaultSearchURL: Profile 1 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSearchKeyword: Profile 1 -> Yahoo
CHR DefaultSuggestURL: Profile 1 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR Session Restore: Profile 1 -> está habilitado.
CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Kaspersky Protection) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-28]
CHR Extension: (YouTube) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-28]
CHR Extension: (Google Search) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-28]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-28]
CHR Extension: (Gmail) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-28]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3512928 2015-07-22] (INCA Internet Co., Ltd.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-19] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2015-11-15] (REALiX(tm))
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-07-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-07-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0009.sys [38432 2015-11-16] (SoftEther Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-06-01] ()
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2015-01-13] (The OpenVPN Project)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
S3 cpuz134; \??\C:\Users\Cliente\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-11-28 17:18 - 2015-11-28 17:18 - 00016251 _____ C:\Users\Cliente\Desktop\FRST.txt
2015-11-28 17:17 - 2015-11-28 17:18 - 00000000 ____D C:\FRST
2015-11-28 17:16 - 2015-11-28 17:16 - 02349056 _____ (Farbar) C:\Users\Cliente\Desktop\FRST64.exe
2015-11-28 14:33 - 2015-11-28 14:33 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Albion
2015-11-28 13:49 - 2015-11-28 13:29 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-11-28 13:29 - 2015-11-28 13:45 - 00000000 ____D C:\zoek_backup
2015-11-28 13:28 - 2015-11-28 13:28 - 01309184 _____ C:\Users\Cliente\Desktop\zoek.exe
2015-11-27 21:32 - 2015-11-27 21:32 - 00002433 _____ C:\Users\Cliente\Desktop\aquivo texto.txt
2015-11-27 15:52 - 2015-11-28 13:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-27 15:52 - 2015-11-27 15:52 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-27 15:52 - 2015-11-27 15:52 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2015-11-27 15:52 - 2015-11-27 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-27 15:52 - 2015-11-27 15:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-27 15:52 - 2015-11-27 15:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-27 15:52 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-27 15:52 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-27 15:52 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-27 01:08 - 2015-11-27 01:10 - 00000000 ____D C:\AdwCleaner
2015-11-27 01:01 - 2015-11-27 01:01 - 01733632 _____ C:\Users\Cliente\Desktop\AdwCleaner.exe
2015-11-27 00:58 - 2015-11-27 02:10 - 00000834 _____ C:\Users\Cliente\Desktop\ZHPCleaner.lnk
2015-11-26 18:57 - 2015-11-27 02:15 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\ZHP
2015-11-25 10:25 - 2015-11-25 10:25 - 00001182 _____ C:\Users\Cliente\Desktop\AlbionOnline.lnk
2015-11-25 10:25 - 2015-11-25 10:25 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online
2015-11-24 20:04 - 2015-11-28 17:09 - 00003436 _____ C:\Windows\System32\Tasks\SteamClient
2015-11-24 17:11 - 2015-11-24 17:11 - 00262144 _____ C:\Windows\system32\config\elam
2015-11-24 17:10 - 2015-11-24 17:10 - 00000000 ____D C:\uninst
2015-11-24 17:03 - 2015-11-24 17:03 - 00000000 ____D C:\Users\Cliente\Documents\My Games
2015-11-19 14:07 - 2015-11-24 23:56 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-11-19 14:07 - 2015-11-19 14:07 - 00001001 _____ C:\Users\Cliente\Desktop\Glyph.lnk
2015-11-19 14:07 - 2015-11-19 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-11-17 18:25 - 2015-11-17 18:25 - 00000000 ____D C:\Users\Cliente\AppData\Local\Overwolf
2015-11-17 18:22 - 2015-11-24 02:43 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\TS3Client
2015-11-17 18:22 - 2015-11-17 23:08 - 00001011 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-11-17 18:22 - 2015-11-17 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-11-17 18:22 - 2015-11-17 18:22 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-11-17 13:33 - 2015-11-19 15:37 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen
2015-11-17 11:54 - 2015-11-22 00:28 - 00000000 ____D C:\download
2015-11-17 11:41 - 2015-11-17 11:41 - 00000000 ____D C:\Users\Todos os Usuários\WEBZEN
2015-11-17 11:41 - 2015-11-17 11:41 - 00000000 ____D C:\ProgramData\WEBZEN
2015-11-16 22:50 - 2015-11-16 23:42 - 00000000 ____D C:\Users\Todos os Usuários\NexonUS
2015-11-16 22:50 - 2015-11-16 23:42 - 00000000 ____D C:\ProgramData\NexonUS
2015-11-16 22:50 - 2015-11-16 22:50 - 00000000 ____D C:\Users\Todos os Usuários\Nexon
2015-11-16 22:50 - 2015-11-16 22:50 - 00000000 ____D C:\ProgramData\Nexon
2015-11-16 22:46 - 2015-11-16 22:50 - 00000000 ____D C:\Users\Cliente\Documents\Vindictus
2015-11-16 22:45 - 2015-11-16 22:45 - 00038432 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_0009.sys
2015-11-16 19:50 - 2015-11-16 19:50 - 00144104 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2015-11-16 18:48 - 2015-11-16 18:48 - 00000000 ____D C:\Users\Cliente\AppData\Local\AAA_Internet_Publishing,_
