Impossibilidade de baixar Adobe Flash Player

por pamonha Qui 27 Nov 2014, 10:07

Olá Max Power,

Não consigo, diante de qualquer tentativa, baixar no meu pc o adobe flash player. Também todos meus navegadores estão super lentos, e na maioria das vezes não respondendo.

Para sua prévia análise, envio-lhe o log gerado pelo ZHPDiag. De já meu sincero agradecimento.

MSIE: Internet Explorer v11.0.9600.17420
MFIE: Mozilla Firefox 33.1
GCIE: Google Chrome v39.0.2171.71 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.3.1025
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.18

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Reader XI
Java 7 Update 67

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766.8 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (25%) free of 187 GB

---\\ Modo de conexão ao sistema
~ Computer Name: HAROLDO-PC
~ User Name: Haroldo
~ All Users Names: HomeGroupUser$, Haroldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Haroldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Haroldo\AppData\Roaming\
~ %Desktop% : C:\Users\Haroldo\Desktop\
~ %Favorites% : C:\Users\Haroldo\Favorites\
~ %LocalAppData% : C:\Users\Haroldo\AppData\Local\
~ %StartMenu% : C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 187 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 25 Go of 98 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.6FC2819A4F80AAB2DADEDFC1EFEE3C3F] - (.Microsoft Corporation - Internet Extensions para Win32.) (.05/11/2014 - 23:17:24.) -- C:\Windows\System32\wininet.dll [2365440]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.16/07/2014 - 23:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/360
~ Mes musiques (My Musics) : 1/53
~ Mes Videos (My Videos) : 1/1266
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 1/224
~ Mon Bureau (My Desktop) : 1/62
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 01s

---\\ Processos lançados
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275072] [PID.2316]
[MD5.AB0C872B1FFE283D20C91C8E575E2F67] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe [35419192] [PID.2388]
[MD5.FFB8CB731D62EC434A552680E0F8EC1A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [5226600] [PID.2404]
[MD5.0EF0822810009D58118CCDFD098FA9F4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480] [PID.2440]
[MD5.8D983B20A6DA39016B13213E54916BD1] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520] [PID.2448]
[MD5.20989BBD2114539B5C21948E94F6E11E] - (.No owner - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192] [PID.2476]
[MD5.638CD1D8AE8630E628D4E6462D3EF88E] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [558904] [PID.944]
[MD5.65068E245EFE045E6956190CD0E2FB91] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.2768]
[MD5.A89213C4C9DDBD8BDE32D847BB7F3E2F] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [145520] [PID.3180]
[MD5.DC2E338E63159454B71659D82515A04E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8091648] [PID.7036]
[MD5.E3F7EC811923F3F1A77B185F22638E5E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1444]
[MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1704]
[MD5.650D03E40F93FAE323CB841F80368E5C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744] [PID.1760]
[MD5.590DE2C0FF4E367050239BD1DDC912C1] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568] [PID.1264]
[MD5.AC36A47C010100B7EDFB2A70114D3E89] - (.RealNetworks, Inc. - RealPlayer Cloud Service.) -- c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848] [PID.1096]
[MD5.A650FA927A4D1D71C53E317A0DDD6B7E] - (...) -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856] [PID.1084]
[MD5.0CB8324F6CB624812FD9D4FE9186F845] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [773968] [PID.5992]
~ Processes Running: Scanned in 00mn 02s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\prefs.js
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Haroldo] -- C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\searchplugins\yahoo_ff.xml
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886D} . (...) --
M2 - MFEP: prefs.js [Haroldo - extensions\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Haroldo - se6rb103.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 25 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer [64Bits] - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealDownloader - RealPlayer Video Downloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: SpeakLogicToolBar [64Bits] - {6468068f-3b63-4e56-bc34-ba140569e43f} . (...) -- C:\Program Files (x86)\The Speak Logic Project\Speak Logic Information Analysis for IE\adxloader.dll
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Bnb [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540014} . (.Banco do Nordeste do Brasil S.A. - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehbnb.dll
~ BHO: 15 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Speak Logic - [HKLM]{b0c6f530-cffd-47ad-b243-f1825a3f1f67} . (...) -- C:\Program Files (x86)\The Speak Logic Project\Speak Logic Information Analysis for IE\adxloader64.dll
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [RealDownloader] . (.No owner - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
O4 - HKUS\S-1-5-21-1335456900-3083802626-1046228050-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bnb.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{5514D2E1-AE6A-4A5E-B596-549D02E4412F}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B13A2361-A94E-49A9-9358-11CB6DFB0E28}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{EC75A982-D557-4909-BCDC-8BFEC9234D33}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{B22F580E-0A76-4D84-8996-8FCFD5F84A25}: DhcpNameServer = 192.168.1.1 8.8.8.8
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe
O23 - Service: lsdprn (lsdprn) . (...) - C:\Windows\SysWOW64\lsdprn.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) . (...) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
~ Services: 14 Legitimates Filtered in 00mn 09s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [MHQCVUMW] (...) -- C:\Users\Haroldo\AppData\Roaming\MHQCVUMW.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [UBTTOC] (...) -- C:\Users\Haroldo\AppData\Roaming\UBTTOC.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{38020DB0-3996-4A9B-A9C5-2C71C6106EA2}] (...) -- C:\Users\Haroldo\Desktop\zoek.scr -d C:\Users\Haroldo\Desktop -c \S (.not file.) [0]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{53A6980A-BA36-4FD5-96D0-1F97A82B64DE}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Haroldo\Downloads\Receitanet-1.04.exe [6182597]
[MD5.00000000000000000000000000000000] [APT] [{5C2A6A79-D6E0-4BAF-93CC-BF5D8C5C603C}] (...) -- C:\Users\Haroldo\Downloads\WindowsActivationUpdate.exe (.not file.) [0]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{630983C1-05B8-4F20-86CD-8D4CBB21A9B6}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe [31232]
[MD5.06CB2A6BECACEDB33530A0C4E3466E95] [APT] [{6EA03C4D-4FC9-4473-983C-7770EB13FBB6}] (.V.X. Technocom.) -- C:\Users\Haroldo\Downloads\Windows_7_SP1_Ultimate_(64_Bit).exe [348704]
[MD5.27902E96B1E4661AB91F98434E408357] [APT] [{98FB337E-089B-4AAB-9FA2-ECF4075B703E}] (...) -- C:\Users\Haroldo\Downloads\ReceitanetJava2010.02d_setup_win32.exe [3798462]
[MD5.6D1E1FAB7950DFCEB4F4FE895D8EC778] [APT] [{999705DA-C4D0-4195-8729-B271B7E23AC0}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFsf(1).exe [2514272]
[MD5.00000000000000000000000000000000] [APT] [{AC1D7DE7-C6AD-4D71-AB51-D3C60D24830C}] (...) -- C:\Users\Haroldo\Desktop\dgt230.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C24E0C33-6C36-41BA-A123-3CD2FF6D1AAC}] (...) -- C:\Program Files (x86)\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hwsetupwizard\setup_guide.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CC2C817F-87EB-4A4C-843F-7586976BE49A}] (...) -- C:\Users\Haroldo\Desktop\aptunerinstall308.exe (.not file.) [0]
[MD5.6D1E1FAB7950DFCEB4F4FE895D8EC778] [APT] [{CC33EF03-81DA-46CE-A364-A88BF0933152}] (.CAIXA.) -- C:\Users\Haroldo\Downloads\iGBPCEFsf.exe [2514272]
[MD5.00000000000000000000000000000000] [APT] [{DF68B078-17AD-4B49-A1A5-873D88FF0111}] (...) -- C:\Users\Haroldo\Desktop\spyware-terminator-2.6.9.132-multi.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E5521A21-293A-46E7-BD47-D3FD4C26B0D2}] (...) -- C:\Users\Haroldo\Downloads\aptunerinstall308.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E7186199-C382-456D-BDC6-A67508B05655}] (...) -- C:\Users\Haroldo\Downloads\aptunerinstall308.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\GPUP.job [244]
O39 - APT: MHQCVUMW - (...) -- C:\Windows\Tasks\MHQCVUMW.job [1694]
O39 - APT: MHQCVUMW - (...) -- C:\Windows\System32\Tasks\MHQCVUMW [1694]
O39 - APT: UBTTOC - (...) -- C:\Windows\Tasks\UBTTOC.job [1346]
O39 - APT: UBTTOC - (...) -- C:\Windows\System32\Tasks\UBTTOC [1346]
~ Scheduled Task: 50 Legitimates Filtered in 00mn 11s

---\\ Software instalados (042)
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: MV AntiSpy 4.0 - (...) [HKLM][64Bits] -- MV AntiSpy 4.0_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Speak Logic Information Analysis for IE - (.The Speak Logic Project.) [HKLM][64Bits] -- {25934AA5-D61C-44A2-81F9-4B1A4BEA0D45}
~ Logic: 21 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\5Oftwares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKCU\Software\MiniGet]
[HKCU\Software\Pro-SoftNet]
[HKCU\Software\SERPRO]
[HKCU\Software\Zugara Investment]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\Programas RFB]
[HKLM\Software\Wow6432Node\lsdprn]
[HKLM\Software\lsdprn]
~ Key Software: 347 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/08/2014 - 14:20:18 - [] ----D C:\Program Files (x86)\Marcos Velasco Security
O43 - CFD: 25/08/2014 - 21:36:17 - [] ----D C:\Program Files (x86)\Minituner
O43 - CFD: 17/11/2014 - 20:08:36 - [0] ----D C:\Program Files (x86)\Oasis Games Limited
O43 - CFD: 30/04/2014 - 03:13:22 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 11/08/2014 - 11:44:12 - [] ----D C:\Program Files (x86)\The Speak Logic Project
O43 - CFD: 15/08/2014 - 01:15:00 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 17/10/2014 - 03:04:17 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 11/02/2013 - 06:05:38 - [] ----D C:\ProgramData\IDriveSync
O43 - CFD: 24/11/2014 - 06:40:57 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 15/05/2014 - 04:35:38 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 05/10/2014 - 17:59:30 - [] ----D C:\Users\Haroldo\AppData\Roaming\0I0M0D1F2W1G1I1F1T1Q1P1C
O43 - CFD: 15/08/2014 - 18:15:52 - [] ----D C:\Users\Haroldo\AppData\Roaming\398
O43 - CFD: 15/08/2014 - 01:15:00 - [] ----D C:\Users\Haroldo\AppData\Roaming\Baidu Security
O43 - CFD: 12/02/2013 - 06:24:58 - [] ----D C:\Users\Haroldo\AppData\Roaming\IDriveSync
O43 - CFD: 16/03/2013 - 03:22:48 - [] ----D C:\Users\Haroldo\AppData\Roaming\PCF
O43 - CFD: 15/08/2014 - 16:05:37 - [] ----D C:\Users\Haroldo\AppData\Roaming\ProductData
O43 - CFD: 15/05/2014 - 04:34:31 - [] ----D C:\Users\Haroldo\AppData\Roaming\rmi
O43 - CFD: 13/11/2014 - 01:52:45 - [] -SH-D C:\Users\Haroldo\AppData\Local\EmieBrowserModeList
O43 - CFD: 05/10/2014 - 17:45:31 - [0] ----D C:\Users\Haroldo\AppData\Local\Warface
O43 - CFD: 22/06/2013 - 15:34:40 - [] ----D C:\Users\Haroldo\AppData\Local\{35A3A4F2-B792-11D6-A78A-00B0D0142050}
O43 - CFD: 12/04/2013 - 13:23:40 - [] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 08/04/2014 - 22:44:28 - [] ----D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 230 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.9BE9F2B83DE80E2752B1405CC427E2EC] - 17/11/2014 - 18:54:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.C113BAAE9DDBD73AD2724B9979DA3371] - 17/11/2014 - 20:02:53 ---A- . (...) -- C:\Windows\System32\2014-11-17-23-02-50.000-AvastVBoxSVC.exe-4312.log [197]
O44 - LFC:[MD5.3ED78851788421468555F5AB31AD0C16] - 17/11/2014 - 20:09:05 ---A- . (...) -- C:\Windows\System32\2014-11-17-23-02-56.080-aswFe.exe-5164.log [247]
O44 - LFC:[MD5.4964301D14DE0D7F692C3CA90B1B2349] - 17/11/2014 - 20:09:19 ---A- . (...) -- C:\Windows\System32\2014-11-17-23-09-14.059-aswFe.exe-5232.log [247]
O44 - LFC:[MD5.5A83FFC2D1E4AAF295C83EBE21E955C6] - 18/11/2014 - 12:04:12 ---A- . (...) -- C:\Windows\System32\2014-11-18-15-04-12.059-AvastVBoxSVC.exe-3232.log [197]
O44 - LFC:[MD5.969C74D7C10A855C18DD49AB596FA823] - 24/11/2014 - 05:43:36 ---A- . (...) -- C:\Windows\System32\2014-11-24-08-43-11.049-AvastVBoxSVC.exe-208.log [197]
O44 - LFC:[MD5.68C818A6C1EDABB54F072BF5A6CFD1C7] - 24/11/2014 - 08:11:46 ---A- . (...) -- C:\PureRa.txt [27934]
O44 - LFC:[MD5.C87B58F51C4D819919B1423EC9A4C885] - 25/11/2014 - 13:02:38 ---A- . (...) -- C:\Windows\System32\2014-11-25-16-02-37.076-AvastVBoxSVC.exe-3236.log [0]
O44 - LFC:[MD5.7D5E57056329A3D1F01B4A8B1C06D4D4] - 25/11/2014 - 13:17:02 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [157112]
O44 - LFC:[MD5.C994C84EC4DA657F93E3A0A8F0927DCD] - 25/11/2014 - 13:17:02 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [739280]
O44 - LFC:[MD5.1F655AA1F0F1D85D54A0E172D749D3A7] - 25/11/2014 - 19:24:38 ---A- . (...) -- C:\Windows\System32\2014-11-25-22-24-36.096-AvastVBoxSVC.exe-4528.log [197]
O44 - LFC:[MD5.4C7D3A1E3D813A9F267711CECFC83D5C] - 25/11/2014 - 19:31:05 ---A- . (...) -- C:\Windows\System32\2014-11-25-22-24-42.024-aswFe.exe-5568.log [247]
O44 - LFC:[MD5.C2081527216A01051A093C1CE596F14E] - 25/11/2014 - 19:31:18 ---A- . (...) -- C:\Windows\System32\2014-11-25-22-31-15.064-aswFe.exe-4364.log [247]
O44 - LFC:[MD5.1583909D131910455C33F6FC093A863C] - 26/11/2014 - 16:29:48 ---A- . (...) -- C:\Windows\System32\2014-11-26-19-29-46.003-AvastVBoxSVC.exe-3424.log [0]
O44 - LFC:[MD5.F9807BA12CF54FE5651F9E68076078B3] - 26/11/2014 - 16:36:40 ---A- . (...) -- C:\Windows\System32\2014-11-26-19-29-58.012-aswFe.exe-4712.log [247]
O44 - LFC:[MD5.190FA06ACFA1B991B3AE1F44EBDEA931] - 26/11/2014 - 20:46:38 ---A- . (...) -- C:\Windows\System32\2014-11-26-23-46-36.007-AvastVBoxSVC.exe-4244.log [0]
~ Files: 107 Legitimates Filtered in 00mn 33s

---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 13 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VDownloader [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:17/11/2014 - 18:54:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:17/11/2014 - 18:54:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:17/11/2014 - 18:54:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/03/2014 - 23:34:01 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 67 Legitimates Filtered in 01mn 08s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 17/11/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 02/09/2014 - C:\Program Files (x86)\GbPlugin\wsftprp64.sys (Warsaw_PP) .(.GAS Tecnologia LTDA - GAS Tecnologia - Driver (PP).) - LEGACY_WARSAW_PP
~ Legacy: 108 Legitimates Filtered in 00mn 01s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <BaiduSparkHTML>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Beamrise.NWXK3OVJXTZ6HLOWY455TDRZ2Y> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Haroldo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {EFA27348-E879-4907-9783-B1D0956D3E33} - (O que fazer na internet?) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][15/08/2014] (...) -- C:\Users\Haroldo\AppData\Roaming\386F.tmp.exe [0]
[MD5.FEDEA1F9F2B920AE88F83F0A799DEA81] [SPRF][15/08/2014] (...) -- C:\Users\Haroldo\AppData\Roaming\5EF2.tmp.exe [1283072]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][15/08/2014] (...) -- C:\Users\Haroldo\AppData\Roaming\6EAB.tmp.exe [0]
[MD5.C5053D6660CB4F7992E51D9452CB9B7D] [SPRF][15/08/2014] (...) -- C:\Users\Haroldo\AppData\Roaming\C1F8.tmp.exe [997]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][15/08/2014] (...) -- C:\Users\Haroldo\AppData\Roaming\DA0A.tmp.exe [0]
[MD5.FEDEA1F9F2B920AE88F83F0A799DEA81] [SPRF][15/08/2014] (...) -- C:\Users\Haroldo\AppData\Roaming\E744.tmp.exe [1283072]
[MD5.2FECF810C20333BC11C69C0F1216FE69] [SPRF][17/11/2014] (.New IT Solutions - 4shared Desktop.) -- C:\Users\Haroldo\Desktop\4shared_Desktop_4.0.13.27129.exe [11645848]
[MD5.F5728FC96716FB5D54B049AEE0428550] [SPRF][09/07/2011] (.3rd Eye Solutions - FlashJester Jugglor Engine.) -- C:\Users\Haroldo\Desktop\Afinador universal ETM 5-portable.exe [1464056]
[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [SPRF][09/08/2014] (.Atribune.org - ATF Cleaner.exe.) -- C:\Users\Haroldo\Desktop\ATF-Cleaner.exe [50688]
[MD5.67066E444C074E2824B6211FA8B2FA4A] [SPRF][13/08/2014] (...) -- C:\Users\Haroldo\Desktop\CPE_SLP_NETWORKMSI_hpcom_000_006.exe [11762000]
[MD5.54A09129F5DF69BBBA3095894DF6788C] [SPRF][02/08/2013] (.No owner - K-Lite Codec Pack Setup.) -- C:\Users\Haroldo\Desktop\K-Lite_Codec_Pack_975_Standard.exe [14153812]
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\Haroldo\Desktop\PureRa.exe [76565]
[MD5.16C317F08A0E24F8A059192F3AB7BC7B] [SPRF][11/04/2014] (...) -- C:\Users\Haroldo\Desktop\SUP_S922_V1.09.11830_20140411-maz.bin [3169264]
[MD5.EB337CDFA1E9B69F951A75631D2B484E] [SPRF][09/06/2010] (.No owner - GbpDist Module.) -- C:\Windows\Downloaded Program Files\gbpdist.dll [113192]
~ Files: 17 Legitimates Filtered in 00mn 01s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 21/09/2009 1420560 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Auto 17/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (HOSTS Anti-PUPs) . (...) - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe
SS - | Auto 17/10/2014 2283296 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 10/11/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/10/2014 60744 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 17/11/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 17/11/2014 4012248 | (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
SR - | Auto 02/09/2014 558904 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Demand 15/10/2014 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 02/11/2014 268600 | (lsdprn) . (...) - C:\Windows\SysWOW64\lsdprn.exe
SR - | Auto 27/01/2014 773968 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 26/10/2014 39568 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 17/11/2014 1141848 | (RealPlayer Cloud Service) . (.RealNetworks, Inc..) - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
SR - | Auto 30/10/2014 31856 | (RealPlayerUpdateSvc) . (...) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
SR - | Auto 21/09/2009 831760 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 14/05/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Demand 10/07/1658 1255736 | (WatAdminSvc) . (...) - C:\Windows\System32\Wat\WatAdminSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s