2015-11-16 18:48 - 2015-04-08 15:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL
2015-11-16 18:20 - 2015-11-16 18:20 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2015-11-16 13:41 - 2015-11-19 12:16 - 00000000 ____D C:\Users\Cliente\AppData\Local\NexonLauncher
2015-11-15 22:56 - 2015-11-24 00:11 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2015-11-15 22:56 - 2015-11-15 22:56 - 00001090 _____ C:\Users\Cliente\Desktop\MSI Afterburner.lnk
2015-11-15 22:56 - 2015-11-15 22:56 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-11-15 22:56 - 2015-11-15 22:56 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-11-15 22:55 - 2015-11-24 00:12 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2015-11-15 14:11 - 2015-11-15 14:11 - 00027552 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2015-11-15 13:40 - 2015-11-15 13:40 - 00002932 _____ C:\Windows\System32\Tasks\HWiNFO
2015-11-15 01:45 - 2015-11-15 01:45 - 00002984 _____ C:\Windows\System32\Tasks\{0F031549-EDB4-44C3-AADC-EE6CED2555E0}
2015-11-14 23:16 - 2015-11-14 23:16 - 00000000 ____D C:\Users\Cliente\Downloads\Beasts.Of.No.Nation.2015.WEB-DL.XviD.Dual.Audio-MAGiCO
2015-11-14 01:52 - 2015-11-14 01:52 - 00000000 ____D C:\Users\Cliente\Documents\BnS
2015-11-13 22:09 - 2015-11-13 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2015-11-12 16:01 - 2015-11-20 17:58 - 00112137 _____ C:\Users\Cliente\Desktop\Banco do Brasil.htm
2015-11-12 16:01 - 2015-11-12 16:01 - 00000000 ____D C:\Users\Cliente\Desktop\Banco do Brasil_arquivos
2015-11-12 15:52 - 2015-11-23 23:36 - 00000000 ____D C:\Users\Todos os Usuários\Glyph
2015-11-12 15:52 - 2015-11-23 23:36 - 00000000 ____D C:\ProgramData\Glyph
2015-11-10 13:02 - 2015-11-10 13:02 - 00000749 _____ C:\Users\Public\Desktop\Kingdom Online.lnk
2015-11-10 13:02 - 2015-11-10 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kingdom
2015-11-10 12:58 - 2015-11-10 12:58 - 00000000 ____D C:\NTTGame
2015-11-09 23:17 - 2015-11-09 23:17 - 00000000 ____D C:\Users\Todos os Usuários\FreeHideIP
2015-11-09 23:17 - 2015-11-09 23:17 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\FreeHideIP
2015-11-09 23:17 - 2015-11-09 23:17 - 00000000 ____D C:\ProgramData\FreeHideIP
2015-11-07 17:25 - 2015-11-07 17:25 - 00000783 _____ C:\Users\Cliente\Desktop\KUF2Launcher.lnk
2015-11-07 17:23 - 2015-11-07 17:23 - 00000000 ____D C:\Leadhope
2015-11-07 17:18 - 2015-11-07 17:18 - 00000000 ____D C:\Users\Todos os Usuários\FlyVPN
2015-11-07 17:18 - 2015-11-07 17:18 - 00000000 ____D C:\ProgramData\FlyVPN
2015-11-07 16:21 - 2015-11-07 16:24 - 00000000 ____D C:\Users\Cliente\AppData\Local\Nemex
2015-11-07 16:21 - 2015-11-07 16:21 - 00000000 ____D C:\Users\Cliente\Documents\My Recorded Scripts
2015-11-07 01:50 - 2015-11-07 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 12:14 - 2015-11-06 12:14 - 00000000 ____D C:\Users\Cliente\AppData\LocalLow\Escalation Studios
2015-11-06 01:37 - 2015-11-14 01:13 - 00000000 ____D C:\Users\Cliente\Documents\NCSOFT
2015-11-05 19:15 - 2015-11-18 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2015-11-05 19:12 - 2015-11-05 19:12 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\NCSOFT
2015-11-05 00:31 - 2015-11-05 00:31 - 00000000 ____D C:\Users\Cliente\Documents\Black Desert
2015-11-05 00:29 - 2015-11-05 00:29 - 00000000 __SHD C:\Users\Todos os Usuários\Info
2015-11-05 00:29 - 2015-11-05 00:29 - 00000000 __SHD C:\ProgramData\Info
2015-11-02 17:14 - 2015-11-02 17:14 - 00000000 ____D C:\Users\Cliente\Documents\GameNet Themes
2015-11-02 17:07 - 2015-11-05 02:39 - 00000000 ____D C:\Users\Cliente\AppData\Local\THORN
2015-11-02 17:06 - 2015-11-05 01:51 - 00004296 _____ C:\Windows\System32\Tasks\GameNet
2015-11-02 17:06 - 2015-11-02 17:06 - 00000000 ____D C:\Users\Cliente\AppData\Local\Vebanaul
2015-10-31 13:29 - 2015-10-31 13:29 - 00000000 ____D C:\Users\Todos os Usuários\Aeria Games
2015-10-31 13:29 - 2015-10-31 13:29 - 00000000 ____D C:\ProgramData\Aeria Games
2015-10-31 11:55 - 2015-11-05 12:18 - 00000000 ____D C:\Users\Cliente\AppData\Local\Akamai
2015-10-30 18:07 - 2015-10-30 18:14 - 00000000 ____D C:\Users\Cliente\AppData\LocalLow\Daybreak Game Company
2015-10-30 18:07 - 2015-10-30 18:07 - 00000000 ____D C:\Users\Cliente\AppData\Local\Daybreak Game Company
2015-10-28 14:56 - 2015-10-28 14:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-10-28 14:56 - 2015-10-28 14:56 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Motorola Mobility
2015-10-28 14:55 - 2015-10-28 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2015-10-28 14:55 - 2015-10-28 14:55 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2015-10-28 14:54 - 2015-11-18 10:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-28 14:54 - 2015-10-28 14:54 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
2015-10-28 14:34 - 2015-10-28 14:34 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Motorola
2015-10-24 09:47 - 2015-11-28 14:33 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\AlbionOnline
2015-10-23 17:21 - 2015-11-23 23:35 - 00000000 ____D C:\Users\Cliente\Documents\ArcheAge
2015-10-23 13:30 - 2015-11-25 00:00 - 00000000 ____D C:\Users\Cliente\AppData\Local\Glyph
2015-10-23 12:01 - 2015-11-25 10:24 - 00000000 ____D C:\Program Files (x86)\AlbionOnline