---\\ Scâner Aditional (088)
Database Version : 13026 - (13/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 351524 Items scanned in 01mn 08s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
~ MSI: 1 link(s) detected in 00mn 00s

~ 1078 Legitimates filtered by white list
End of the scan (536 lines in 04mn 01s)(0)

por **joram** Qui 27 Nov 2014, 11:54

Bom Dia! pamonha

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
[MD5.00000000000000000000000000000000] [APT] [{38020DB0-3996-4A9B-A9C5-2C71C6106EA2}] (...) -- C:\Users\Haroldo\Desktop\zoek.scr -d C:\Users\Haroldo\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5C2A6A79-D6E0-4BAF-93CC-BF5D8C5C603C}] (...) -- C:\Users\Haroldo\Downloads\WindowsActivationUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AC1D7DE7-C6AD-4D71-AB51-D3C60D24830C}] (...) -- C:\Users\Haroldo\Desktop\dgt230.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CC2C817F-87EB-4A4C-843F-7586976BE49A}] (...) -- C:\Users\Haroldo\Desktop\aptunerinstall308.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DF68B078-17AD-4B49-A1A5-873D88FF0111}] (...) -- C:\Users\Haroldo\Desktop\spyware-terminator-2.6.9.132-multi.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E5521A21-293A-46E7-BD47-D3FD4C26B0D2}] (...) -- C:\Users\Haroldo\Downloads\aptunerinstall308.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E7186199-C382-456D-BDC6-A67508B05655}] (...) -- C:\Users\Haroldo\Downloads\aptunerinstall308.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [MHQCVUMW] (...) -- C:\Users\Haroldo\AppData\Roaming\MHQCVUMW.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [UBTTOC] (...) -- C:\Users\Haroldo\AppData\Roaming\UBTTOC.exe (.not file.) [0]
[MD5.FEDEA1F9F2B920AE88F83F0A799DEA81] [SPRF][15/08/2014] (...) -- C:\Users\Haroldo\AppData\Roaming\5EF2.tmp.exe [1283072]
[MD5.C5053D6660CB4F7992E51D9452CB9B7D] [SPRF][15/08/2014] (...) -- C:\Users\Haroldo\AppData\Roaming\C1F8.tmp.exe [997]
[MD5.FEDEA1F9F2B920AE88F83F0A799DEA81] [SPRF][15/08/2014] (...) -- C:\Users\Haroldo\AppData\Roaming\E744.tmp.exe [1283072]
O42 - Logiciel: MV AntiSpy 4.0 - (...) [HKLM][64Bits] -- MV AntiSpy 4.0_is1
O44 - LFC:[MD5.3ED78851788421468555F5AB31AD0C16] - 17/11/2014 - 20:09:05 ---A- . (...) -- C:\Windows\System32\2014-11-17-23-02-56.080-aswFe.exe-5164.log [247]
O44 - LFC:[MD5.4964301D14DE0D7F692C3CA90B1B2349] - 17/11/2014 - 20:09:19 ---A- . (...) -- C:\Windows\System32\2014-11-17-23-09-14.059-aswFe.exe-5232.log [247]
O44 - LFC:[MD5.4C7D3A1E3D813A9F267711CECFC83D5C] - 25/11/2014 - 19:31:05 ---A- . (...) -- C:\Windows\System32\2014-11-25-22-24-42.024-aswFe.exe-5568.log [247]
O44 - LFC:[MD5.C2081527216A01051A093C1CE596F14E] - 25/11/2014 - 19:31:18 ---A- . (...) -- C:\Windows\System32\2014-11-25-22-31-15.064-aswFe.exe-4364.log [247]
O44 - LFC:[MD5.F9807BA12CF54FE5651F9E68076078B3] - 26/11/2014 - 16:36:40 ---A- . (...) -- C:\Windows\System32\2014-11-26-19-29-58.012-aswFe.exe-4712.log [247]
O68 - StartMenuInternet: <Beamrise.NWXK3OVJXTZ6HLOWY455TDRZ2Y> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Haroldo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.)
[HKLM\Software\Wow6432Node\IncrediMail]
sysrestore

> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

A+

por pamonha Ter 02 Dez 2014, 13:01

Prezados amigos,

Consoante sua orientação, posto-lhes o log gerado pelo "ZHPFix", ficando no aguardo de possível futura orientação.

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Haroldo at 02/12/2014 12:56:32
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 19s)
Prefetcher vazio

========== Softwares ==========
ELIMINÉ: MV AntiSpy 4.0

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\IncrediMail

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (None) : {7667829E-3A8D-48C4-BE3D-278D48D591E2}

========== Elementos dos dados do Registo ==========
ELIMINÉ: StartMenuInternet: C:\Users\Haroldo\AppData\Local\Beamrise\Application\beamrise.exe

========== Pastas ==========
ELIMINÉ Temporários windows (57)
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINÉ Temporários windows (285) (28242909 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {38020DB0-3996-4A9B-A9C5-2C71C6106EA2}
ELIMINÉ: {5C2A6A79-D6E0-4BAF-93CC-BF5D8C5C603C}
ELIMINÉ: {AC1D7DE7-C6AD-4D71-AB51-D3C60D24830C}
ELIMINÉ: {CC2C817F-87EB-4A4C-843F-7586976BE49A}
ELIMINÉ: {DF68B078-17AD-4B49-A1A5-873D88FF0111}
ELIMINÉ: {E5521A21-293A-46E7-BD47-D3FD4C26B0D2}
ELIMINÉ: {E7186199-C382-456D-BDC6-A67508B05655}
ELIMINÉ: MHQCVUMW
ELIMINÉ: MHQCVUMW
ELIMINÉ: UBTTOC
ELIMINÉ: UBTTOC

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
1 : Chaves do Registo
3 : Valores do Registo
1 : Elementos dos dados do Registo
2 : Pastas
2 : Ficheiros
1 : Softwares
11 : Tarefa planificada
1 : Restauração Sistema

End of clean in 01mn 21s

========== Caminho do ficheiro do relatório ==========
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17/11/2014 08:47:15 [2200]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 17/11/2014 03:16:21 [1186]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R3].txt - 17/11/2014 07:45:35 [1166]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R4].txt - 17/11/2014 03:22:21 [2090]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R5].txt - 17/11/2014 00:13:06 [1438]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R6].txt - 17/11/2014 19:44:40 [2002]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R7].txt - 15/08/2014 23:29:10 [1483]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R8].txt - 17/11/2014 01:23:03 [1809]
C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPFix[R9].txt - 02/12/2014 12:56:52 [2524]

por **joram** Ter 02 Dez 2014, 13:18

Boa Tarde! pamonha

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ps: Dê início ao scan,clicando em "Examinar".

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >

A+

por pamonha Qui 04 Dez 2014, 14:16

Caros amigos,

Conforme orientação, faço-lhes a postagem do log gerado pelo AdwCleaner, permanecendo no aguardo de possível futura orientação.

# AdwCleaner v4.103 - Relatório criado 04/12/2014 às 13:49:44
# Atualizado 01/12/2014 por Xplode
# Database : 2014-12-03.1 [Live]
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Haroldo - HAROLDO-PC
# Executando de : C:\Users\Haroldo\Downloads\adwcleaner_4.103.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : lsdprn

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Program Files\shopperz
Pasta Deletada : C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\ascsurfingprotection@iobit.com
Pasta Deletada : C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default\Extensions\ascsurfingprotection@iobit.com
Arquivo Deletada : C:\Windows\SysWOW64\lsdprn.exe

***** [ Tarefas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Chave Deletedo : HKCU\Software\metaCrawler

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v33.1 (x86 en-US)

-\\ Google Chrome v39.0.2171.71

[C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [1361 octets] - [27/04/2014 00:46:04]
AdwCleaner[R10].txt - [2848 octets] - [15/08/2014 02:24:43]
AdwCleaner[R11].txt - [7524 octets] - [15/08/2014 18:24:24]
AdwCleaner[R12].txt - [3847 octets] - [25/08/2014 22:53:41]
AdwCleaner[R13].txt - [2943 octets] - [04/09/2014 01:17:42]
AdwCleaner[R14].txt - [3014 octets] - [03/10/2014 16:58:16]
AdwCleaner[R15].txt - [3946 octets] - [06/10/2014 02:43:10]
AdwCleaner[R16].txt - [3047 octets] - [20/10/2014 03:38:36]
AdwCleaner[R17].txt - [8863 octets] - [18/11/2014 00:45:46]
AdwCleaner[R18].txt - [3865 octets] - [04/12/2014 13:46:25]
AdwCleaner[R1].txt - [11402 octets] - [15/05/2014 01:13:11]
AdwCleaner[R2].txt - [1582 octets] - [15/05/2014 05:52:49]
AdwCleaner[R3].txt - [1620 octets] - [03/06/2014 12:19:15]
AdwCleaner[R4].txt - [1713 octets] - [20/06/2014 06:57:09]
AdwCleaner[R5].txt - [6870 octets] - [08/08/2014 00:50:52]
AdwCleaner[R6].txt - [2075 octets] - [08/08/2014 01:28:41]
AdwCleaner[R7].txt - [2213 octets] - [09/08/2014 04:16:39]
AdwCleaner[R8].txt - [2121 octets] - [09/08/2014 13:15:08]
AdwCleaner[R9].txt - [14649 octets] - [13/08/2014 05:42:31]
AdwCleaner[S0].txt - [1409 octets] - [27/04/2014 00:48:55]
AdwCleaner[S10].txt - [2893 octets] - [15/08/2014 02:28:00]
AdwCleaner[S11].txt - [5760 octets] - [15/08/2014 18:26:15]
AdwCleaner[S12].txt - [3899 octets] - [25/08/2014 23:12:15]
AdwCleaner[S13].txt - [2998 octets] - [04/09/2014 01:19:54]
AdwCleaner[S14].txt - [3021 octets] - [03/10/2014 17:00:17]
AdwCleaner[S15].txt - [3813 octets] - [06/10/2014 02:46:56]
AdwCleaner[S16].txt - [3019 octets] - [20/10/2014 03:42:21]
AdwCleaner[S17].txt - [8622 octets] - [18/11/2014 12:58:25]
AdwCleaner[S18].txt - [3171 octets] - [04/12/2014 13:49:44]
AdwCleaner[S1].txt - [8230 octets] - [15/05/2014 01:14:52]
AdwCleaner[S2].txt - [1585 octets] - [15/05/2014 05:53:58]
AdwCleaner[S3].txt - [1674 octets] - [03/06/2014 12:20:38]
AdwCleaner[S4].txt - [1769 octets] - [20/06/2014 06:58:31]
AdwCleaner[S5].txt - [4373 octets] - [08/08/2014 00:52:40]
AdwCleaner[S6].txt - [1177 octets] - [08/08/2014 01:30:05]
AdwCleaner[S7].txt - [2267 octets] - [09/08/2014 04:18:10]
AdwCleaner[S8].txt - [2179 octets] - [09/08/2014 13:27:24]
AdwCleaner[S9].txt - [11185 octets] - [13/08/2014 05:43:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S18].txt - [3773 octets] ##########

por **joram** Qui 04 Dez 2014, 14:31

Boa Tarde! pamonha

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Abra a ferramenta AdwCleaner e clique em "Desinstalar".
> Confirme a solicitação!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Instale o antimalware,com duplo-clique em seu executável! ( mbam-setup.exe )

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"
> Marque as checkbox:

<1> Atualizar Malwarebytes Anti-Malware
<2> Executar Malwarebytes Anti-Malware

> Clique em "Concluir".
> Caso haja atualizações,elas serão baixadas e instaladas.
> Clique em "Settings" e no campo Language,coloque: Portuguese (Brasil)
> Clique em "Detecção e proteção".

> Marque: Verificar por Rootkits

> Em "Detecções PUP",selecione: Tratar detecções como malware

> Clique em Verificar >> Verificar ameaça.
> Clique em "Verificar agora".
> Aguarde a conclusão do scan!
> Caso haja detecções,clique no botão "Mover todos para a Quarentena".
> Clique em "Aplicar ações".
> Ao concluir,aceite a solicitação ao reboot,que pode ocorrer 2 vezes.
> Poste o relatório! ( Aba Histórico >> Logs de aplicativos )
> Ps: Utilize o formato ".txt" para exportar o relatório.

A+

por pamonha Seg 08 Dez 2014, 12:59

Caros amigos,

Meu pc já está com performance quase normalizada. O Adobe Flash Player já está na máquina. Abaixo o log gerado pelo "Malwarebytes Anti-Malware". Ficando no aguardo de possível reorientação, de já o meu sincero agradecimento.

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T08:24:52.306975-02:00" source="Manual" type="Update" username="SYSTEM" systemname="HAROLDO-PC" fromVersion="2013.10.16.1" last_modified_tag="750126d1-71f7-4ec2-8847-5c678bb323ca" name="Remediation Database" toVersion="2014.12.6.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T08:25:13.164623-02:00" source="Manual" type="Update" username="SYSTEM" systemname="HAROLDO-PC" fromVersion="2014.12.4.7" last_modified_tag="608989c7-2620-414b-bf0a-e435d6c8438d" name="Malware Database" toVersion="2014.12.8.3"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T08:25:28.181530-02:00" source="Manual" type="Update" username="SYSTEM" systemname="HAROLDO-PC" fromVersion="2.0.3.1025" last_modified_tag="705e8a1f-e121-4686-abc3-9756687da620" name="program" toVersion="2.0.4.1028"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T08:26:57.630889-02:00" source="Manual" type="Update" username="SYSTEM" systemname="HAROLDO-PC" fromVersion="2013.10.16.1" last_modified_tag="14cb096f-0b0d-4e00-9c06-1f32feeac2b2" name="Remediation Database" toVersion="2014.12.6.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T08:26:57.740403-02:00" source="Manual" type="Update" username="SYSTEM" systemname="HAROLDO-PC" fromVersion="2014.11.18.1" last_modified_tag="2a75629c-08d5-4ee8-8790-163075c3098b" name="Rootkit Database" toVersion="2014.12.3.1"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T08:27:15.965217-02:00" source="Manual" type="Update" username="SYSTEM" systemname="HAROLDO-PC" fromVersion="2014.11.20.6" last_modified_tag="b6a3b302-5837-4034-941b-9b00a6418120" name="Malware Database" toVersion="2014.12.8.3"></record>
<record severity="debug" scantype="threat" LoggingEventType="6" starttime="2014-12-08T08:31:06-02:00" datetime="2014-12-08T08:59:13.507714-02:00" source="Manual" type="Scan" username="SYSTEM" systemname="HAROLDO-PC" last_modified_tag="68e68f2c-b11d-4f54-ab9f-016b9dfb4bf9" duration="1685" malwaredetections="0" nonmalwaredetections="0" scanresult="completed"></record>
<record severity="debug" LoggingEventType="1" datetime="2014-12-08T11:01:32.351304-02:00" source="Manual" type="Update" username="SYSTEM" systemname="HAROLDO-PC" fromVersion="2014.12.8.3" last_modified_tag="430fa36e-c4db-4a2a-90ae-7f01ba2d6b5f" name="Malware Database" toVersion="2014.12.8.4"></record>
<record severity="debug" LoggingEventType="6" datetime="2014-12-08T12:10:10.897757-02:00" source="Manual" type="Scan" username="SYSTEM" systemname="HAROLDO-PC" duration="1928" last_modified_tag="803cd6e0-6c1b-4767-b725-07cadfb0f502" malwaredetections="0" nonmalwaredetections="0" scanresult="completed" scantype="threat" starttime="2014-12-08T11:37:59-02:00"></record>
</logs>

por **joram** Seg 08 Dez 2014, 14:32

Boa Tarde! pamonha

> O log do Malwarebytes veio errado! Não é este o relatório pedido.

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Nicolas Coolman )

> Estando na página,clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Salve-a no desktop!
> Execute-a e ao abrir,clique "J'accept/I Agree".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Para correções mais abrangentes,marque todas as opções disponíveis.
> Clique Réparer.
> Clique Rapport.
> Poste o relatório!

A+

por pamonha Qui 18 Dez 2014, 09:09

Prezados Senhores,

Seguindo o solicitado em sua última orientação, estou-lhes postando o log geraldo pelo ZHPCleaner, ficando no aguardo de possível futura orientação.

~ ZHPCleaner v2014.12.18.264 by Nicolas Coolman (18/12/2014)
~ Run by Haroldo (Administrator) (18/12/2014 08:47:14)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Haroldo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 7, 64-bit Service Pack 1 (Build 7601)

---\\ Services (0)
~ No malicious items found.

---\\ Browser internet (7)
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED IE Params: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search\\Default_Search_URL ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED IE Params: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search\\SearchAssistant ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED IE Params: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search\\CustomizeSearch ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED IE Params: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs\\Tabs ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED Chrome URL: "hxxps://www.google.com.br/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8

---\\ Hosts file (1)
~ The hosts file is legitimate (21)

---\\ Scheduled automatic tasks. (0)
~ No malicious items found.

---\\ Explorer ( File, Folder) (0)
~ No malicious items found.

---\\ Registry ( Key, Value, Data) (0)
~ No malicious items found.

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
~ Repair canceled by the user (Google Chrome)
~ Repair canceled by the user (Internet Explorer)

---\\ Statistics
~ Items scanned : 58930
~ Items found : 0
~ Items repair : 7

End of clean at 08:52:35

por **joram** Qui 18 Dez 2014, 09:20

Bom Dia! pamonha

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

por pamonha Qui 18 Dez 2014, 09:29

Caros Senhores,

Complementando informações, faço a postagem do primeiro log gerado pelo ZHPCleaner, de vez que o anteriormente remetido refere-se a uma segunda "rolagem" do Programa. De já, meu sincero agradecimento, ficando no aguardo de sua orientação.

~ ZHPCleaner v2014.12.18.264 by Nicolas Coolman (18/12/2014)
~ Run by Haroldo (Administrator) (18/12/2014 08:38:02)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Haroldo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Haroldo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 7, 64-bit Service Pack 1 (Build 7601)

---\\ Services (0)
~ No malicious items found.

---\\ Browser internet (18)
REPLACED Proxy: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 ( 1 )
REPLACED IE Params: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Search_URL ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED IE Params: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Search Page ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.monetization_p[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.monetization_p[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.monetization_p[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.monetization_p[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.monetization_p[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.monetization_p[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.monetization_p[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_bundledUrls.expi[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_bundledWithHash.[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_bundledWithHash.[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_notBundledArr_.e[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_notBundledArr_.v[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_regBundledWithSo[...] (PUP.Monetization)
REPLACED: [ensx4ttz.default-1412532628526] - user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_regBundledWithSo[...] (PUP.Monetization)
REPLACED: [se6rb103.default] - user_pref("browser.search.order.1", "Google"); (PUP.Babylon)

---\\ Hosts file (2)
REPLACED:
Number of found redirections 1/22

---\\ Scheduled automatic tasks. (0)
~ No malicious items found.

---\\ Explorer ( File, Folder) (6)
MOVED file: C:\Users\Haroldo\AppData\Roaming\386F.tmp.exe (Adware.Pirrit)
MOVED file: C:\Users\Haroldo\AppData\Roaming\5EF2.tmp.exe (Adware.Pirrit)
MOVED file: C:\Users\Haroldo\AppData\Roaming\6EAB.tmp.exe (Adware.Pirrit)
MOVED file: C:\Users\Haroldo\AppData\Roaming\C1F8.tmp.exe (Adware.Pirrit)
MOVED file: C:\Users\Haroldo\AppData\Roaming\DA0A.tmp.exe (Adware.Pirrit)
MOVED file: C:\Users\Haroldo\AppData\Roaming\E744.tmp.exe (Adware.Pirrit)

---\\ Registry ( Key, Value, Data) (73)
DELETED chiave: [X64] HKLM\SYSTEM\CurrentControlSet\Services\esgiguard [\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys] (PUP.EnigmaSoftware)
DELETED chiave: HKCR\CLSID\{0005E3B5-3EDC-3E35-A804-0C526259BC35} [SpeakLogicToolBar.ListOfRetainedAnalysis] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{065845DB-C912-3803-9C2A-672A01C2AC0D} [SpeakLogicToolBar.ProjectInformation] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{0AA83654-7DE9-33A0-AB58-5EB1EBD982B3} [SpeakLogicToolBar.IEModule+IECustomContextMenuCommands] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{1035F99F-4304-3970-879F-5A0609C6F9B5} [SpeakLogicToolBar.ReportProvideFeedbackSelection] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{10850113-9EA9-309B-8F53-3DEEB38E3A3D} [SpeakLogicToolBar.ListOfFeedbackProvided] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{12051E1C-3AF6-3B58-A02D-A7788A542008} [SpeakLogicToolBar.SelectionHistory] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{16B14EA6-169B-37FA-A2A6-2A2A069C2B8F} [SpeakLogicToolBar.ProjectSchedule] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{30E39969-0236-36E2-8798-58D75D66CE5D} [SpeakLogicToolBar.ProjectProblemSolution] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{3383C85C-424A-3C97-A2E8-AE5938C2BA80} [SpeakLogicToolBar.CommunicationConfiguration] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{3564084F-F614-3D88-B6A5-F6B6F90C2DE4} [SpeakLogicToolBar.AboutSpeakLogicToolBar] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{38061C04-A4BB-308A-9C11-68B6FDA0C588} [SpeakLogicToolBar.FlaggedEntityHistory] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{38354D97-E978-37CA-9C75-914E6F56F208} [SpeakLogicToolBar.NoteAtNode] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{39E071DD-9C8C-368B-9291-B3237C8DC684} [SpeakLogicToolBar.Encryption] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{3B74583B-0913-3D86-86D7-F701D9C08F4A} [SpeakLogicToolBar.ProjectAnalysis] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{3C835A93-9928-3611-8FEF-131C02FB138B} [SpeakLogicToolBar.ListOfFeedbackRequested] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{3F0B39FC-C6FC-3F39-A00B-69AAC63E7E11} [SpeakLogicToolBar.ReportAnalysisMail] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{4D698A02-FE7F-3EA1-B4E1-03BEDD8BCE65} [SpeakLogicToolBar.ErrorCopy] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{514C8FCA-0ACD-3D4F-932F-17BE3741E0AF} [SpeakLogicToolBar.ProblemStatement] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{5D5F15C3-BA1B-3EDF-8D56-7B932EAB5F66} [SpeakLogicToolBar.ListOfAnalysis] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{6201A29A-43FF-366C-93AF-2D2784A0CA91} [SpeakLogicToolBar.ProjectError] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{6468068F-3B63-4E56-BC34-BA140569E43F} [SpeakLogicToolBar] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{64A06AD7-6D2F-3A1B-9761-540D85D80023} [SpeakLogicToolBar.WhatWeDoProject] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{652A93E5-E6D1-32E4-9E0C-B025C8516FF5} [SpeakLogicToolBar.ProjectProblem] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{74079A46-9594-344B-906E-9FAE2D63FE62} [SpeakLogicToolBar.ProjectCompensator] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{78A5005E-4F70-3DDC-A799-B9B26669EB55} [SpeakLogicToolBar.ProjectStatusInfo] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{8329B805-D0CD-363A-9F52-0218A473BE3C} [SpeakLogicToolBar.FlagEntityForAnalysis] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{87664C98-E0B9-322E-9F79-9373E7973907} [SpeakLogicToolBar.CommHolderInfo] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{89F49ABB-A90A-3282-BD88-0BDAB26BC272} [SpeakLogicToolBar.EntityUsageInProject] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{8DCB299B-0EDE-3E61-BFA9-F9A593654737} [SpeakLogicToolBar.RequestFeedbackFromSpeakLogic] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{8E61529C-2E6A-382F-AE8B-030539871CA9} [SpeakLogicToolBar.ErrorFlip] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{8FE00855-06A0-3F5B-B09A-3C2AAD1365D6} [SpeakLogicToolBar.PrincipleInsideReference] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{90353729-05CE-3A41-9049-F8DDBE1410B4} [SpeakLogicToolBar.ResultApplication] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{90658506-8B8D-3E56-BF4A-B290EFE1E4C5} [SpeakLogicToolBar.ProjectFeedback] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{9402BD57-6E92-35A0-B8AD-1DDED801B56E} [SpeakLogicToolBar.CommSignalInfo] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{9C0E1FBE-1FDD-3E5F-A215-54644B63F240} [SpeakLogicToolBar.GroupInfo] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{9D99A4EF-DDF2-3E49-B38E-81329C77F09D} [SpeakLogicToolBar.ErrorCompose] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{A80B9F6F-AB17-3F87-AF24-8AC0C5781F96} [SpeakLogicToolBar.ProjectAnswer] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{A8674573-A999-35A8-8AA5-36686ECF7D4C} [SpeakLogicToolBar.ListFlaggedSelection] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{AAD8F6EB-15BB-3BC5-92CC-57FC0C8BE34D} [SpeakLogicToolBar.InsertAnalysisGuideLineReference] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{B12B7502-E329-39AB-B7A9-0AD6B927C439} [SpeakLogicToolBar.AttachFileToProject] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{B8F7418D-05C6-3194-ADB5-5703890B27E8} [SpeakLogicToolBar.ErrorDecompose] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{BC626185-EC5C-42DF-B485-854D0A03CC5C} [DL2OpenRPCToolbarButton Class] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{BF67F3FC-DEC5-399E-98E2-EF3764C262C0} [SpeakLogicToolBar.ErrorDelete] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{C688B86C-BF42-3577-9A9C-1426086ECC9D} [SpeakLogicToolBar.ProjectQuestion] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{C7831E5E-3A74-33BA-A30B-27350333DA9E} [SpeakLogicToolBar.ReportProvideFeedbackMail] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{C895D2AC-6A40-336A-ABF4-EC9C4033EBE8} [SpeakLogicToolBar.TaskList] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{C9EFD092-D108-35F4-82C4-62F9B6EECD61} [SpeakLogicToolBar.ErrorOther] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{D2865AD4-81AD-3244-8FA7-72E42DF2A1F8} [SpeakLogicToolBar.ListOfFeedbackApplied] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{D3F7E3CA-9439-3CAD-9F82-62E1F3975B06} [SpeakLogicToolBar.CommunicationData] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{D63297A0-63C1-3D38-BD29-7EB2B26252BD} [SpeakLogicToolBar.ListOfFeedback] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{D6E17F9B-D47E-3CC0-A41E-BC87C3EDDC7D} [SpeakLogicToolBar.ErrorEdit] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{D71BE7AE-32EF-3609-B5F1-0C58961A5EE1} [SpeakLogicToolBar.ReportRequestFeedbackSelection] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{E33730CB-BB97-3FFF-9169-4B9CF0CDA3D7} [SpeakLogicToolBar.PeopleInProject] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{E51AD3FB-C350-3CEF-9B7C-20C05280B277} [SpeakLogicToolBar.ReportRequestFeedbackSLPSoft] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{EA5A9FB7-2FCB-34D6-8E9A-ED0AABA151A6} [SpeakLogicToolBar.LinkedDocument] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{F02C308A-AB9E-36EE-A36D-9F0F56FBB956} [SpeakLogicToolBar.IEModule+IECustomCommands] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{F7CEDFE1-E90C-3E34-84C7-7A8DA25E4685} [SpeakLogicToolBar.PrincipleOfOperation] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{FA5B377D-0481-31F0-B416-9B395F72D16B} [SpeakLogicToolBar.PrincipleAspect] (PUP.InboxEmail)
DELETED chiave: HKCR\CLSID\{FCA66752-338D-377F-BFCF-B0733D36DF43} [SpeakLogicToolBar.ErrorRotate] (PUP.InboxEmail)
DELETED chiave: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [ShopperReports.dll] (Adware.ShopperReports)
DELETED chiave: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [ShoppingReport.dll] (Adware.ShoppingReport)
DELETED chiave: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [BabylonToolbar.dll] (PUP.Babylon)
DELETED chiave: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [BabylonToolbar.dll] (PUP.Babylon)
DELETED chiave: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [BabylonToolbarTlbr.dll] (PUP.Babylon)
DELETED chiave: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [ShoppingReport.dll] (Adware.ShoppingReport)
DELETED chiave: HKCU\Software\Mozilla\Extends [] (PUP.FastStart)
DELETED chiave: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Framed Display [] (PUP.FramedDisplay)
DELETED chiave: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update GrabRez [] (Adware.GrabRez)
DELETED: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{47BE1B23-3286-49C2-87A8-F2F3ECF40FEC} [8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1] (Hijacker.Browser)
DELETED: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5514D2E1-AE6A-4A5E-B596-549D02E4412F} [76.73.7.75,107.6.133.7] (Hijacker.Browser)
DELETED: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B13A2361-A94E-49A9-9358-11CB6DFB0E28} [76.73.7.75,107.6.133.7] (Hijacker.Browser)
DELETED: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC75A982-D557-4909-BCDC-8BFEC9234D33} [76.73.7.75,107.6.133.7] (Hijacker.Browser)

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
~ Repair canceled by the user (Google Chrome)
~ Repair canceled by the user (Internet Explorer)

---\\ Statistics
~ Items scanned : 58999
~ Items found : 1
~ Items repair : 97

End of clean at 08:46:29

por **joram** Qui 18 Dez 2014, 09:34

Bom Dia! pamonha

pamonha escreveu:Complementando informações, faço a postagem do primeiro log gerado pelo ZHPCleaner, de vez que o anteriormente remetido refere-se a uma segunda "rolagem" do Programa. De já, meu sincero agradecimento, ficando no aguardo de sua orientação.

> Ok! Poste,à seguir,os relatórios: FRST.txt + Addition.txt

A+

por pamonha Qui 18 Dez 2014, 19:35

Olá, pessoal... Boa tarde.