2015-10-21 00:52 - 2015-10-21 00:54 - 00000000 ____D C:\Users\Cliente\Downloads\Apocalipse (2015) 720p 5.1Ch Dublado - Alan_680
2015-10-14 10:59 - 2015-10-23 11:56 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-14 10:59 - 2015-10-23 11:56 - 00000000 ____D C:\Program Files\Java
2015-10-14 10:58 - 2015-10-23 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-14 01:35 - 2015-10-18 09:39 - 00000974 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-10-14 01:35 - 2015-10-14 01:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-10-14 01:35 - 2015-10-14 01:35 - 00000000 ____D C:\Program Files\CPUID
2015-10-14 00:45 - 2015-10-14 00:45 - 00000000 ____D C:\Users\Cliente\AppData\Local\DunDefLauncher
2015-10-02 18:05 - 2015-10-02 18:05 - 00000000 ____D C:\Users\Cliente\aTubeCatcher
2015-09-30 11:29 - 2008-08-18 20:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2015-09-24 01:05 - 2015-09-24 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-09-24 01:04 - 2015-11-28 17:08 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2015-09-24 01:04 - 2015-11-28 17:08 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-24 00:12 - 2015-09-13 22:29 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-09-24 00:12 - 2015-09-13 22:29 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-09-24 00:12 - 2015-09-13 20:09 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-09-24 00:12 - 2015-09-13 20:09 - 03496056 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-09-24 00:12 - 2015-09-13 20:09 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-09-24 00:12 - 2015-09-13 20:09 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-09-24 00:12 - 2015-09-13 20:09 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-09-24 00:12 - 2015-09-13 20:09 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-24 00:12 - 2015-09-13 19:50 - 00574072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-09-24 00:12 - 2015-09-11 10:17 - 05231082 _____ C:\Windows\system32\nvcoproc.bin
2015-09-24 00:11 - 2015-09-13 22:29 - 42840368 _____ C:\Windows\system32\nvcompiler.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 17082928 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 16637528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 15513208 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 14635600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 13660648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 12514824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 12185344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 11096696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-24 00:11 - 2015-09-13 22:29 - 03530608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 03116160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 02940024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 02627192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435598.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435598.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 01105976 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 01074808 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 01064056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00944760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00943712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-09-24 00:11 - 2015-09-13 22:29 - 00033079 _____ C:\Windows\system32\nvinfo.pb
2015-09-18 21:40 - 2015-09-18 21:40 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\steam.transformice.com
2015-09-18 21:35 - 2015-09-18 21:35 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\com.playsaurus.heroclicker
2015-09-15 12:34 - 2015-09-15 12:34 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\The Creative Assembly
2015-09-15 11:15 - 2015-09-15 11:15 - 00000222 _____ C:\Users\Cliente\Desktop\Total War Arena.url
2015-09-08 00:43 - 2015-09-27 15:34 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2015-09-07 19:22 - 2015-09-07 19:22 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2015-09-07 04:33 - 2015-09-07 04:33 - 00000000 ____D C:\Windows\system32\appmgmt
2015-09-06 13:15 - 2015-11-28 14:28 - 00000008 __RSH C:\Users\Cliente\ntuser.pol
2015-09-06 13:10 - 2015-09-06 13:10 - 01056768 _____ C:\Users\Cliente\defltbase.sdb
2015-09-04 10:33 - 2015-11-12 10:29 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-04 01:52 - 2015-11-24 20:11 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Steam
2015-09-03 02:16 - 2015-09-03 02:16 - 00000000 ____D C:\Users\Cliente\AppData\Local\Star_Vault
2015-08-31 00:43 - 2015-08-31 00:43 - 00000000 ____D C:\Users\Cliente\AppData\Local\UnrealEngine
2015-08-30 14:37 - 2015-08-30 14:37 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-08-30 14:36 - 2015-08-30 14:37 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-30 14:35 - 2015-10-22 16:00 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-30 14:35 - 2015-08-30 14:35 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Roaming\Media Center Programs
2015-08-30 14:35 - 2015-08-30 14:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-08-30 14:35 - 2015-08-30 14:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-08-30 14:14 - 2015-08-30 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2015-08-30 14:14 - 2015-08-30 14:14 - 00000000 ____D C:\Program Files\MPC-HC