Seguindo sua orientação, estou postando o log FRST gerado pelo ZHPCleaner, como solicitado, ficando no aguardo de possível reorientação.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Haroldo (administrator) on HAROLDO-PC on 18-12-2014 09:38:15
Running from C:\Users\Haroldo\Downloads
Loaded Profile: Haroldo (Available profiles: Haroldo & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dropbox, Inc.) C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Haroldo\Downloads\ZHPCleaner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-15] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-11-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBnb-x32: C:\Program Files (x86)\GbPlugin\gbiehBnb.dll (Banco do Nordeste do Brasil S.A.)
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\...\MountPoints2: D - D:\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [001IDriveSyncExt1] -> {A30768B3-9C38-4810-AAC3-422B73A0B25C} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon64.dll (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [001IDriveSyncExt2] -> {906E4756-73EC-4A58-A3B1-461B759D8F7B} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon64.dll (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [001IDriveSyncExt3] -> {5DF1669E-DBBC-4C36-918E-8E470774D7AF} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon64.dll (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [001IDriveSyncExt1] -> {A30768B3-9C38-4810-AAC3-422B73A0B25C} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon.dll (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers-x32: [001IDriveSyncExt2] -> {906E4756-73EC-4A58-A3B1-461B759D8F7B} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon.dll (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers-x32: [001IDriveSyncExt3] -> {5DF1669E-DBBC-4C36-918E-8E470774D7AF} => C:\ProgramData\Application Data\IDriveSync\IDSyncIcon.dll (Pro-Softnet Corporation, U.S.A)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000 -> {EFA27348-E879-4907-9783-B1D0956D3E33} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: SpeakLogicToolBar -> {6468068f-3b63-4e56-bc34-ba140569e43f} -> C:\Program Files (x86)\The Speak Logic Project\Speak Logic Information Analysis for IE\adxloader64.dll ()
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name -> {6468068f-3b63-4e56-bc34-ba140569e43f} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540014} -> C:\Program Files (x86)\GbPlugin\gbiehbnb.dll (Banco do Nordeste do Brasil S.A.)
BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Speak Logic - {b0c6f530-cffd-47ad-b243-f1825a3f1f67} - C:\Program Files (x86)\The Speak Logic Project\Speak Logic Information Analysis for IE\adxloader64.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Speak Logic - {b0c6f530-cffd-47ad-b243-f1825a3f1f67} - C:\Program Files (x86)\The Speak Logic Project\Speak Logic Information Analysis for IE\adxloader.dll ()
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: HKLM-x32 {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399014} - C:\Program Files (x86)\GbPlugin\gbiehbnb.dll [643008 2012-11-06] (Banco do Nordeste do Brasil S.A.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1789792 2014-11-28] (Caixa Economica Federal)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526
FF NewTab:
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1335456900-3083802626-1046228050-1000: gastecnologia.com.br/sf/cef -> C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\Extensions\artur.dubovoy@gmail.com [2014-10-05]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-17]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF Extension: MSN Toolbar - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2014-04-18]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-04-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MSN® Toolbar) - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer Video Downloader for HTML5 (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Módulo de Proteção - Caixa Economica Federal) - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll ()
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
CHR Profile: C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-15]
CHR Extension: (Google Drive) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]
CHR Extension: (YouTube) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]
CHR Extension: (Pesquisa do Google) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]
CHR Extension: (Google Wallet) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-04]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2014-08-08]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2014-08-17]
CHR Extension: (Gmail) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]
CHR HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-08-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-17] (Avast Software)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [555320 2014-11-03] (GAS Tecnologia)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-07-11] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-10-17] (IObit)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-17] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2012-07-13] () [File not signed]
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]
S2 HPSLPSVC; C:\Users\Haroldo\AppData\Local\Temp\7zS485E\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-17] ()
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [175352 2013-01-08] (Trusteer Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-17] (Avast Software)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-09-02] (GAS Tecnologia LTDA)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 09:38 - 2014-12-18 09:38 - 00026996 _____ () C:\Users\Haroldo\Downloads\FRST.txt
2014-12-18 09:36 - 2014-12-18 09:38 - 00000000 ____D () C:\FRST
2014-12-18 09:35 - 2014-12-18 09:35 - 02121216 _____ (Farbar) C:\Users\Haroldo\Downloads\FRST64.exe
2014-12-18 08:46 - 2014-12-18 08:52 - 00002061 _____ () C:\Users\Haroldo\Desktop\ZHPCleaner.txt
2014-12-18 08:46 - 2014-12-18 08:47 - 00000000 _____ () C:\essai.txt
2014-12-18 08:34 - 2014-12-18 08:34 - 00000834 _____ () C:\Users\Haroldo\Desktop\ZHPCleaner.lnk
2014-12-18 08:33 - 2014-12-18 08:34 - 01416704 _____ () C:\Users\Haroldo\Downloads\ZHPCleaner.exe
2014-12-18 08:27 - 2014-12-18 08:27 - 00000197 _____ () C:\Windows\system32\2014-12-18-10-27-00.080-AvastVBoxSVC.exe-4440.log
2014-12-17 14:00 - 2014-12-17 14:00 - 00003286 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1335456900-3083802626-1046228050-1000
2014-12-17 13:50 - 2014-12-17 13:50 - 00000197 _____ () C:\Windows\system32\2014-12-17-15-50-54.015-AvastVBoxSVC.exe-4892.log
2014-12-16 16:21 - 2014-12-16 16:21 - 00000197 _____ () C:\Windows\system32\2014-12-16-18-21-25.017-AvastVBoxSVC.exe-3808.log
2014-12-15 22:41 - 2014-12-15 22:41 - 00000197 _____ () C:\Windows\system32\2014-12-16-00-41-42.071-AvastVBoxSVC.exe-2240.log
2014-12-15 18:44 - 2014-12-15 18:44 - 00000247 _____ () C:\Windows\system32\2014-12-15-20-44-30.014-aswFe.exe-6660.log
2014-12-15 18:32 - 2014-12-15 18:44 - 00000247 _____ () C:\Windows\system32\2014-12-15-20-32-34.054-aswFe.exe-5360.log
2014-12-15 18:32 - 2014-12-15 18:32 - 00000197 _____ () C:\Windows\system32\2014-12-15-20-32-31.066-AvastVBoxSVC.exe-4708.log
2014-12-12 05:08 - 2014-12-12 05:08 - 00000247 _____ () C:\Windows\system32\2014-12-12-07-08-41.014-aswFe.exe-5524.log
2014-12-12 05:08 - 2014-12-12 05:08 - 00000197 _____ () C:\Windows\system32\2014-12-12-07-08-33.076-AvastVBoxSVC.exe-1756.log
2014-12-12 01:34 - 2014-12-12 01:34 - 00000197 _____ () C:\Windows\system32\2014-12-12-03-34-50.057-AvastVBoxSVC.exe-1532.log
2014-12-10 15:53 - 2014-12-10 15:53 - 00000247 _____ () C:\Windows\system32\2014-12-10-17-53-34.041-aswFe.exe-4628.log
2014-12-10 15:46 - 2014-12-10 15:53 - 00000247 _____ () C:\Windows\system32\2014-12-10-17-46-42.054-aswFe.exe-5572.log
2014-12-10 15:46 - 2014-12-10 15:46 - 00000197 _____ () C:\Windows\system32\2014-12-10-17-46-38.086-AvastVBoxSVC.exe-3592.log
2014-12-10 04:11 - 2014-12-10 04:11 - 00000247 _____ () C:\Windows\system32\2014-12-10-06-11-42.018-aswFe.exe-3144.log
2014-12-10 04:11 - 2014-12-10 04:11 - 00000197 _____ () C:\Windows\system32\2014-12-10-06-11-37.080-AvastVBoxSVC.exe-3528.log
2014-12-10 03:31 - 2014-12-10 03:31 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:03 - 2014-10-18 00:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:03 - 2014-10-17 23:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:03 - 2014-07-07 00:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 03:03 - 2014-07-07 00:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 03:03 - 2014-07-07 00:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 03:03 - 2014-07-07 00:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 03:03 - 2014-07-06 23:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 03:03 - 2014-07-06 23:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 03:03 - 2014-07-06 23:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 03:03 - 2014-07-06 23:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 01:55 - 2014-12-04 00:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 01:55 - 2014-12-04 00:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 01:55 - 2014-12-04 00:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 01:55 - 2014-12-04 00:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 01:55 - 2014-12-04 00:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 01:55 - 2014-12-04 00:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 01:55 - 2014-12-04 00:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 01:55 - 2014-12-01 21:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 01:54 - 2014-11-10 23:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 01:52 - 2014-10-30 00:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 01:51 - 2014-11-08 01:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 01:51 - 2014-11-08 00:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 01:51 - 2014-10-29 23:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 01:51 - 2014-10-03 00:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 01:51 - 2014-10-03 00:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 01:51 - 2014-10-03 00:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 01:51 - 2014-10-03 00:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 01:51 - 2014-10-03 00:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 01:51 - 2014-10-02 23:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 01:51 - 2014-10-02 23:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 01:51 - 2014-10-02 23:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 01:51 - 2014-10-02 23:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 01:51 - 2014-10-02 23:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 01:23 - 2014-12-10 01:23 - 00000197 _____ () C:\Windows\system32\2014-12-10-03-23-31.045-AvastVBoxSVC.exe-1164.log
2014-12-10 01:18 - 2014-12-18 08:21 - 00000728 _____ () C:\Windows\setupact.log
2014-12-10 01:18 - 2014-12-10 01:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-09 17:56 - 2014-12-09 17:56 - 05162080 _____ (Piriform Ltd) C:\Users\Haroldo\Downloads\ccsetup500.exe
2014-12-09 17:18 - 2014-11-26 23:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 17:18 - 2014-11-26 23:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 17:18 - 2014-11-22 01:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 17:18 - 2014-11-22 01:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 17:18 - 2014-11-22 01:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 17:18 - 2014-11-22 00:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 17:18 - 2014-11-22 00:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 17:18 - 2014-11-22 00:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 17:18 - 2014-11-22 00:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 17:18 - 2014-11-22 00:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 17:18 - 2014-11-22 00:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 17:18 - 2014-11-22 00:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 17:18 - 2014-11-22 00:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 17:18 - 2014-11-22 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 17:18 - 2014-11-22 00:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 17:18 - 2014-11-22 00:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 17:18 - 2014-11-22 00:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 17:18 - 2014-11-22 00:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 17:18 - 2014-11-22 00:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 17:18 - 2014-11-22 00:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 17:18 - 2014-11-22 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 17:18 - 2014-11-22 00:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 17:18 - 2014-11-22 00:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 17:18 - 2014-11-22 00:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 17:18 - 2014-11-22 00:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 17:18 - 2014-11-22 00:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 17:18 - 2014-11-22 00:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 17:18 - 2014-11-22 00:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 17:18 - 2014-11-22 00:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 17:18 - 2014-11-22 00:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 17:18 - 2014-11-21 23:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 17:18 - 2014-11-21 23:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 17:18 - 2014-11-21 23:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 17:18 - 2014-11-21 23:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 17:18 - 2014-11-21 23:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 17:18 - 2014-11-21 23:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 17:18 - 2014-11-21 23:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 17:18 - 2014-11-21 23:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 17:18 - 2014-11-21 23:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 17:18 - 2014-11-21 23:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 17:18 - 2014-11-21 23:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 17:18 - 2014-11-21 23:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 17:18 - 2014-11-21 23:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 17:18 - 2014-11-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 17:18 - 2014-11-21 23:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 17:18 - 2014-11-21 23:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 17:18 - 2014-11-21 23:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 17:18 - 2014-11-21 23:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 17:18 - 2014-11-21 23:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 17:18 - 2014-11-21 23:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 17:18 - 2014-11-21 23:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 17:18 - 2014-11-21 23:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 17:18 - 2014-11-21 23:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 17:18 - 2014-11-21 23:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 17:18 - 2014-11-21 22:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 17:18 - 2014-11-21 22:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 17:18 - 2014-11-11 01:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 17:18 - 2014-11-11 00:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 15:26 - 2014-12-09 15:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 02:46 - 2014-12-09 02:46 - 00011796 _____ () C:\Users\Haroldo\Documents\cc_20141209_024604.reg
2014-12-09 00:38 - 2014-12-09 00:38 - 00000197 _____ () C:\Windows\system32\2014-12-09-02-38-21.047-AvastVBoxSVC.exe-3784.log
2014-12-08 14:52 - 2014-12-08 14:52 - 00000247 _____ () C:\Windows\system32\2014-12-08-16-52-37.084-aswFe.exe-5712.log
2014-12-08 14:46 - 2014-12-08 14:52 - 00000247 _____ () C:\Windows\system32\2014-12-08-16-46-12.015-aswFe.exe-4952.log
2014-12-08 14:46 - 2014-12-08 14:46 - 00000197 _____ () C:\Windows\system32\2014-12-08-16-46-07.056-AvastVBoxSVC.exe-4704.log
2014-12-08 12:29 - 2014-12-08 12:29 - 00000247 _____ () C:\Windows\system32\2014-12-08-14-29-58.071-aswFe.exe-4444.log
2014-12-08 12:22 - 2014-12-08 12:29 - 00000247 _____ () C:\Windows\system32\2014-12-08-14-22-28.059-aswFe.exe-4364.log
2014-12-08 12:22 - 2014-12-08 12:22 - 00000197 _____ () C:\Windows\system32\2014-12-08-14-22-20.092-AvastVBoxSVC.exe-4440.log
2014-12-08 12:20 - 2014-12-08 12:20 - 00000000 ____D () C:\Users\Haroldo\AppData\Local\Apple Computer
2014-12-08 00:56 - 2014-12-08 00:56 - 00000247 _____ () C:\Windows\system32\2014-12-08-02-56-29.074-aswFe.exe-1872.log
2014-12-08 00:56 - 2014-12-08 00:56 - 00000197 _____ () C:\Windows\system32\2014-12-08-02-56-24.074-AvastVBoxSVC.exe-3204.log
2014-12-07 16:09 - 2014-12-07 16:09 - 00000197 _____ () C:\Windows\system32\2014-12-07-18-09-40.002-AvastVBoxSVC.exe-5040.log
2014-12-06 10:45 - 2014-12-06 10:45 - 00000247 _____ () C:\Windows\system32\2014-12-06-12-45-40.092-aswFe.exe-5824.log
2014-12-06 10:36 - 2014-12-06 10:45 - 00000247 _____ () C:\Windows\system32\2014-12-06-12-36-42.063-aswFe.exe-5560.log
2014-12-06 10:36 - 2014-12-06 10:36 - 00000197 _____ () C:\Windows\system32\2014-12-06-12-36-36.064-AvastVBoxSVC.exe-2356.log
2014-12-05 02:19 - 2014-12-05 02:19 - 00000247 _____ () C:\Windows\system32\2014-12-05-04-19-45.017-aswFe.exe-5860.log
2014-12-05 02:13 - 2014-12-05 02:19 - 00000247 _____ () C:\Windows\system32\2014-12-05-04-13-38.011-aswFe.exe-4020.log
2014-12-05 02:13 - 2014-12-05 02:13 - 00000197 _____ () C:\Windows\system32\2014-12-05-04-13-32.096-AvastVBoxSVC.exe-5448.log
2014-12-04 14:29 - 2014-12-04 14:29 - 00000247 _____ () C:\Windows\system32\2014-12-04-16-29-07.005-aswFe.exe-3964.log
2014-12-04 14:23 - 2014-12-04 14:28 - 00000247 _____ () C:\Windows\system32\2014-12-04-16-23-02.094-aswFe.exe-5928.log
2014-12-04 14:22 - 2014-12-04 14:23 - 00000197 _____ () C:\Windows\system32\2014-12-04-16-22-57.051-AvastVBoxSVC.exe-4700.log
2014-12-04 13:46 - 2014-12-04 13:46 - 00000247 _____ () C:\Windows\system32\2014-12-04-15-46-26.039-aswFe.exe-6824.log
2014-12-04 13:46 - 2014-12-04 13:46 - 00000197 _____ () C:\Windows\system32\2014-12-04-15-46-22.034-AvastVBoxSVC.exe-4468.log
2014-12-04 13:45 - 2014-12-04 13:46 - 02154496 _____ () C:\Users\Haroldo\Downloads\adwcleaner_4.103.exe
2014-12-04 13:30 - 2014-12-04 13:30 - 00000247 _____ () C:\Windows\system32\2014-12-04-15-30-22.019-aswFe.exe-1808.log
2014-12-04 13:24 - 2014-12-04 13:30 - 00000247 _____ () C:\Windows\system32\2014-12-04-15-24-31.051-aswFe.exe-5560.log
2014-12-04 13:24 - 2014-12-04 13:24 - 00000197 _____ () C:\Windows\system32\2014-12-04-15-24-25.076-AvastVBoxSVC.exe-1984.log
2014-12-02 18:20 - 2014-12-02 18:20 - 00000247 _____ () C:\Windows\system32\2014-12-02-20-20-23.032-aswFe.exe-3232.log
2014-12-02 18:20 - 2014-12-02 18:20 - 00000197 _____ () C:\Windows\system32\2014-12-02-20-20-16.086-AvastVBoxSVC.exe-3912.log
2014-12-02 10:53 - 2014-12-02 10:53 - 00000247 _____ () C:\Windows\system32\2014-12-02-12-53-36.056-aswFe.exe-5424.log
2014-12-02 10:47 - 2014-12-02 10:53 - 00000247 _____ () C:\Windows\system32\2014-12-02-12-47-30.025-aswFe.exe-2580.log
2014-12-02 10:47 - 2014-12-02 10:47 - 00000197 _____ () C:\Windows\system32\2014-12-02-12-47-24.091-AvastVBoxSVC.exe-5512.log
2014-12-01 18:42 - 2014-12-01 18:42 - 00000247 _____ () C:\Windows\system32\2014-12-01-20-42-29.048-aswFe.exe-968.log
2014-12-01 18:35 - 2014-12-01 18:42 - 00000247 _____ () C:\Windows\system32\2014-12-01-20-35-52.033-aswFe.exe-5460.log
2014-12-01 18:35 - 2014-12-01 18:35 - 00000197 _____ () C:\Windows\system32\2014-12-01-20-35-47.020-AvastVBoxSVC.exe-3472.log
2014-11-29 04:01 - 2014-11-29 04:01 - 00000247 _____ () C:\Windows\system32\2014-11-29-06-01-39.079-aswFe.exe-4160.log
2014-11-29 03:54 - 2014-11-29 04:01 - 00000247 _____ () C:\Windows\system32\2014-11-29-05-54-06.048-aswFe.exe-1256.log
2014-11-29 03:54 - 2014-11-29 03:54 - 00000197 _____ () C:\Windows\system32\2014-11-29-05-54-00.029-AvastVBoxSVC.exe-5452.log
2014-11-28 07:26 - 2014-11-28 07:26 - 00000247 _____ () C:\Windows\system32\2014-11-28-09-26-27.016-aswFe.exe-5292.log
2014-11-28 07:20 - 2014-11-28 07:26 - 00000247 _____ () C:\Windows\system32\2014-11-28-09-20-18.096-aswFe.exe-2992.log
2014-11-28 07:20 - 2014-11-28 07:20 - 00000197 _____ () C:\Windows\system32\2014-11-28-09-20-12.019-AvastVBoxSVC.exe-3392.log
2014-11-27 12:40 - 2014-11-27 12:40 - 00000247 _____ () C:\Windows\system32\2014-11-27-14-40-07.095-aswFe.exe-2320.log
2014-11-27 12:34 - 2014-11-27 12:40 - 00000247 _____ () C:\Windows\system32\2014-11-27-14-34-31.056-aswFe.exe-5244.log
2014-11-27 12:34 - 2014-11-27 12:34 - 00000197 _____ () C:\Windows\system32\2014-11-27-14-34-26.012-AvastVBoxSVC.exe-1824.log
2014-11-27 12:20 - 2014-12-18 08:58 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-27 12:20 - 2014-12-10 09:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 12:20 - 2014-12-10 09:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-27 12:20 - 2014-12-10 09:00 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 12:07 - 2014-12-08 12:28 - 00000000 ____D () C:\Users\Haroldo\AppData\Local\Adobe
2014-11-26 21:46 - 2014-11-26 21:46 - 00000197 _____ () C:\Windows\system32\2014-11-26-23-46-36.007-AvastVBoxSVC.exe-4244.log
2014-11-26 17:36 - 2014-11-26 17:36 - 00000247 _____ () C:\Windows\system32\2014-11-26-19-36-49.072-aswFe.exe-5780.log
2014-11-26 17:29 - 2014-11-26 17:36 - 00000247 _____ () C:\Windows\system32\2014-11-26-19-29-58.012-aswFe.exe-4712.log
2014-11-26 17:29 - 2014-11-26 17:29 - 00000197 _____ () C:\Windows\system32\2014-11-26-19-29-46.003-AvastVBoxSVC.exe-3424.log
2014-11-25 20:31 - 2014-11-25 20:31 - 00000247 _____ () C:\Windows\system32\2014-11-25-22-31-15.064-aswFe.exe-4364.log
2014-11-25 20:24 - 2014-11-25 20:31 - 00000247 _____ () C:\Windows\system32\2014-11-25-22-24-42.024-aswFe.exe-5568.log
2014-11-25 20:24 - 2014-11-25 20:24 - 00000197 _____ () C:\Windows\system32\2014-11-25-22-24-36.096-AvastVBoxSVC.exe-4528.log
2014-11-25 14:08 - 2014-11-25 14:08 - 00000000 ____D () C:\Users\Haroldo\AppData\Local\Apple
2014-11-25 14:02 - 2014-12-18 09:00 - 00943433 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 14:02 - 2014-11-25 14:02 - 00000197 _____ () C:\Windows\system32\2014-11-25-16-02-37.076-AvastVBoxSVC.exe-3236.log
2014-11-24 06:43 - 2014-11-24 06:43 - 00000197 _____ () C:\Windows\system32\2014-11-24-08-43-11.049-AvastVBoxSVC.exe-208.log
2014-11-24 01:26 - 2014-11-24 01:26 - 00000247 _____ () C:\Windows\system32\2014-11-24-03-26-06.054-aswFe.exe-580.log
2014-11-24 01:17 - 2014-11-24 01:25 - 00000247 _____ () C:\Windows\system32\2014-11-24-03-17-20.028-aswFe.exe-4460.log
2014-11-24 01:17 - 2014-11-24 01:17 - 00000197 _____ () C:\Windows\system32\2014-11-24-03-17-12.061-AvastVBoxSVC.exe-3120.log
2014-11-24 00:53 - 2014-11-11 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-24 00:53 - 2014-11-11 01:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-24 00:53 - 2014-11-11 00:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-24 00:53 - 2014-11-11 00:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 13:04 - 2014-11-18 13:04 - 00000197 _____ () C:\Windows\system32\2014-11-18-15-04-12.059-AvastVBoxSVC.exe-3232.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 09:30 - 2012-07-15 01:54 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0BD50AA7-8FA6-4B84-AE8D-20722FFDE1E8}
2014-12-18 09:02 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-18 08:52 - 2014-04-24 01:40 - 00000000 ____D () C:\Users\Haroldo\AppData\Roaming\ZHP
2014-12-18 08:43 - 2012-07-13 04:12 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-18 08:33 - 2014-03-25 01:06 - 00000000 ___RD () C:\Users\Haroldo\Dropbox
2014-12-18 08:33 - 2014-03-25 00:41 - 00000000 ____D () C:\Users\Haroldo\AppData\Roaming\Dropbox
2014-12-18 08:32 - 2014-03-25 01:06 - 00001025 _____ () C:\Users\Haroldo\Desktop\Dropbox.lnk
2014-12-18 08:32 - 2014-03-25 00:42 - 00000000 ____D () C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 08:24 - 2013-05-16 03:13 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-18 08:23 - 2014-09-08 12:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-18 08:22 - 2014-05-04 11:56 - 00000095 _____ () C:\Users\Haroldo\.accessibility.properties
2014-12-18 08:22 - 2012-07-13 04:12 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-18 08:22 - 2012-07-11 16:36 - 00000000 ____D () C:\Users\Haroldo
2014-12-18 08:21 - 2014-08-15 17:44 - 00000244 _____ () C:\Windows\Tasks\GPUP.job
2014-12-18 08:21 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 14:40 - 2014-01-16 16:04 - 00500558 _____ () C:\Windows\system32\perfh001.dat
2014-12-17 14:40 - 2014-01-16 16:04 - 00102600 _____ () C:\Windows\system32\perfc001.dat
2014-12-17 14:40 - 2014-01-16 15:35 - 00724168 _____ () C:\Windows\system32\perfh007.dat
2014-12-17 14:40 - 2014-01-16 15:35 - 00158598 _____ () C:\Windows\system32\perfc007.dat
2014-12-17 14:40 - 2012-10-16 00:44 - 00771488 _____ () C:\Windows\system32\perfh00C.dat
2014-12-17 14:40 - 2012-10-16 00:44 - 00159780 _____ () C:\Windows\system32\perfc00C.dat
2014-12-17 14:40 - 2012-10-16 00:32 - 00772626 _____ () C:\Windows\system32\perfh00A.dat
2014-12-17 14:40 - 2012-10-16 00:32 - 00169646 _____ () C:\Windows\system32\perfc00A.dat
2014-12-17 14:40 - 2012-10-16 00:10 - 00765178 _____ () C:\Windows\system32\perfh010.dat
2014-12-17 14:40 - 2012-10-16 00:10 - 00156216 _____ () C:\Windows\system32\perfc010.dat
2014-12-17 14:40 - 2009-07-14 15:55 - 00739280 _____ () C:\Windows\system32\prfh0416.dat
2014-12-17 14:40 - 2009-07-14 15:55 - 00157112 _____ () C:\Windows\system32\prfc0416.dat
2014-12-17 14:40 - 2009-07-14 03:13 - 05994258 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 16:19 - 2014-08-12 12:46 - 00000000 ____D () C:\Users\Todos os Usuários\ProductData
2014-12-16 16:19 - 2014-08-12 12:46 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-15 22:55 - 2013-08-19 12:47 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-12-15 22:55 - 2013-08-19 12:47 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-12-15 22:36 - 2013-06-24 23:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-15 22:35 - 2013-06-24 23:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-15 19:35 - 2013-06-24 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-15 16:45 - 2014-07-16 18:25 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-15 16:02 - 2013-11-20 17:10 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-12-15 16:02 - 2013-11-20 17:10 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-12-12 04:20 - 2013-11-20 17:10 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2014-12-12 04:19 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-12-12 04:19 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-12-12 04:19 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-12-12 04:19 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-12-12 03:59 - 2009-07-14 02:45 - 00030464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-12 03:59 - 2009-07-14 02:45 - 00030464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-12 01:42 - 2013-11-01 15:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 03:31 - 2014-04-22 19:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:31 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 01:17 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 01:16 - 2014-04-03 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 18:15 - 2013-07-26 04:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 18:05 - 2012-08-22 03:04 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 17:58 - 2012-07-16 03:06 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-09 17:57 - 2012-07-16 03:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-09 14:55 - 2014-11-13 11:46 - 00000000 ____D () C:\Users\Haroldo\AppData\Local\CrashDumps
2014-12-08 12:43 - 2014-08-15 01:13 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-12-08 12:43 - 2014-08-15 01:13 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-12-08 12:19 - 2012-07-13 04:07 - 00000000 ____D () C:\Users\Haroldo\AppData\Roaming\vlc
2014-12-08 11:32 - 2014-07-04 07:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 11:20 - 2014-07-04 07:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-08 08:26 - 2014-07-04 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 08:26 - 2014-02-17 17:50 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-04 13:51 - 2009-07-14 03:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-04 13:49 - 2014-04-27 00:45 - 00000000 ____D () C:\AdwCleaner
2014-11-24 14:04 - 2012-07-11 18:18 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-24 09:11 - 2014-08-13 06:36 - 00027934 _____ () C:\PureRa.txt
2014-11-24 00:57 - 2014-08-14 00:28 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-21 06:14 - 2014-07-04 07:34 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-03-31 16:55 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-02-17 17:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 21:54 - 2014-08-01 12:50 - 00000000 ____D () C:\Users\Haroldo\AppData\Local\Nero

Some content of TEMP:
====================
C:\Users\Haroldo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslv0a0.dll
C:\Users\Haroldo\AppData\Local\Temp\Quarantine.exe
C:\Users\Haroldo\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-17 15:13

==================== End Of Log ============================

por pamonha Qui 18 Dez 2014, 19:39

Em prosseguimento à sua orientação, estou postando o log Addition, gerado pelo ZHPCleaner, como solicitado. Aguardo reorientação. Muito obrigado.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Haroldo at 2014-12-18 09:39:32
Running from C:\Users\Haroldo\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4shared Desktop (HKLM-x32\...\4shared Desktop) (Version: 4.0.13.26830 - 4shared)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 8.0.0.259 - Atheros)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.4272 - DsNET Corp)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Broadcom Wireless LAN Driver Installation Program for Windows7 (HKLM-x32\...\{88410D8F-8529-492B-B556-2394A29B811B}) (Version: 5.60.18.8 - Broadcom)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
GamingWonderland Toolbar (HKLM-x32\...\GamingWonderlandbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Instalação do DivX (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.25 - IObit)
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2013) (Version: 1.1 - Receita Federal do Brasil)
IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2014) (Version: 1.1 - Receita Federal do Brasil)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Mega Codec Pack 10.4.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LibreOffice 4.2 Help Pack (Portuguese (Brazil)) (HKLM-x32\...\{D788FD2D-5807-47DF-A68E-4F2FB0E1FBC6}) (Version: 4.2.0.4 - The Document Foundation)
LibreOffice 4.2.0.4 (HKLM-x32\...\{E043231F-34F2-4AF5-9400-0961CC15AAAE}) (Version: 4.2.0.4 - The Document Foundation)
Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Media Player (HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\...\Media Player) (Version: - ) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN Toolbar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0357.1 - Microsoft Corporation)
MSN Toolbar Platform (x32 Version: 4.0.0357.1 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{A618CE26-1E36-4FA4-A1F4-D079DC6022B8}) (Version: 15.0.08500 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Pacote de Compatibilidade para o sistema Office 2007 (HKLM-x32\...\{90120000-0020-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.04 - Serpro - Serviço Federal de Processamento de Dados)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Software Intel(R) PROSet/Wireless WiFi (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Speak Logic Information Analysis for IE (HKLM-x32\...\{25934AA5-D61C-44A2-81F9-4B1A4BEA0D45}) (Version: 1.1.0 - The Speak Logic Project)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Suporte para Aplicativos Apple (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synthesia (remove only) (HKLM-x32\...\Synthesia) (Version: - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TuneUp Utilities Language Pack (pt-BR) (x32 Version: 13.0.3000.155 - TuneUp Software) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VDownloader 3.9.1539 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

28-10-2014 14:56:57 Windows Update
04-11-2014 21:14:00 Windows Update
11-11-2014 15:48:40 Windows Update
12-11-2014 15:20:15 Windows Update
17-11-2014 19:41:13 Uniblue SpeedUpMyPC installation
17-11-2014 19:51:01 avast! antivirus system restore point
18-11-2014 13:16:07 Windows Update
24-11-2014 00:52:31 Windows Update
24-11-2014 02:39:19 Windows Update
29-11-2014 03:33:51 Windows Update
02-12-2014 12:44:09 Windows Update
02-12-2014 12:56:05 ZHPFix Restore System Point
06-12-2014 10:13:05 Windows Update
09-12-2014 18:00:26 Windows Update
10-12-2014 03:00:21 Windows Update
12-12-2014 03:00:20 Windows Update
15-12-2014 16:26:55 Windows Update
15-12-2014 19:30:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 00:34 - 2014-12-18 08:40 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12A069B5-6167-4B62-A4F9-AC99DBC5DEBA} - System32\Tasks\{999705DA-C4D0-4195-8729-B271B7E23AC0} => pcalua.exe -a C:\Users\Haroldo\Downloads\iGBPCEFsf(1).exe -d C:\Users\Haroldo\Downloads
Task: {1CC1CC7B-9706-4028-86A4-4E7AC98DA7D6} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {1F919E92-031A-460F-91D2-BAAEAD32F540} - System32\Tasks\Uninstaller_SkipUac_Haroldo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-10-17] (IObit)
Task: {21FC7B79-BB63-4C86-A6D4-25F9580A90D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {2E23E2B7-72AF-4D21-BEBD-F4D98792C156} - System32\Tasks\{630983C1-05B8-4F20-86CD-8D4CBB21A9B6} => pcalua.exe -a "C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe" -d "C:\Arquivos de Programas RFB\IRPF2013"
Task: {305A8DC2-BB69-4539-A562-52F02B71C757} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1335456900-3083802626-1046228050-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {35019476-5FCC-4901-A1F6-B1A578AED018} - System32\Tasks\{70E5F49D-4763-46DA-97AD-E16CDC6780A3} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe"
Task: {35658F17-82B5-4297-BE9F-8DF983F0FD55} - System32\Tasks\{93EB62A1-2770-4C4C-A8DA-0DEEA0EDE2EF} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag"
Task: {39462609-3EDB-42D3-BFEA-5C7264E7EFF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {3B8C6370-446D-4F59-A841-F2706165542B} - System32\Tasks\{98FB337E-089B-4AAB-9FA2-ECF4075B703E} => pcalua.exe -a C:\Users\Haroldo\Downloads\ReceitanetJava2010.02d_setup_win32.exe -d C:\Users\Haroldo\Desktop
Task: {3E3C58BE-52AA-4585-9711-1EA558BC0059} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {44979749-59AE-4DA3-A9B7-2E5BB3B698E5} - System32\Tasks\{A97A1B26-1984-4993-96A6-5FB5E197C8F6} => C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe [2009-11-18] (Hewlett-Packard)
Task: {465A5311-DFCF-4963-9EC6-5FA5EDB47C05} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-10-17] (IObit)
Task: {4DB88AD5-5AB7-4451-8B88-6DC452918E2F} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {5D2E4073-3D3B-475C-9DDD-98923C77E4A5} - System32\Tasks\{EC091AFA-D315-4214-AA0D-1FC7311011C9} => C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe [2009-11-18] (Hewlett-Packard)
Task: {5EBCB01C-D052-49B2-8E01-FF34931BFD59} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1335456900-3083802626-1046228050-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {7499613D-4E4C-440C-8F65-C3AC921468B8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1335456900-3083802626-1046228050-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {767BF294-7C52-47F3-AD18-D0D6CB06E700} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {79F9294D-7674-4371-A090-734DC91ED5D5} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {7B347F10-6F03-4323-B701-A8E86FA3A2FD} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1335456900-3083802626-1046228050-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {7F9A48EC-F1A8-48F4-AEBA-8E3D13927332} - System32\Tasks\{43C2224B-4665-46D8-AB8A-91ED06C9B5D7} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag\ZHPFix"
Task: {8B2ED4B3-08BE-45C5-8804-998963FCE989} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {96654ECC-267F-48EB-85FA-FCD80BBA3BE9} - System32\Tasks\{53A6980A-BA36-4FD5-96D0-1F97A82B64DE} => pcalua.exe -a C:\Users\Haroldo\Downloads\Receitanet-1.04.exe -d C:\Users\Haroldo\Desktop
Task: {9BB4FB79-F1E4-49D6-9518-77226C06EE05} - System32\Tasks\{4BDC415D-5AA1-4B55-B654-C45DFA371C0C} => Chrome.exe
Task: {A277BFFE-A665-4397-B5DB-8DD7545DE3D0} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1335456900-3083802626-1046228050-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {A84BB675-3DF7-4473-A4EA-896F9374471F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1335456900-3083802626-1046228050-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {B0066AC5-EC42-43ED-B7D5-017769C02DFD} - System32\Tasks\{E6F1635B-0037-44DE-B4BB-17F1C5483EC8} => pcalua.exe -a C:\Users\Haroldo\Downloads\ZHPDiag2.exe -d C:\Users\Haroldo\Downloads
Task: {B6EC6C06-3E11-4A99-B285-9AD8A83985C1} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {BAE2D357-FE86-4079-AAFC-55338942BF13} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {C3A38079-A828-40AA-B3B9-B6721ADF0329} - System32\Tasks\{9F2307BA-2CCE-4206-8B8C-7F01281A2398} => C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe [2009-11-18] (Hewlett-Packard)
Task: {CC57AA05-5579-445F-B95E-72DE3C2DB5A6} - System32\Tasks\avastBCLRestartS-1-5-21-1335456900-3083802626-1046228050-1000 => Chrome.exe
Task: {D1F30AB8-F56D-494A-A37A-96B086351407} - System32\Tasks\{A36F847A-F98D-4113-86D6-FC2AB2C5CDA7} => pcalua.exe -a "C:\Users\Haroldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKVVOYJ1\gbpcef.exe" -d C:\Users\Haroldo\Desktop
Task: {D1FEF0A5-2E6A-45B3-BAAF-FA3B189EFB43} - \GPUP No Task File <==== ATTENTION
Task: {DA1A88DC-7EFD-4660-9F18-81EF6FAB87FE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1335456900-3083802626-1046228050-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {DC51B311-B690-4667-99DA-40FB3BA8290B} - System32\Tasks\{CC33EF03-81DA-46CE-A364-A88BF0933152} => pcalua.exe -a C:\Users\Haroldo\Downloads\iGBPCEFsf.exe -d C:\Users\Haroldo\Downloads
Task: {E891510C-AB0C-402D-9AEC-0AC1DA2E1878} - System32\Tasks\{C24E0C33-6C36-41BA-A123-3CD2FF6D1AAC} => pcalua.exe -a "C:\Program Files (x86)\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hwsetupwizard\setup_guide.exe"
Task: {F02A8B83-F157-4CEE-B73C-B3AE7B77C193} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-13] ()
Task: {F4C6C979-50BC-4A78-A22E-7CA2C66BEBBB} - System32\Tasks\{89EA7F0B-828F-4136-93C0-08471805B84C} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag"
Task: {FB4271C9-FB21-4D39-8F36-67B73573382B} - System32\Tasks\{6EA03C4D-4FC9-4473-983C-7770EB13FBB6} => pcalua.exe -a C:\Users\Haroldo\Downloads\Windows_7_SP1_Ultimate_(64_Bit).exe -d C:\Users\Haroldo\Downloads
Task: {FF8E7A01-5FD4-4A3F-BC86-5BBA1FCEC261} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GPUP.job => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-03-14 14:28 - 2013-03-14 14:28 - 00653824 _____ () C:\Program Files (x86)\4shared Desktop\CMenu64.dll
2014-10-29 19:06 - 2014-10-29 19:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-11-21 22:03 - 2014-11-21 22:03 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2014-10-26 22:59 - 2014-10-26 22:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 05:41 - 2014-10-30 05:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-11-17 19:54 - 2014-11-17 19:54 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-17 19:54 - 2014-11-17 19:54 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-18 08:33 - 2014-12-18 08:34 - 01416704 _____ () C:\Users\Haroldo\Downloads\ZHPCleaner.exe
2014-12-17 17:57 - 2014-12-17 17:57 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121701\algo.dll
2014-11-17 19:54 - 2014-11-17 19:54 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-18 08:23 - 2014-12-18 08:23 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121800\algo.dll
2014-11-17 19:54 - 2014-11-17 19:54 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-29 19:01 - 2014-10-29 19:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2014-10-29 19:07 - 2014-10-29 19:07 - 00065600 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2014-10-04 02:04 - 2014-11-17 12:41 - 00865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2014-10-21 22:22 - 2014-10-21 22:22 - 00750080 _____ () C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-18 08:32 - 2014-12-18 08:32 - 00043008 _____ () c:\users\haroldo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslv0a0.dll
2014-10-21 22:22 - 2014-10-21 22:22 - 00047616 _____ () C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 22:22 - 2014-10-21 22:22 - 00863744 _____ () C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 22:22 - 2014-10-21 22:22 - 00200704 _____ () C:\Users\Haroldo\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-15 16:45 - 2014-12-05 23:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-15 16:45 - 2014-12-05 23:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-15 16:45 - 2014-12-05 23:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-15 16:45 - 2014-12-05 23:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\System32:125A0775_Bnb.gbp
AlternateDataStreams: C:\Windows\System32:125A0775_Cef.gbp
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Haroldo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Haroldo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hpqtra08.exe => C:\Windows\pss\hpqtra08.exe.Startup
MSCONFIG\startupfolder: C:^Users^Haroldo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IDriveSync.lnk => C:\Windows\pss\IDriveSync.lnk.Startup
MSCONFIG\startupreg: 652143F2D399EC200742314067EC40FA4555A1AF._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => "C:\Program Files (x86)\Windows Sidebar\sidebar.exe" /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: VDownloader => "C:\Program Files\VDownloader\VDownloader.exe" /silent

========================= Accounts: ==========================

Administrador (S-1-5-21-1335456900-3083802626-1046228050-500 - Administrator - Disabled)
Convidado (S-1-5-21-1335456900-3083802626-1046228050-501 - Limited - Disabled)
Haroldo (S-1-5-21-1335456900-3083802626-1046228050-1000 - Administrator - Enabled) => C:\Users\Haroldo
HomeGroupUser$ (S-1-5-21-1335456900-3083802626-1046228050-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2014 05:34:02 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Falha na geração de contexto de ativação para "1". Erro no arquivo de manifesto ou de diretiva 2", na linha 3.
Sintaxe XMl inválida.

Error: (12/17/2014 05:33:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Assembly dependente rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (12/16/2014 04:27:21 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 1760. ID da Mensagem: [0x2509].

Error: (12/16/2014 04:25:20 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 3296. ID da Mensagem: [0x2509].

Error: (12/16/2014 04:23:58 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 2372. ID da Mensagem: [0x2509].

Error: (12/15/2014 10:55:50 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 5224. ID da Mensagem: [0x2509].

Error: (12/15/2014 10:53:53 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 5436. ID da Mensagem: [0x2509].

Error: (12/15/2014 10:51:07 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 744. ID da Mensagem: [0x2509].

Error: (12/15/2014 10:50:48 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 2560. ID da Mensagem: [0x2509].

Error: (12/15/2014 10:46:54 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 5044. ID da Mensagem: [0x2509].

System errors:
=============
Error: (12/18/2014 08:31:17 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Windows Update suspenso ao iniciar.

Error: (12/18/2014 08:28:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço HP Network Devices Support terminou com o erro:
%%126

Error: (12/18/2014 08:26:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
BTHidMgr

Error: (12/18/2014 08:24:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço HOSTS Anti-PUPs devido ao seguinte erro:
%%2

Error: (12/18/2014 08:24:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Intel(R) PROSet/Wireless Event Log devido ao seguinte erro:
%%1053

Error: (12/18/2014 08:24:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Intel(R) PROSet/Wireless Event Log.

Error: (12/18/2014 08:23:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Apple Mobile Device devido ao seguinte erro:
%%1053

Error: (12/18/2014 08:23:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Apple Mobile Device.

Error: (12/17/2014 02:38:41 PM) (Source: Disk) (EventID: 11) (User: )
Description: O driver detectou um erro de controlador em \Device\Harddisk1\DR1.

Error: (12/17/2014 02:38:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: O driver detectou um erro de controlador em \Device\Harddisk1\DR1.

Microsoft Office Sessions:
=========================
Error: (12/17/2014 05:34:02 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dllC:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll2

Error: (12/17/2014 05:33:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe

Error: (12/16/2014 04:27:21 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 1760. ID da Mensagem: [0x2509].

Error: (12/16/2014 04:25:20 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 3296. ID da Mensagem: [0x2509].

Error: (12/16/2014 04:23:58 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 2372. ID da Mensagem: [0x2509].

Error: (12/15/2014 10:55:50 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 5224. ID da Mensagem: [0x2509].

Error: (12/15/2014 10:53:53 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 5436. ID da Mensagem: [0x2509].

Error: (12/15/2014 10:51:07 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 744. ID da Mensagem: [0x2509].

Error: (12/15/2014 10:50:48 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 2560. ID da Mensagem: [0x2509].

Error: (12/15/2014 10:46:54 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005. ID do Processo (decimal): 5044. ID da Mensagem: [0x2509].

CodeIntegrity Errors:
===================================
Date: 2014-05-08 15:05:02.951
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cashnbackdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-08 15:05:02.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cashnbackdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-08 15:05:02.202
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cashnbackdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-08 15:05:01.859
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cashnbackdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-08 15:01:51.384
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cashnbackdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-08 15:01:50.229
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cashnbackdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-08 15:01:49.465
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cashnbackdrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-08 15:01:45.440
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cashnbackdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-08 15:01:45.097
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cashnbackdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-01 12:02:29.676
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cashnbackdrv.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 57%
Total physical RAM: 3766.76 MB
Available physical RAM: 1594.59 MB
Total Pagefile: 7531.7 MB
Available Pagefile: 5181.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:187.33 GB) (Free:23.9 GB) NTFS
Drive e: () (Fixed) (Total:97.66 GB) (Free:25.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool

(Size: 298.1 GB) (Disk ID: FB4F4FB4)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=187.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=97.7 GB) - (Type=OF Extended)

==================== End Of Log ============================

por **joram** Qui 18 Dez 2014, 20:43

Boa Noite! pamonha

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist. << Texto!
> Salve-a na pasta Downloads! /!\ C:\Users\Haroldo\Downloads /!\