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-11-28 17:17 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2015-11-28 17:15 - 2009-07-14 02:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-28 17:15 - 2009-07-14 02:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-28 17:08 - 2015-07-19 00:38 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-28 17:08 - 2015-07-17 20:24 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2015-11-28 17:08 - 2015-07-17 20:24 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-28 17:08 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-28 17:00 - 2015-07-17 18:02 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-28 16:08 - 2015-07-19 00:38 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-28 14:28 - 2015-07-17 17:29 - 00000000 ____D C:\Users\Cliente
2015-11-28 13:43 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-11-28 11:41 - 2015-07-18 00:17 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-28 02:39 - 2009-07-14 03:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-27 22:09 - 2011-04-12 11:40 - 00708738 _____ C:\Windows\system32\prfh0416.dat
2015-11-27 22:09 - 2011-04-12 11:40 - 00148518 _____ C:\Windows\system32\prfc0416.dat
2015-11-27 22:09 - 2009-07-14 03:13 - 01643802 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-27 22:09 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2015-11-26 16:42 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-26 16:40 - 2015-07-17 18:05 - 00000000 ____D C:\Users\Cliente\AppData\Local\ElevatedDiagnostics
2015-11-25 17:37 - 2015-05-04 02:54 - 00003686 _____ C:\PureRa.txt
2015-11-25 12:42 - 2009-07-14 03:08 - 00007254 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-24 21:03 - 2015-07-19 02:25 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\uTorrent
2015-11-17 09:38 - 2015-07-26 03:18 - 00000000 ____D C:\Windows\pss
2015-11-15 22:57 - 2015-07-17 20:02 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-11-15 22:57 - 2015-07-17 20:02 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-11-14 17:40 - 2015-08-03 00:48 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Awesomium
2015-11-13 12:10 - 2015-07-17 18:02 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-13 12:10 - 2015-07-17 18:02 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-13 12:10 - 2015-07-17 18:02 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 15:11 - 2015-07-19 00:41 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-10 13:13 - 2015-08-21 02:38 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\NVIDIA
2015-11-10 13:05 - 2015-07-17 17:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-10 13:02 - 2012-09-19 20:46 - 00000000 ____D C:\temp
2015-11-07 11:42 - 2015-07-17 18:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-05 02:07 - 2015-03-29 17:12 - 00000000 ____D C:\Games
2015-10-30 18:21 - 2014-09-25 18:21 - 00000000 ____D C:\f360c73e5ba918ed4b4e90fe