start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\...\MountPoints2: D - D:\Setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000 -> {EFA27348-E879-4907-9783-B1D0956D3E33} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO-x32: No Name -> {6468068f-3b63-4e56-bc34-ba140569e43f} -> No File
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]
S2 HPSLPSVC; C:\Users\Haroldo\AppData\Local\Temp\7zS485E\hpslpsvc64.dll [X]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-12-18 08:46 - 2014-12-18 08:52 - 00002061 _____ () C:\Users\Haroldo\Desktop\ZHPCleaner.txt
2014-12-18 08:46 - 2014-12-18 08:47 - 00000000 _____ () C:\essai.txt
2014-12-18 08:34 - 2014-12-18 08:34 - 00000834 _____ () C:\Users\Haroldo\Desktop\ZHPCleaner.lnk
2014-12-18 08:33 - 2014-12-18 08:34 - 01416704 _____ () C:\Users\Haroldo\Downloads\ZHPCleaner.exe
2014-12-18 08:27 - 2014-12-18 08:27 - 00000197 _____ () C:\Windows\system32\2014-12-18-10-27-00.080-AvastVBoxSVC.exe-4440.log
2014-12-17 13:50 - 2014-12-17 13:50 - 00000197 _____ () C:\Windows\system32\2014-12-17-15-50-54.015-AvastVBoxSVC.exe-4892.log
2014-12-16 16:21 - 2014-12-16 16:21 - 00000197 _____ () C:\Windows\system32\2014-12-16-18-21-25.017-AvastVBoxSVC.exe-3808.log
2014-12-15 22:41 - 2014-12-15 22:41 - 00000197 _____ () C:\Windows\system32\2014-12-16-00-41-42.071-AvastVBoxSVC.exe-2240.log
2014-12-15 18:44 - 2014-12-15 18:44 - 00000247 _____ () C:\Windows\system32\2014-12-15-20-44-30.014-aswFe.exe-6660.log
2014-12-15 18:32 - 2014-12-15 18:44 - 00000247 _____ () C:\Windows\system32\2014-12-15-20-32-34.054-aswFe.exe-5360.log
2014-12-15 18:32 - 2014-12-15 18:32 - 00000197 _____ () C:\Windows\system32\2014-12-15-20-32-31.066-AvastVBoxSVC.exe-4708.log
2014-12-12 05:08 - 2014-12-12 05:08 - 00000247 _____ () C:\Windows\system32\2014-12-12-07-08-41.014-aswFe.exe-5524.log
2014-12-12 05:08 - 2014-12-12 05:08 - 00000197 _____ () C:\Windows\system32\2014-12-12-07-08-33.076-AvastVBoxSVC.exe-1756.log
2014-12-12 01:34 - 2014-12-12 01:34 - 00000197 _____ () C:\Windows\system32\2014-12-12-03-34-50.057-AvastVBoxSVC.exe-1532.log
2014-12-10 15:53 - 2014-12-10 15:53 - 00000247 _____ () C:\Windows\system32\2014-12-10-17-53-34.041-aswFe.exe-4628.log
2014-12-10 15:46 - 2014-12-10 15:53 - 00000247 _____ () C:\Windows\system32\2014-12-10-17-46-42.054-aswFe.exe-5572.log
2014-12-10 15:46 - 2014-12-10 15:46 - 00000197 _____ () C:\Windows\system32\2014-12-10-17-46-38.086-AvastVBoxSVC.exe-3592.log
2014-12-10 04:11 - 2014-12-10 04:11 - 00000247 _____ () C:\Windows\system32\2014-12-10-06-11-42.018-aswFe.exe-3144.log
2014-12-10 04:11 - 2014-12-10 04:11 - 00000197 _____ () C:\Windows\system32\2014-12-10-06-11-37.080-AvastVBoxSVC.exe-3528.log
2014-12-10 01:23 - 2014-12-10 01:23 - 00000197 _____ () C:\Windows\system32\2014-12-10-03-23-31.045-AvastVBoxSVC.exe-1164.log
2014-12-10 01:18 - 2014-12-18 08:21 - 00000728 _____ () C:\Windows\setupact.log
2014-12-10 01:18 - 2014-12-10 01:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-09 00:38 - 2014-12-09 00:38 - 00000197 _____ () C:\Windows\system32\2014-12-09-02-38-21.047-AvastVBoxSVC.exe-3784.log
2014-12-08 14:52 - 2014-12-08 14:52 - 00000247 _____ () C:\Windows\system32\2014-12-08-16-52-37.084-aswFe.exe-5712.log
2014-12-08 14:46 - 2014-12-08 14:52 - 00000247 _____ () C:\Windows\system32\2014-12-08-16-46-12.015-aswFe.exe-4952.log
2014-12-08 14:46 - 2014-12-08 14:46 - 00000197 _____ () C:\Windows\system32\2014-12-08-16-46-07.056-AvastVBoxSVC.exe-4704.log
2014-12-08 12:29 - 2014-12-08 12:29 - 00000247 _____ () C:\Windows\system32\2014-12-08-14-29-58.071-aswFe.exe-4444.log
2014-12-08 12:22 - 2014-12-08 12:29 - 00000247 _____ () C:\Windows\system32\2014-12-08-14-22-28.059-aswFe.exe-4364.log
2014-12-08 12:22 - 2014-12-08 12:22 - 00000197 _____ () C:\Windows\system32\2014-12-08-14-22-20.092-AvastVBoxSVC.exe-4440.log
2014-12-08 00:56 - 2014-12-08 00:56 - 00000247 _____ () C:\Windows\system32\2014-12-08-02-56-29.074-aswFe.exe-1872.log
2014-12-08 00:56 - 2014-12-08 00:56 - 00000197 _____ () C:\Windows\system32\2014-12-08-02-56-24.074-AvastVBoxSVC.exe-3204.log
2014-12-07 16:09 - 2014-12-07 16:09 - 00000197 _____ () C:\Windows\system32\2014-12-07-18-09-40.002-AvastVBoxSVC.exe-5040.log
2014-12-06 10:45 - 2014-12-06 10:45 - 00000247 _____ () C:\Windows\system32\2014-12-06-12-45-40.092-aswFe.exe-5824.log
2014-12-06 10:36 - 2014-12-06 10:45 - 00000247 _____ () C:\Windows\system32\2014-12-06-12-36-42.063-aswFe.exe-5560.log
2014-12-06 10:36 - 2014-12-06 10:36 - 00000197 _____ () C:\Windows\system32\2014-12-06-12-36-36.064-AvastVBoxSVC.exe-2356.log
2014-12-05 02:19 - 2014-12-05 02:19 - 00000247 _____ () C:\Windows\system32\2014-12-05-04-19-45.017-aswFe.exe-5860.log
2014-12-05 02:13 - 2014-12-05 02:19 - 00000247 _____ () C:\Windows\system32\2014-12-05-04-13-38.011-aswFe.exe-4020.log
2014-12-05 02:13 - 2014-12-05 02:13 - 00000197 _____ () C:\Windows\system32\2014-12-05-04-13-32.096-AvastVBoxSVC.exe-5448.log
2014-12-04 14:29 - 2014-12-04 14:29 - 00000247 _____ () C:\Windows\system32\2014-12-04-16-29-07.005-aswFe.exe-3964.log
2014-12-04 14:23 - 2014-12-04 14:28 - 00000247 _____ () C:\Windows\system32\2014-12-04-16-23-02.094-aswFe.exe-5928.log
2014-12-04 14:22 - 2014-12-04 14:23 - 00000197 _____ () C:\Windows\system32\2014-12-04-16-22-57.051-AvastVBoxSVC.exe-4700.log
2014-12-04 13:46 - 2014-12-04 13:46 - 00000247 _____ () C:\Windows\system32\2014-12-04-15-46-26.039-aswFe.exe-6824.log
2014-12-04 13:46 - 2014-12-04 13:46 - 00000197 _____ () C:\Windows\system32\2014-12-04-15-46-22.034-AvastVBoxSVC.exe-4468.log
2014-12-04 13:45 - 2014-12-04 13:46 - 02154496 _____ () C:\Users\Haroldo\Downloads\adwcleaner_4.103.exe
2014-12-04 13:30 - 2014-12-04 13:30 - 00000247 _____ () C:\Windows\system32\2014-12-04-15-30-22.019-aswFe.exe-1808.log
2014-12-04 13:24 - 2014-12-04 13:30 - 00000247 _____ () C:\Windows\system32\2014-12-04-15-24-31.051-aswFe.exe-5560.log
2014-12-04 13:24 - 2014-12-04 13:24 - 00000197 _____ () C:\Windows\system32\2014-12-04-15-24-25.076-AvastVBoxSVC.exe-1984.log
2014-12-02 18:20 - 2014-12-02 18:20 - 00000247 _____ () C:\Windows\system32\2014-12-02-20-20-23.032-aswFe.exe-3232.log
2014-12-02 18:20 - 2014-12-02 18:20 - 00000197 _____ () C:\Windows\system32\2014-12-02-20-20-16.086-AvastVBoxSVC.exe-3912.log
2014-12-02 10:53 - 2014-12-02 10:53 - 00000247 _____ () C:\Windows\system32\2014-12-02-12-53-36.056-aswFe.exe-5424.log
2014-12-02 10:47 - 2014-12-02 10:53 - 00000247 _____ () C:\Windows\system32\2014-12-02-12-47-30.025-aswFe.exe-2580.log
2014-12-02 10:47 - 2014-12-02 10:47 - 00000197 _____ () C:\Windows\system32\2014-12-02-12-47-24.091-AvastVBoxSVC.exe-5512.log
2014-12-01 18:42 - 2014-12-01 18:42 - 00000247 _____ () C:\Windows\system32\2014-12-01-20-42-29.048-aswFe.exe-968.log
2014-12-01 18:35 - 2014-12-01 18:42 - 00000247 _____ () C:\Windows\system32\2014-12-01-20-35-52.033-aswFe.exe-5460.log
2014-12-01 18:35 - 2014-12-01 18:35 - 00000197 _____ () C:\Windows\system32\2014-12-01-20-35-47.020-AvastVBoxSVC.exe-3472.log
2014-11-29 04:01 - 2014-11-29 04:01 - 00000247 _____ () C:\Windows\system32\2014-11-29-06-01-39.079-aswFe.exe-4160.log
2014-11-29 03:54 - 2014-11-29 04:01 - 00000247 _____ () C:\Windows\system32\2014-11-29-05-54-06.048-aswFe.exe-1256.log
2014-11-29 03:54 - 2014-11-29 03:54 - 00000197 _____ () C:\Windows\system32\2014-11-29-05-54-00.029-AvastVBoxSVC.exe-5452.log
2014-11-28 07:26 - 2014-11-28 07:26 - 00000247 _____ () C:\Windows\system32\2014-11-28-09-26-27.016-aswFe.exe-5292.log
2014-11-28 07:20 - 2014-11-28 07:26 - 00000247 _____ () C:\Windows\system32\2014-11-28-09-20-18.096-aswFe.exe-2992.log
2014-11-28 07:20 - 2014-11-28 07:20 - 00000197 _____ () C:\Windows\system32\2014-11-28-09-20-12.019-AvastVBoxSVC.exe-3392.log
2014-11-27 12:40 - 2014-11-27 12:40 - 00000247 _____ () C:\Windows\system32\2014-11-27-14-40-07.095-aswFe.exe-2320.log
2014-11-27 12:34 - 2014-11-27 12:40 - 00000247 _____ () C:\Windows\system32\2014-11-27-14-34-31.056-aswFe.exe-5244.log
2014-11-27 12:34 - 2014-11-27 12:34 - 00000197 _____ () C:\Windows\system32\2014-11-27-14-34-26.012-AvastVBoxSVC.exe-1824.log
2014-11-26 21:46 - 2014-11-26 21:46 - 00000197 _____ () C:\Windows\system32\2014-11-26-23-46-36.007-AvastVBoxSVC.exe-4244.log
2014-11-26 17:36 - 2014-11-26 17:36 - 00000247 _____ () C:\Windows\system32\2014-11-26-19-36-49.072-aswFe.exe-5780.log
2014-11-26 17:29 - 2014-11-26 17:36 - 00000247 _____ () C:\Windows\system32\2014-11-26-19-29-58.012-aswFe.exe-4712.log
2014-11-26 17:29 - 2014-11-26 17:29 - 00000197 _____ () C:\Windows\system32\2014-11-26-19-29-46.003-AvastVBoxSVC.exe-3424.log
2014-11-25 20:31 - 2014-11-25 20:31 - 00000247 _____ () C:\Windows\system32\2014-11-25-22-31-15.064-aswFe.exe-4364.log
2014-11-25 20:24 - 2014-11-25 20:31 - 00000247 _____ () C:\Windows\system32\2014-11-25-22-24-42.024-aswFe.exe-5568.log
2014-11-25 20:24 - 2014-11-25 20:24 - 00000197 _____ () C:\Windows\system32\2014-11-25-22-24-36.096-AvastVBoxSVC.exe-4528.log
2014-11-25 14:02 - 2014-12-18 09:00 - 00943433 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 14:02 - 2014-11-25 14:02 - 00000197 _____ () C:\Windows\system32\2014-11-25-16-02-37.076-AvastVBoxSVC.exe-3236.log
2014-11-24 06:43 - 2014-11-24 06:43 - 00000197 _____ () C:\Windows\system32\2014-11-24-08-43-11.049-AvastVBoxSVC.exe-208.log
2014-11-24 01:26 - 2014-11-24 01:26 - 00000247 _____ () C:\Windows\system32\2014-11-24-03-26-06.054-aswFe.exe-580.log
2014-11-24 01:17 - 2014-11-24 01:25 - 00000247 _____ () C:\Windows\system32\2014-11-24-03-17-20.028-aswFe.exe-4460.log
2014-11-24 01:17 - 2014-11-24 01:17 - 00000197 _____ () C:\Windows\system32\2014-11-24-03-17-12.061-AvastVBoxSVC.exe-3120.log
2014-11-18 13:04 - 2014-11-18 13:04 - 00000197 _____ () C:\Windows\system32\2014-11-18-15-04-12.059-AvastVBoxSVC.exe-3232.log
2014-12-18 08:52 - 2014-04-24 01:40 - 00000000 ____D () C:\Users\Haroldo\AppData\Roaming\ZHP
2014-12-08 12:43 - 2014-08-15 01:13 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-12-08 12:43 - 2014-08-15 01:13 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-12-04 13:51 - 2009-07-14 03:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-04 13:49 - 2014-04-27 00:45 - 00000000 ____D () C:\AdwCleaner
2014-11-24 09:11 - 2014-08-13 06:36 - 00027934 _____ () C:\PureRa.txt
C:\Users\Haroldo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslv0a0.dll
C:\Users\Haroldo\AppData\Local\Temp\Quarantine.exe
C:\Users\Haroldo\AppData\Local\Temp\sqlite3.dll
Task: {4DB88AD5-5AB7-4451-8B88-6DC452918E2F} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {79F9294D-7674-4371-A090-734DC91ED5D5} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {7F9A48EC-F1A8-48F4-AEBA-8E3D13927332} - System32\Tasks\{43C2224B-4665-46D8-AB8A-91ED06C9B5D7} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag\ZHPFix"
Task: {D1FEF0A5-2E6A-45B3-BAAF-FA3B189EFB43} - \GPUP No Task File <==== ATTENTION
Task: {F4C6C979-50BC-4A78-A22E-7CA2C66BEBBB} - System32\Tasks\{89EA7F0B-828F-4136-93C0-08471805B84C} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag"
Task: C:\Windows\Tasks\GPUP.job => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:373E1720
emptytemp:
end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)

A+

por pamonha Qui 08 Jan 2015, 17:31

Prezado Joram,

Remeti-lhe ambos os logs gerados pelo ZHPCleaner, e continuo no aguardo de sua valiosa orientação. Grato e um abraço.

por **joram** Qui 08 Jan 2015, 17:55

pamonha escreveu:Prezado Joram,

Remeti-lhe ambos os logs gerados pelo ZHPCleaner, e continuo no aguardo de sua valiosa orientação. Grato e um abraço.

/!\ Boa Tarde! pamonha /!\

> Não foi postado o relatório Fixlog,que não tem nada haver com ZHPCleaner.
> Ps: Longo foi o tempo ausente e,talvez,tenha que rodar a ferramenta FRST.

A+

por pamonha Qui 08 Jan 2015, 18:04

Prezado Joram, boa tarde.

Após haver c opiado toda a mensagem em vermelho para o Bloco de Notas do ZHPFix, ao clicar o "Go", aparece uma mensagem travando. Desculpe, mas não me ocorre como salvar tal mensagem em "Downloads". Faria a gentileza de me detalhar esses passos?

por **joram** Qui 08 Jan 2015, 19:10

pamonha escreveu:Prezado Joram, boa tarde.

Após haver c opiado toda a mensagem em vermelho para o Bloco de Notas do ZHPFix, ao clicar o "Go", aparece uma mensagem travando. Desculpe, mas não me ocorre como salvar tal mensagem em "Downloads". Faria a gentileza de me detalhar esses passos?

/!\ Olá! pamonha /!\

> O script foi elaborado para ser rodado na ferramenta FRST e não ZHPFix. adobe - Impossibilidade de baixar Adobe Flash Player 335764

> Ps: Vc tem dificuldades na interpretação? study

A+

por pamonha Sex 09 Jan 2015, 12:29

Caro Joram, boa tarde.

Sua recomendação:

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist. << Texto!
> Salve-a na pasta Downloads! /!\ C:\Users\Haroldo\Downloads /!\

Depois de copiadas as informações em vermelho no Bloco de Notas do FRST64, e antes de clicar o Fix, como salvá-la na pasta Downloads supra, atribuindo-lhe o nome fixlist, de vez que não encontro um meio de fazê-lo. Muito obrigado.

O Fixlog do FRST64 é demasiadamente extenso e não consigo encaminhá-lo em partes. Existe uma outra forma de postagem compactada? Estarei no aguardo de sua resposta. Grato

por **joram** Sex 09 Jan 2015, 19:29

/!\ Boa Noite! pamonha /!\

> Tive que remover seus relatórios,pois os mesmos estavam errados...simplesmente pelo fato de interpretar incorretamente as instruções.

pamonha escreveu:Depois de copiadas as informações em vermelho no Bloco de Notas do FRST64,

> O FRST64 não possui nenhum Bloco de Notas a ser copiado. O Bloco de Notas que me referi,pertence ao Windows e deve ser salvo na pasta Downloads,com o nome fixlist.
> Ps: Repita o procedimento!

A+

por pamonha Seg 12 Jan 2015, 15:56

Caro Joram,

Boa tarde.

Faço-lhe a seguir a postagem do fix.log.txt, ficando no aguardo de possível reorientação. De já, meu muito obrigado.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Haroldo at 2015-01-12 15:43:22 Run:2
Running from C:\Users\Haroldo\Downloads
Loaded Profile: Haroldo (Available profiles: Haroldo & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\...\MountPoints2: D - D:\Setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1335456900-3083802626-1046228050-1000 -> {EFA27348-E879-4907-9783-B1D0956D3E33} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO-x32: No Name -> {6468068f-3b63-4e56-bc34-ba140569e43f} -> No File
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [X]
S2 HPSLPSVC; C:\Users\Haroldo\AppData\Local\Temp\7zS485E\hpslpsvc64.dll [X]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-12-18 08:46 - 2014-12-18 08:52 - 00002061 _____ () C:\Users\Haroldo\Desktop\ZHPCleaner.txt
2014-12-18 08:46 - 2014-12-18 08:47 - 00000000 _____ () C:\essai.txt
2014-12-18 08:34 - 2014-12-18 08:34 - 00000834 _____ () C:\Users\Haroldo\Desktop\ZHPCleaner.lnk
2014-12-18 08:33 - 2014-12-18 08:34 - 01416704 _____ () C:\Users\Haroldo\Downloads\ZHPCleaner.exe
2014-12-18 08:27 - 2014-12-18 08:27 - 00000197 _____ () C:\Windows\system32\2014-12-18-10-27-00.080-AvastVBoxSVC.exe-4440.log
2014-12-17 13:50 - 2014-12-17 13:50 - 00000197 _____ () C:\Windows\system32\2014-12-17-15-50-54.015-AvastVBoxSVC.exe-4892.log
2014-12-16 16:21 - 2014-12-16 16:21 - 00000197 _____ () C:\Windows\system32\2014-12-16-18-21-25.017-AvastVBoxSVC.exe-3808.log
2014-12-15 22:41 - 2014-12-15 22:41 - 00000197 _____ () C:\Windows\system32\2014-12-16-00-41-42.071-AvastVBoxSVC.exe-2240.log
2014-12-15 18:44 - 2014-12-15 18:44 - 00000247 _____ () C:\Windows\system32\2014-12-15-20-44-30.014-aswFe.exe-6660.log
2014-12-15 18:32 - 2014-12-15 18:44 - 00000247 _____ () C:\Windows\system32\2014-12-15-20-32-34.054-aswFe.exe-5360.log
2014-12-15 18:32 - 2014-12-15 18:32 - 00000197 _____ () C:\Windows\system32\2014-12-15-20-32-31.066-AvastVBoxSVC.exe-4708.log
2014-12-12 05:08 - 2014-12-12 05:08 - 00000247 _____ () C:\Windows\system32\2014-12-12-07-08-41.014-aswFe.exe-5524.log
2014-12-12 05:08 - 2014-12-12 05:08 - 00000197 _____ () C:\Windows\system32\2014-12-12-07-08-33.076-AvastVBoxSVC.exe-1756.log
2014-12-12 01:34 - 2014-12-12 01:34 - 00000197 _____ () C:\Windows\system32\2014-12-12-03-34-50.057-AvastVBoxSVC.exe-1532.log
2014-12-10 15:53 - 2014-12-10 15:53 - 00000247 _____ () C:\Windows\system32\2014-12-10-17-53-34.041-aswFe.exe-4628.log
2014-12-10 15:46 - 2014-12-10 15:53 - 00000247 _____ () C:\Windows\system32\2014-12-10-17-46-42.054-aswFe.exe-5572.log
2014-12-10 15:46 - 2014-12-10 15:46 - 00000197 _____ () C:\Windows\system32\2014-12-10-17-46-38.086-AvastVBoxSVC.exe-3592.log
2014-12-10 04:11 - 2014-12-10 04:11 - 00000247 _____ () C:\Windows\system32\2014-12-10-06-11-42.018-aswFe.exe-3144.log
2014-12-10 04:11 - 2014-12-10 04:11 - 00000197 _____ () C:\Windows\system32\2014-12-10-06-11-37.080-AvastVBoxSVC.exe-3528.log
2014-12-10 01:23 - 2014-12-10 01:23 - 00000197 _____ () C:\Windows\system32\2014-12-10-03-23-31.045-AvastVBoxSVC.exe-1164.log
2014-12-10 01:18 - 2014-12-18 08:21 - 00000728 _____ () C:\Windows\setupact.log
2014-12-10 01:18 - 2014-12-10 01:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-09 00:38 - 2014-12-09 00:38 - 00000197 _____ () C:\Windows\system32\2014-12-09-02-38-21.047-AvastVBoxSVC.exe-3784.log
2014-12-08 14:52 - 2014-12-08 14:52 - 00000247 _____ () C:\Windows\system32\2014-12-08-16-52-37.084-aswFe.exe-5712.log
2014-12-08 14:46 - 2014-12-08 14:52 - 00000247 _____ () C:\Windows\system32\2014-12-08-16-46-12.015-aswFe.exe-4952.log
2014-12-08 14:46 - 2014-12-08 14:46 - 00000197 _____ () C:\Windows\system32\2014-12-08-16-46-07.056-AvastVBoxSVC.exe-4704.log
2014-12-08 12:29 - 2014-12-08 12:29 - 00000247 _____ () C:\Windows\system32\2014-12-08-14-29-58.071-aswFe.exe-4444.log
2014-12-08 12:22 - 2014-12-08 12:29 - 00000247 _____ () C:\Windows\system32\2014-12-08-14-22-28.059-aswFe.exe-4364.log
2014-12-08 12:22 - 2014-12-08 12:22 - 00000197 _____ () C:\Windows\system32\2014-12-08-14-22-20.092-AvastVBoxSVC.exe-4440.log
2014-12-08 00:56 - 2014-12-08 00:56 - 00000247 _____ () C:\Windows\system32\2014-12-08-02-56-29.074-aswFe.exe-1872.log
2014-12-08 00:56 - 2014-12-08 00:56 - 00000197 _____ () C:\Windows\system32\2014-12-08-02-56-24.074-AvastVBoxSVC.exe-3204.log
2014-12-07 16:09 - 2014-12-07 16:09 - 00000197 _____ () C:\Windows\system32\2014-12-07-18-09-40.002-AvastVBoxSVC.exe-5040.log
2014-12-06 10:45 - 2014-12-06 10:45 - 00000247 _____ () C:\Windows\system32\2014-12-06-12-45-40.092-aswFe.exe-5824.log
2014-12-06 10:36 - 2014-12-06 10:45 - 00000247 _____ () C:\Windows\system32\2014-12-06-12-36-42.063-aswFe.exe-5560.log
2014-12-06 10:36 - 2014-12-06 10:36 - 00000197 _____ () C:\Windows\system32\2014-12-06-12-36-36.064-AvastVBoxSVC.exe-2356.log
2014-12-05 02:19 - 2014-12-05 02:19 - 00000247 _____ () C:\Windows\system32\2014-12-05-04-19-45.017-aswFe.exe-5860.log
2014-12-05 02:13 - 2014-12-05 02:19 - 00000247 _____ () C:\Windows\system32\2014-12-05-04-13-38.011-aswFe.exe-4020.log
2014-12-05 02:13 - 2014-12-05 02:13 - 00000197 _____ () C:\Windows\system32\2014-12-05-04-13-32.096-AvastVBoxSVC.exe-5448.log
2014-12-04 14:29 - 2014-12-04 14:29 - 00000247 _____ () C:\Windows\system32\2014-12-04-16-29-07.005-aswFe.exe-3964.log
2014-12-04 14:23 - 2014-12-04 14:28 - 00000247 _____ () C:\Windows\system32\2014-12-04-16-23-02.094-aswFe.exe-5928.log
2014-12-04 14:22 - 2014-12-04 14:23 - 00000197 _____ () C:\Windows\system32\2014-12-04-16-22-57.051-AvastVBoxSVC.exe-4700.log
2014-12-04 13:46 - 2014-12-04 13:46 - 00000247 _____ () C:\Windows\system32\2014-12-04-15-46-26.039-aswFe.exe-6824.log
2014-12-04 13:46 - 2014-12-04 13:46 - 00000197 _____ () C:\Windows\system32\2014-12-04-15-46-22.034-AvastVBoxSVC.exe-4468.log
2014-12-04 13:45 - 2014-12-04 13:46 - 02154496 _____ () C:\Users\Haroldo\Downloads\adwcleaner_4.103.exe
2014-12-04 13:30 - 2014-12-04 13:30 - 00000247 _____ () C:\Windows\system32\2014-12-04-15-30-22.019-aswFe.exe-1808.log
2014-12-04 13:24 - 2014-12-04 13:30 - 00000247 _____ () C:\Windows\system32\2014-12-04-15-24-31.051-aswFe.exe-5560.log
2014-12-04 13:24 - 2014-12-04 13:24 - 00000197 _____ () C:\Windows\system32\2014-12-04-15-24-25.076-AvastVBoxSVC.exe-1984.log
2014-12-02 18:20 - 2014-12-02 18:20 - 00000247 _____ () C:\Windows\system32\2014-12-02-20-20-23.032-aswFe.exe-3232.log
2014-12-02 18:20 - 2014-12-02 18:20 - 00000197 _____ () C:\Windows\system32\2014-12-02-20-20-16.086-AvastVBoxSVC.exe-3912.log
2014-12-02 10:53 - 2014-12-02 10:53 - 00000247 _____ () C:\Windows\system32\2014-12-02-12-53-36.056-aswFe.exe-5424.log
2014-12-02 10:47 - 2014-12-02 10:53 - 00000247 _____ () C:\Windows\system32\2014-12-02-12-47-30.025-aswFe.exe-2580.log
2014-12-02 10:47 - 2014-12-02 10:47 - 00000197 _____ () C:\Windows\system32\2014-12-02-12-47-24.091-AvastVBoxSVC.exe-5512.log
2014-12-01 18:42 - 2014-12-01 18:42 - 00000247 _____ () C:\Windows\system32\2014-12-01-20-42-29.048-aswFe.exe-968.log
2014-12-01 18:35 - 2014-12-01 18:42 - 00000247 _____ () C:\Windows\system32\2014-12-01-20-35-52.033-aswFe.exe-5460.log
2014-12-01 18:35 - 2014-12-01 18:35 - 00000197 _____ () C:\Windows\system32\2014-12-01-20-35-47.020-AvastVBoxSVC.exe-3472.log
2014-11-29 04:01 - 2014-11-29 04:01 - 00000247 _____ () C:\Windows\system32\2014-11-29-06-01-39.079-aswFe.exe-4160.log
2014-11-29 03:54 - 2014-11-29 04:01 - 00000247 _____ () C:\Windows\system32\2014-11-29-05-54-06.048-aswFe.exe-1256.log
2014-11-29 03:54 - 2014-11-29 03:54 - 00000197 _____ () C:\Windows\system32\2014-11-29-05-54-00.029-AvastVBoxSVC.exe-5452.log
2014-11-28 07:26 - 2014-11-28 07:26 - 00000247 _____ () C:\Windows\system32\2014-11-28-09-26-27.016-aswFe.exe-5292.log
2014-11-28 07:20 - 2014-11-28 07:26 - 00000247 _____ () C:\Windows\system32\2014-11-28-09-20-18.096-aswFe.exe-2992.log
2014-11-28 07:20 - 2014-11-28 07:20 - 00000197 _____ () C:\Windows\system32\2014-11-28-09-20-12.019-AvastVBoxSVC.exe-3392.log
2014-11-27 12:40 - 2014-11-27 12:40 - 00000247 _____ () C:\Windows\system32\2014-11-27-14-40-07.095-aswFe.exe-2320.log
2014-11-27 12:34 - 2014-11-27 12:40 - 00000247 _____ () C:\Windows\system32\2014-11-27-14-34-31.056-aswFe.exe-5244.log
2014-11-27 12:34 - 2014-11-27 12:34 - 00000197 _____ () C:\Windows\system32\2014-11-27-14-34-26.012-AvastVBoxSVC.exe-1824.log
2014-11-26 21:46 - 2014-11-26 21:46 - 00000197 _____ () C:\Windows\system32\2014-11-26-23-46-36.007-AvastVBoxSVC.exe-4244.log
2014-11-26 17:36 - 2014-11-26 17:36 - 00000247 _____ () C:\Windows\system32\2014-11-26-19-36-49.072-aswFe.exe-5780.log
2014-11-26 17:29 - 2014-11-26 17:36 - 00000247 _____ () C:\Windows\system32\2014-11-26-19-29-58.012-aswFe.exe-4712.log
2014-11-26 17:29 - 2014-11-26 17:29 - 00000197 _____ () C:\Windows\system32\2014-11-26-19-29-46.003-AvastVBoxSVC.exe-3424.log
2014-11-25 20:31 - 2014-11-25 20:31 - 00000247 _____ () C:\Windows\system32\2014-11-25-22-31-15.064-aswFe.exe-4364.log
2014-11-25 20:24 - 2014-11-25 20:31 - 00000247 _____ () C:\Windows\system32\2014-11-25-22-24-42.024-aswFe.exe-5568.log
2014-11-25 20:24 - 2014-11-25 20:24 - 00000197 _____ () C:\Windows\system32\2014-11-25-22-24-36.096-AvastVBoxSVC.exe-4528.log
2014-11-25 14:02 - 2014-12-18 09:00 - 00943433 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 14:02 - 2014-11-25 14:02 - 00000197 _____ () C:\Windows\system32\2014-11-25-16-02-37.076-AvastVBoxSVC.exe-3236.log
2014-11-24 06:43 - 2014-11-24 06:43 - 00000197 _____ () C:\Windows\system32\2014-11-24-08-43-11.049-AvastVBoxSVC.exe-208.log
2014-11-24 01:26 - 2014-11-24 01:26 - 00000247 _____ () C:\Windows\system32\2014-11-24-03-26-06.054-aswFe.exe-580.log
2014-11-24 01:17 - 2014-11-24 01:25 - 00000247 _____ () C:\Windows\system32\2014-11-24-03-17-20.028-aswFe.exe-4460.log
2014-11-24 01:17 - 2014-11-24 01:17 - 00000197 _____ () C:\Windows\system32\2014-11-24-03-17-12.061-AvastVBoxSVC.exe-3120.log
2014-11-18 13:04 - 2014-11-18 13:04 - 00000197 _____ () C:\Windows\system32\2014-11-18-15-04-12.059-AvastVBoxSVC.exe-3232.log
2014-12-18 08:52 - 2014-04-24 01:40 - 00000000 ____D () C:\Users\Haroldo\AppData\Roaming\ZHP
2014-12-08 12:43 - 2014-08-15 01:13 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-12-08 12:43 - 2014-08-15 01:13 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-12-04 13:51 - 2009-07-14 03:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-04 13:49 - 2014-04-27 00:45 - 00000000 ____D () C:\AdwCleaner
2014-11-24 09:11 - 2014-08-13 06:36 - 00027934 _____ () C:\PureRa.txt
C:\Users\Haroldo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslv0a0.dll
C:\Users\Haroldo\AppData\Local\Temp\Quarantine.exe
C:\Users\Haroldo\AppData\Local\Temp\sqlite3.dll
Task: {4DB88AD5-5AB7-4451-8B88-6DC452918E2F} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {79F9294D-7674-4371-A090-734DC91ED5D5} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {7F9A48EC-F1A8-48F4-AEBA-8E3D13927332} - System32\Tasks\{43C2224B-4665-46D8-AB8A-91ED06C9B5D7} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag\ZHPFix"
Task: {D1FEF0A5-2E6A-45B3-BAAF-FA3B189EFB43} - \GPUP No Task File <==== ATTENTION
Task: {F4C6C979-50BC-4A78-A22E-7CA2C66BEBBB} - System32\Tasks\{89EA7F0B-828F-4136-93C0-08471805B84C} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag"
Task: C:\Windows\Tasks\GPUP.job => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:373E1720
emptytemp:
end

*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found.
"HKU\S-1-5-21-1335456900-3083802626-1046228050-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFA27348-E879-4907-9783-B1D0956D3E33}" => Key deleted successfully.
HKCR\CLSID\{EFA27348-E879-4907-9783-B1D0956D3E33} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6468068f-3b63-4e56-bc34-ba140569e43f}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6468068f-3b63-4e56-bc34-ba140569e43f} => Key not found.
Chrome HomePage deleted successfully.
HOSTS Anti-PUPs => Service deleted successfully.
HPSLPSVC => Service deleted successfully.
BlueletAudio => Service deleted successfully.
BlueletSCOAudio => Service deleted successfully.
BprotectEx => Service deleted successfully.
BT => Service deleted successfully.
Btcsrusb => Service deleted successfully.
BTHidEnum => Service deleted successfully.
BTHidMgr => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
Ser2pl => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VComm => Service deleted successfully.
VcommMgr => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Haroldo\Desktop\ZHPCleaner.txt => Moved successfully.
C:\essai.txt => Moved successfully.
C:\Users\Haroldo\Desktop\ZHPCleaner.lnk => Moved successfully.
C:\Users\Haroldo\Downloads\ZHPCleaner.exe => Moved successfully.
C:\Windows\system32\2014-12-18-10-27-00.080-AvastVBoxSVC.exe-4440.log => Moved successfully.
C:\Windows\system32\2014-12-17-15-50-54.015-AvastVBoxSVC.exe-4892.log => Moved successfully.
C:\Windows\system32\2014-12-16-18-21-25.017-AvastVBoxSVC.exe-3808.log => Moved successfully.
C:\Windows\system32\2014-12-16-00-41-42.071-AvastVBoxSVC.exe-2240.log => Moved successfully.
C:\Windows\system32\2014-12-15-20-44-30.014-aswFe.exe-6660.log => Moved successfully.
C:\Windows\system32\2014-12-15-20-32-34.054-aswFe.exe-5360.log => Moved successfully.
C:\Windows\system32\2014-12-15-20-32-31.066-AvastVBoxSVC.exe-4708.log => Moved successfully.
C:\Windows\system32\2014-12-12-07-08-41.014-aswFe.exe-5524.log => Moved successfully.
C:\Windows\system32\2014-12-12-07-08-33.076-AvastVBoxSVC.exe-1756.log => Moved successfully.
C:\Windows\system32\2014-12-12-03-34-50.057-AvastVBoxSVC.exe-1532.log => Moved successfully.
C:\Windows\system32\2014-12-10-17-53-34.041-aswFe.exe-4628.log => Moved successfully.
C:\Windows\system32\2014-12-10-17-46-42.054-aswFe.exe-5572.log => Moved successfully.
C:\Windows\system32\2014-12-10-17-46-38.086-AvastVBoxSVC.exe-3592.log => Moved successfully.
C:\Windows\system32\2014-12-10-06-11-42.018-aswFe.exe-3144.log => Moved successfully.
C:\Windows\system32\2014-12-10-06-11-37.080-AvastVBoxSVC.exe-3528.log => Moved successfully.
C:\Windows\system32\2014-12-10-03-23-31.045-AvastVBoxSVC.exe-1164.log => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\Windows\system32\2014-12-09-02-38-21.047-AvastVBoxSVC.exe-3784.log => Moved successfully.
C:\Windows\system32\2014-12-08-16-52-37.084-aswFe.exe-5712.log => Moved successfully.
C:\Windows\system32\2014-12-08-16-46-12.015-aswFe.exe-4952.log => Moved successfully.
C:\Windows\system32\2014-12-08-16-46-07.056-AvastVBoxSVC.exe-4704.log => Moved successfully.
C:\Windows\system32\2014-12-08-14-29-58.071-aswFe.exe-4444.log => Moved successfully.
C:\Windows\system32\2014-12-08-14-22-28.059-aswFe.exe-4364.log => Moved successfully.
C:\Windows\system32\2014-12-08-14-22-20.092-AvastVBoxSVC.exe-4440.log => Moved successfully.
C:\Windows\system32\2014-12-08-02-56-29.074-aswFe.exe-1872.log => Moved successfully.
C:\Windows\system32\2014-12-08-02-56-24.074-AvastVBoxSVC.exe-3204.log => Moved successfully.
C:\Windows\system32\2014-12-07-18-09-40.002-AvastVBoxSVC.exe-5040.log => Moved successfully.
C:\Windows\system32\2014-12-06-12-45-40.092-aswFe.exe-5824.log => Moved successfully.
C:\Windows\system32\2014-12-06-12-36-42.063-aswFe.exe-5560.log => Moved successfully.
C:\Windows\system32\2014-12-06-12-36-36.064-AvastVBoxSVC.exe-2356.log => Moved successfully.
C:\Windows\system32\2014-12-05-04-19-45.017-aswFe.exe-5860.log => Moved successfully.
C:\Windows\system32\2014-12-05-04-13-38.011-aswFe.exe-4020.log => Moved successfully.
C:\Windows\system32\2014-12-05-04-13-32.096-AvastVBoxSVC.exe-5448.log => Moved successfully.
C:\Windows\system32\2014-12-04-16-29-07.005-aswFe.exe-3964.log => Moved successfully.
C:\Windows\system32\2014-12-04-16-23-02.094-aswFe.exe-5928.log => Moved successfully.
C:\Windows\system32\2014-12-04-16-22-57.051-AvastVBoxSVC.exe-4700.log => Moved successfully.
C:\Windows\system32\2014-12-04-15-46-26.039-aswFe.exe-6824.log => Moved successfully.
C:\Windows\system32\2014-12-04-15-46-22.034-AvastVBoxSVC.exe-4468.log => Moved successfully.
C:\Users\Haroldo\Downloads\adwcleaner_4.103.exe => Moved successfully.
C:\Windows\system32\2014-12-04-15-30-22.019-aswFe.exe-1808.log => Moved successfully.
C:\Windows\system32\2014-12-04-15-24-31.051-aswFe.exe-5560.log => Moved successfully.
C:\Windows\system32\2014-12-04-15-24-25.076-AvastVBoxSVC.exe-1984.log => Moved successfully.
C:\Windows\system32\2014-12-02-20-20-23.032-aswFe.exe-3232.log => Moved successfully.
C:\Windows\system32\2014-12-02-20-20-16.086-AvastVBoxSVC.exe-3912.log => Moved successfully.
C:\Windows\system32\2014-12-02-12-53-36.056-aswFe.exe-5424.log => Moved successfully.
C:\Windows\system32\2014-12-02-12-47-30.025-aswFe.exe-2580.log => Moved successfully.
C:\Windows\system32\2014-12-02-12-47-24.091-AvastVBoxSVC.exe-5512.log => Moved successfully.
C:\Windows\system32\2014-12-01-20-42-29.048-aswFe.exe-968.log => Moved successfully.
C:\Windows\system32\2014-12-01-20-35-52.033-aswFe.exe-5460.log => Moved successfully.
C:\Windows\system32\2014-12-01-20-35-47.020-AvastVBoxSVC.exe-3472.log => Moved successfully.
C:\Windows\system32\2014-11-29-06-01-39.079-aswFe.exe-4160.log => Moved successfully.
C:\Windows\system32\2014-11-29-05-54-06.048-aswFe.exe-1256.log => Moved successfully.
C:\Windows\system32\2014-11-29-05-54-00.029-AvastVBoxSVC.exe-5452.log => Moved successfully.
C:\Windows\system32\2014-11-28-09-26-27.016-aswFe.exe-5292.log => Moved successfully.
C:\Windows\system32\2014-11-28-09-20-18.096-aswFe.exe-2992.log => Moved successfully.
C:\Windows\system32\2014-11-28-09-20-12.019-AvastVBoxSVC.exe-3392.log => Moved successfully.
C:\Windows\system32\2014-11-27-14-40-07.095-aswFe.exe-2320.log => Moved successfully.
C:\Windows\system32\2014-11-27-14-34-31.056-aswFe.exe-5244.log => Moved successfully.
C:\Windows\system32\2014-11-27-14-34-26.012-AvastVBoxSVC.exe-1824.log => Moved successfully.
C:\Windows\system32\2014-11-26-23-46-36.007-AvastVBoxSVC.exe-4244.log => Moved successfully.
C:\Windows\system32\2014-11-26-19-36-49.072-aswFe.exe-5780.log => Moved successfully.
C:\Windows\system32\2014-11-26-19-29-58.012-aswFe.exe-4712.log => Moved successfully.
C:\Windows\system32\2014-11-26-19-29-46.003-AvastVBoxSVC.exe-3424.log => Moved successfully.
C:\Windows\system32\2014-11-25-22-31-15.064-aswFe.exe-4364.log => Moved successfully.
C:\Windows\system32\2014-11-25-22-24-42.024-aswFe.exe-5568.log => Moved successfully.
C:\Windows\system32\2014-11-25-22-24-36.096-AvastVBoxSVC.exe-4528.log => Moved successfully.
Could not move "C:\Windows\WindowsUpdate.log" => Scheduled to move on reboot.
C:\Windows\system32\2014-11-25-16-02-37.076-AvastVBoxSVC.exe-3236.log => Moved successfully.
C:\Windows\system32\2014-11-24-08-43-11.049-AvastVBoxSVC.exe-208.log => Moved successfully.
C:\Windows\system32\2014-11-24-03-26-06.054-aswFe.exe-580.log => Moved successfully.
C:\Windows\system32\2014-11-24-03-17-20.028-aswFe.exe-4460.log => Moved successfully.
C:\Windows\system32\2014-11-24-03-17-12.061-AvastVBoxSVC.exe-3120.log => Moved successfully.
C:\Windows\system32\2014-11-18-15-04-12.059-AvastVBoxSVC.exe-3232.log => Moved successfully.
C:\Users\Haroldo\AppData\Roaming\ZHP => Moved successfully.
C:\Users\Todos os Usuários\Baidu Security => Moved successfully.
"C:\ProgramData\Baidu Security" => File/Directory not found.
Could not move "C:\Windows\Tasks\SCHEDLGU.TXT" => Scheduled to move on reboot.
C:\AdwCleaner => Moved successfully.
C:\PureRa.txt => Moved successfully.
"C:\Users\Haroldo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslv0a0.dll" => File/Directory not found.
C:\Users\Haroldo\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Haroldo\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4DB88AD5-5AB7-4451-8B88-6DC452918E2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB88AD5-5AB7-4451-8B88-6DC452918E2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79F9294D-7674-4371-A090-734DC91ED5D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79F9294D-7674-4371-A090-734DC91ED5D5}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F9A48EC-F1A8-48F4-AEBA-8E3D13927332}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F9A48EC-F1A8-48F4-AEBA-8E3D13927332}" => Key deleted successfully.
C:\Windows\System32\Tasks\{43C2224B-4665-46D8-AB8A-91ED06C9B5D7} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43C2224B-4665-46D8-AB8A-91ED06C9B5D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1FEF0A5-2E6A-45B3-BAAF-FA3B189EFB43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1FEF0A5-2E6A-45B3-BAAF-FA3B189EFB43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4C6C979-50BC-4A78-A22E-7CA2C66BEBBB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4C6C979-50BC-4A78-A22E-7CA2C66BEBBB}" => Key deleted successfully.
C:\Windows\System32\Tasks\{89EA7F0B-828F-4136-93C0-08471805B84C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{89EA7F0B-828F-4136-93C0-08471805B84C}" => Key deleted successfully.
C:\Windows\Tasks\GPUP.job => Moved successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
"C:\Users\Todos os Usuários\TEMP" => ":373E1720" ADS not found.
EmptyTemp: => Removed 1.2 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-12 15:47:32)<=