==================== Arquivos na raiz de alguns diretórios =======

2015-07-17 23:06 - 2015-07-17 23:06 - 0007597 _____ () C:\Users\Cliente\AppData\Local\Resmon.ResmonCfg
2015-07-17 17:55 - 2015-07-17 17:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2015-11-21 14:35

==================== Fim de FRST.txt ============================

por **caedurodrigues** Dom 29 Nov 2015, 01:26

Boa noite Andreata, agora o relatório está correto. Eu vou analisar amanhã, e te darei um retorno. Um grande abraço.

por Andreata Dom 29 Nov 2015, 09:51

caedurodrigues escreveu:Boa noite Andreata, agora o relatório está correto. Eu vou analisar amanhã, e te darei um retorno. Um grande abraço.

Bom dia estou no aguardo.
abraço

por **caedurodrigues** Dom 29 Nov 2015, 21:02

Boa noite Andreata, você configurou o Proxy abaixo:

ProxyServer: [S-1-5-21-3195528365-2483452637-1177309064-1000] => 118.189.13.178:8080

Copie estas informações que estão em vermelho,para o Bloco de Notas.
Salve-a com o nome fixlist.txt
Salve-a no mesmo local em que se encontra a FRST

start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
SearchScopes: HKU\S-1-5-21-3195528365-2483452637-1177309064-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HR DefaultSearchURL: Profile 1 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSearchKeyword: Profile 1 -> Yahoo
CHR DefaultSuggestURL: Profile 1 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]
S3 cpuz134; \??\C:\Users\Cliente\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {9B253C27-BB05-48B5-9375-8AC8310F17D5} - System32\Tasks\SteamClient => C:\Users\Cliente\AppData\Roaming\Steam\SteamHelper.exe [2015-10-09] (Valve Corporation ) <==== ATENÇÃO
Task: {A27DCDD3-AC83-4A21-A52C-AEC65EC09E88} - \Mhletxh -> Nenhum Arquivo <==== ATENÇÃO
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
Poste o relatório! (Fixlog.txt)

Um grande abraço.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

por Andreata Seg 30 Nov 2015, 01:59

caedurodrigues escreveu:Boa noite Andreata, você configurou o Proxy abaixo:

ProxyServer: [S-1-5-21-3195528365-2483452637-1177309064-1000] => 118.189.13.178:8080

Copie estas informações que estão em vermelho,para o Bloco de Notas.
Salve-a com o nome fixlist.txt
Salve-a no mesmo local em que se encontra a FRST

start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
SearchScopes: HKU\S-1-5-21-3195528365-2483452637-1177309064-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HR DefaultSearchURL: Profile 1 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSearchKeyword: Profile 1 -> Yahoo
CHR DefaultSuggestURL: Profile 1 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]
S3 cpuz134; \??\C:\Users\Cliente\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {9B253C27-BB05-48B5-9375-8AC8310F17D5} - System32\Tasks\SteamClient => C:\Users\Cliente\AppData\Roaming\Steam\SteamHelper.exe [2015-10-09] (Valve Corporation ) <==== ATENÇÃO
Task: {A27DCDD3-AC83-4A21-A52C-AEC65EC09E88} - \Mhletxh -> Nenhum Arquivo <==== ATENÇÃO
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
Poste o relatório! (Fixlog.txt)

Um grande abraço.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Boa Noite, não sei se fiz correto, o Programa ai, ta no Desktop, e eu salvei o relatório nele....eis o relatório

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão:29-11-2015
Executado por Cliente (2015-11-30 01:49:52) Run:1
Executando a partir de C:\Users\Cliente\Desktop
Perfis Carregados: Cliente (Perfis Disponíveis: Cliente)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
SearchScopes: HKU\S-1-5-21-3195528365-2483452637-1177309064-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HR DefaultSearchURL: Profile 1 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSearchKeyword: Profile 1 -> Yahoo
CHR DefaultSuggestURL: Profile 1 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [X]
S3 cpuz134; \??\C:\Users\Cliente\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {9B253C27-BB05-48B5-9375-8AC8310F17D5} - System32\Tasks\SteamClient => C:\Users\Cliente\AppData\Roaming\Steam\SteamHelper.exe [2015-10-09] (Valve Corporation ) <==== ATENÇÃO
Task: {A27DCDD3-AC83-4A21-A52C-AEC65EC09E88} - \Mhletxh -> Nenhum Arquivo <==== ATENÇÃO
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => chave removido (a) com sucesso.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => chave não encontrado (a).
"HKU\S-1-5-21-3195528365-2483452637-1177309064-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => chave removido (a) com sucesso.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => chave não encontrado (a).
HR DefaultSearchURL: Profile 1 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] => Erro: Nenhuma correção automática foi encontrada para esta entrada.
Chrome DefaultSearchKeyword => removido (a) com sucesso.
Chrome DefaultSuggestURL => removido (a) com sucesso.
PST Service => serviço removido (a) com sucesso.
cpuz134 => serviço removido (a) com sucesso.
nvvad_WaveExtensible => serviço removido (a) com sucesso.
VGPU => serviço removido (a) com sucesso.
xhunter1 => serviço removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B253C27-BB05-48B5-9375-8AC8310F17D5} => chave não encontrado (a).
C:\Windows\System32\Tasks\SteamClient => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SteamClient" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A27DCDD3-AC83-4A21-A52C-AEC65EC09E88}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A27DCDD3-AC83-4A21-A52C-AEC65EC09E88}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mhletxh" => chave removido (a) com sucesso.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {0A4191A1-80EA-4A0A-BDE0-4DD20EC53A2F}.
0 out of 1 jobs canceled.

========= Fim de CMD: =========

========= ipconfig /flushdns =========

Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========

EmptyTemp: => 104.4 MB de dados temporários Removidos.

O sistema precisou ser reiniciado.

==== Fim de Fixlog 01:50:17 ====

por **caedurodrigues** Seg 30 Nov 2015, 08:37

Bom dia Andreata, você não respondeu a minha pergunta acima se tinha configurado esse proxy abaixo em seu PC.

"ProxyServer: [S-1-5-21-3195528365-2483452637-1177309064-1000] => 118.189.13.178:8080"

por Conteúdo patrocinado

Kaspersky bloqueando propagandas e sites maliciosos

Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Re: Kaspersky bloqueando propagandas e sites maliciosos

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30