C:\Windows\WindowsUpdate.log => Is moved successfully.
"C:\Windows\Tasks\SCHEDLGU.TXT" => File could not move.

==== End of Fixlog 15:47:32 ====

por **joram** Seg 12 Jan 2015, 18:00

/!\ Boa Tarde! pamonha /!\

> O relatório Fixlog veio corretamente! isso aí!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute Zoek.exe como administrador.

ipconfig /flushdns;b
QuickScan;
autoclean;
emptytemp;

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt <<

A+

por pamonha Seg 12 Jan 2015, 23:33

Caro Joram, boa noite.

Em atenção à sua orientação, estou postando o log Zoek-results.txt, gerado pelo Zoek, permanecendo na expectativa de possível reorientação. De já, meu agradecimento sincero.

Zoek.exe v5.0.0.0 Updated 09-January-2015
Tool run by Haroldo on 12/01/2015 at 22:08:57.65.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Haroldo\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/01/2015 22:13:38 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AP Tuner deleted successfully
C:\PROGRA~2\Oasis Games Limited deleted successfully
C:\Users\Haroldo\AppData\Local\uTorrent deleted successfully
C:\Users\Haroldo\AppData\Local\Warface deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18D7233-3848-46D7-8FA-64A7C4C68025} deleted successfully
HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B477897-B097-4C25-AA54-9484B5CE3A39} deleted successfully
HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E471E78-1A73-4643-B064-4B5E3465401D} deleted successfully
HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{309496E8-EED5-4EE2-8CFB-4C26387C5E7} deleted successfully
HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D60FB4F-4082-439C-BAB6-F0DFBAB99238} deleted successfully
HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4531649A-391C-4654-BA10-7E3EF4B6147E} deleted successfully
HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71D5553-AC01-4208-874D-C3E6256D43D} deleted successfully
HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8788C0FC-75E4-43EB-846A-88A169E1ABC8} deleted successfully
HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94AFA46-6420-4E30-9B2F-A357CD31D16A} deleted successfully
HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9880FC30-EBA4-47CE-9957-113B38806DAA} deleted successfully
HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C9F8531-5029-43A6-A6F2-B2F75425968} deleted successfully
HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0C5DA47-9D96-43E9-91ED-5146D7886C10} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\ensx4ttz.default-1412532628526

user.js not found
---- Lines Framed Display removed from prefs.js ----
user_pref("extensions.Framed Display.asul", "1412538724962");
user_pref("extensions.Framed Display.aul", "1412538399414");
user_pref("extensions.Framed Display.irl", true);
user_pref("extensions.Framed Display.is", "isgiwhBR");
user_pref("extensions.Framed Display.ug", "0C410D11-43ED-49EB-BE04-1868695FF79E");
---- Lines a975af9566d8c4897837a25c267d2cec1gmailcom64969 removed from prefs.js ----
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.975af956-6d8c-4897-837a-25c267d2cec1@gmail.coma975af9566d8c4897837a25c267d2
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.975af956-6d8c-4897-837a-25c267d2cec1@gmail.coma975af9566d8c4897837a25c267d2
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.975af956-6d8c-4897-837a-25c267d2cec1@gmail.comasyncdb_dbWasSet", true);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.975af956-6d8c-4897-837a-25c267d2cec1@gmail.comasyncdb_dbWasSet_FF25_FIX", t
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.975af956-6d8c-4897-837a-25c267d2cec1@gmail.comasyncinternaldb_dbWasSet", tr
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.975af956-6d8c-4897-837a-25c267d2cec1@gmail.comasyncinternaldb_dbWasSet_FF25
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.active", true);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.addressbar", "NA");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.addressbarenhanced", "");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.asyncdb.was_copied", "true");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.asyncinternaldb.was_copied", "true");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.backgroundver", 1);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.certdomaininstaller", "");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.changeprevious", false);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Ho
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.cookie.InstallationTime.value", "%221416260688%22");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hor
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22002082%22%2C%22sub_
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.description", "MediaPlayerEnhance Extension");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.domain", "");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.enablesearch", false);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.homepage", "");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.iframe", false);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.InstallationThankYouPage", false);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.InstallationTime", 1416260688);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__blacklist_domain.expiration", "Fri Feb 01 2030
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__global_rules.expiration", "Fri Feb 01 2030 00:0
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__global_rules.value", "%5B%7B%22rules%22%3A%7B%2
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__global_rules_verion.expiration", "Fri Feb 01 20
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__global_rules_verion.value", "3");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__last_daily_visit.expiration", "Tue Nov 18 2014
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__last_daily_visit.value", "1416262072897");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__last_impression_time.expiration", "Fri Feb 01 2
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__last_impression_time.value", "1416262375198");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__marketing_rules.expiration", "Fri Feb 01 2030 0
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__marketing_rules.value", "%7B%22rules%22%3A%5B%7
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__marketing_rules_verion.expiration", "Fri Feb 01
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__marketing_rules_verion.value", "48");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__pages_visited_count.expiration", "Fri Feb 01 20
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__pages_visited_count.value", "2");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__pagevies_count_18.10.2014.expiration", "Fri Nov
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__pagevies_count_18.10.2014.value", "5");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__sent_active.expiration", "Tue Nov 18 2014 02:07
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__sent_active.value", "true");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__total_impressions_today.expiration", "Tue Nov 1
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__total_impressions_today.value", "1");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__total_impressions_today_slider.expiration", "Tu
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__total_impressions_today_slider.value", "1");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__verions_data.expiration", "Tue Nov 18 2014 02:0
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.__ICM_DOWNLOADS__verions_data.value", "%7B%22global_rules_versio
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22install
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%221A9B6E
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22002082%22%2C%22
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22002082%22%
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:0
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.Resources_appVer.value", "19");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.Resources_nextCheck.expiration", "Tue Nov 18 2014 02:07:37 GMT-0
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.lastDailyReport", "1416261122388");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.lastUpdate", "1416261122206");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.manifesturl", "");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.name", "VideoMedia+Player_v2.3");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.newtab", "");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.opensearch", "");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.pluginsurl", "http://js.newonlinedemoserv.com/plugin/apps/64969/plugins/na/
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.pluginsversion", 14);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.publisher", "enter");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.searchstatus", 0);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.setnewtab", false);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.thankyou", "");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.updateinterval", 360);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.64969.ver", 19);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.apps", "64969");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.bic", "149bfbd9f295af30df8dbe9950398142");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.cid", 64969);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.firstrun", false);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.hadappinstalled", true);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.installationdate", 1416261116);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.modetype", "production");
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.reportInstall", true);
user_pref("extensions.a975af9566d8c4897837a25c267d2cec1gmailcom64969.statsDailyCounter", 1);
---- Lines awrigtdamonyahoocom65055 removed from prefs.js ----
user_pref("extensions.awrigtdamonyahoocom65055.65055.active", true);
user_pref("extensions.awrigtdamonyahoocom65055.65055.addressbar", "NA");
user_pref("extensions.awrigtdamonyahoocom65055.65055.addressbarenhanced", "");
user_pref("extensions.awrigtdamonyahoocom65055.65055.asyncdb.was_copied", "true");
user_pref("extensions.awrigtdamonyahoocom65055.65055.asyncinternaldb.was_copied", "true");
user_pref("extensions.awrigtdamonyahoocom65055.65055.backgroundver", 1);
user_pref("extensions.awrigtdamonyahoocom65055.65055.certdomaininstaller", "");
user_pref("extensions.awrigtdamonyahoocom65055.65055.changeprevious", false);
user_pref("extensions.awrigtdamonyahoocom65055.65055.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)"
user_pref("extensions.awrigtdamonyahoocom65055.65055.cookie.InstallationTime.value", "%221416260669%22");
user_pref("extensions.awrigtdamonyahoocom65055.65055.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)")
user_pref("extensions.awrigtdamonyahoocom65055.65055.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22002143%22%2C%22sub_id%22%3A%22verticals-%
user_pref("extensions.awrigtdamonyahoocom65055.65055.description", "Enhancing browsing experience");
user_pref("extensions.awrigtdamonyahoocom65055.65055.domain", "");
user_pref("extensions.awrigtdamonyahoocom65055.65055.enablesearch", false);
user_pref("extensions.awrigtdamonyahoocom65055.65055.homepage", "");
user_pref("extensions.awrigtdamonyahoocom65055.65055.iframe", false);
user_pref("extensions.awrigtdamonyahoocom65055.65055.InstallationThankYouPage", false);
user_pref("extensions.awrigtdamonyahoocom65055.65055.InstallationTime", 1416260669);
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do B
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)");
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22DD4B47F
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22DD4B47F66DCC4AE085EB40D35928
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasi
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22002143%22%2C%22sub_id%22%3A%22vertica
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22002143%22%2C%22sub_id%22%3A%22ve
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora of
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22DD4B47F66DCC4AE085E
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Bras
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_appVer.value", "22");
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_lastVersion.value", "2");
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_nextCheck.expiration", "Tue Nov 18 2014 01:52:10 GMT-0200 (Hora oficial do B
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasi
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.awrigtdamonyahoocom65055.65055.lastDailyReport", "1416261121045");
user_pref("extensions.awrigtdamonyahoocom65055.65055.lastUpdate", "1416261120579");
user_pref("extensions.awrigtdamonyahoocom65055.65055.manifesturl", "");
user_pref("extensions.awrigtdamonyahoocom65055.65055.name", "Browsers+Apps+1.1");
user_pref("extensions.awrigtdamonyahoocom65055.65055.newtab", "");
user_pref("extensions.awrigtdamonyahoocom65055.65055.opensearch", "");
user_pref("extensions.awrigtdamonyahoocom65055.65055.pluginsurl", "http://js.newonlinedemoserv.com/plugin/apps/65055/plugins/na/ff/plugins.json");
user_pref("extensions.awrigtdamonyahoocom65055.65055.pluginsversion", 17);
user_pref("extensions.awrigtdamonyahoocom65055.65055.publisher", "app");
user_pref("extensions.awrigtdamonyahoocom65055.65055.searchstatus", 0);
user_pref("extensions.awrigtdamonyahoocom65055.65055.setnewtab", false);
user_pref("extensions.awrigtdamonyahoocom65055.65055.thankyou", "");
user_pref("extensions.awrigtdamonyahoocom65055.65055.updateinterval", 360);
user_pref("extensions.awrigtdamonyahoocom65055.65055.ver", 22);
user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comasyncdb_dbWasSet", true);
user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comawrigtdamonyahoocom65055_dbWasSet", true);
user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comawrigtdamonyahoocom65055_dbWasSet_FF25_FIX", true);
user_pref("extensions.awrigtdamonyahoocom65055.apps", "65055");
user_pref("extensions.awrigtdamonyahoocom65055.bic", "149bfbd9f295af30df8dbe9950398142");
user_pref("extensions.awrigtdamonyahoocom65055.cid", 65055);
user_pref("extensions.awrigtdamonyahoocom65055.firstrun", false);
user_pref("extensions.awrigtdamonyahoocom65055.hadappinstalled", true);
user_pref("extensions.awrigtdamonyahoocom65055.installationdate", 1416261116);
user_pref("extensions.awrigtdamonyahoocom65055.modetype", "production");
user_pref("extensions.awrigtdamonyahoocom65055.reportInstall", true);
user_pref("extensions.awrigtdamonyahoocom65055.statsDailyCounter", 1);
---- Lines Search modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{338950EA-82DB-44C1-930D-0C28E023C9F0}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_012015_2232_.backup

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\extensions

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_012015_2232_.backup

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\se6rb103.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_012015_2232_.backup

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\Users\Haroldo\AppData\Roaming\WB.CFG deleted
C:\Users\Haroldo\AppData\Roaming\386F.tmp deleted
C:\Users\Haroldo\AppData\Roaming\5EF2.tmp deleted
C:\Users\Haroldo\AppData\Roaming\6EAB.tmp deleted
C:\Users\Haroldo\AppData\Roaming\C1F8.tmp deleted
C:\Users\Haroldo\AppData\Roaming\DA0A.tmp deleted
C:\Users\Haroldo\AppData\Roaming\E744.tmp deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Haroldo\AppData\LocalLow\OnLineTV Toolbar deleted
C:\Users\Haroldo\AppData\LocalLow\Company deleted
C:\Users\Haroldo\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} deleted
C:\Users\Haroldo\AppData\LocalLow\{FAECC00E-8025-47C7-94A5-DCC838C392A1} deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Haroldo\Documents\Add-in Express deleted
C:\Users\Haroldo\Desktop\VDownloader - Atalho.lnk deleted
"C:\Users\Haroldo\AppData\Roaming\MHQCVUMW" deleted
"C:\Users\Haroldo\AppData\Roaming\UBTTOC" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Haroldo\AppData\Local\Temp ====
2015-01-12 23:59:20 97511FE2CA09CC2E06C3CD6519C3494E 43008 ----a-w- C:\Users\Haroldo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyoz2mb.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2014-12-28 15:57:02 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task
2014-12-17 16:00:10 B9F64BD4188EAEB656C2CC401011E30B 3286 ----a-w- C:\Windows\Sysnative\Tasks\avastBCLRestartS-1-5-21-1335456900-3083802626-1046228050-1000
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-01-09 16:00:59 -------- d-----w- C:\PROGRA~2\SendSpace
======= C: =====
====== C:\Users\Haroldo\AppData\Roaming ======
====== C:\Users\Haroldo ======
2015-01-09 14:13:51 1D52BA6FE6E435CE9E9C801D2B175936 2124288 ----a-w- C:\Users\Haroldo\Downloads\FRST64 (2).exe
2015-01-09 14:06:12 1D52BA6FE6E435CE9E9C801D2B175936 2124288 ----a-w- C:\Users\Haroldo\Downloads\FRST64 (1).exe

====== C: exe-files ==
2015-01-09 16:01:01 4D7AC0105C6BB831F7829AC05CDED075 55318 ----a-w- C:\Program Files (x86)\SendSpace\Wizard\Uninstall.exe
2015-01-09 14:13:51 1D52BA6FE6E435CE9E9C801D2B175936 2124288 ----a-w- C:\Users\Haroldo\Downloads\FRST64 (2).exe
2015-01-09 14:06:12 1D52BA6FE6E435CE9E9C801D2B175936 2124288 ----a-w- C:\Users\Haroldo\Downloads\FRST64 (1).exe
=== C: other files ==
2015-01-09 16:01:56 E03CE09DF47EDB8FFC0D9669C447CC2D 7637059 ----a-w- C:\Users\Haroldo\AppData\Roaming\SendSpace Wizard\new_version.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe -osboot"
"RealDownloader"="C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\652143F2D399EC200742314067EC40FA4555A1AF._service_run]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="652143F2D399EC200742314067EC40FA4555A1AF._service_run"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpqSRMon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpqSRMon"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Default Manager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Microsoft Default Manager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft\\Search Enhancement Pack\\Default Manager\\DefMgr.exe\" -resume"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSN Toolbar]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSN Toolbar"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\MSN Toolbar\\Platform\\4.0.0357.1\\mswinext.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM.EXE"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PowerISO\\PWRISOVM.EXE -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sidebar"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Windows Sidebar\\sidebar.exe\" /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TkBellExe"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Real\\RealPlayer\\update\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VDownloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VDownloader"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\VDownloader\\VDownloader.exe\" /silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"item"="HP Digital Imaging Monitor"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HP\\DIGITA~1\\bin\\hpqtra08.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Haroldo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"item"="Dropbox"
"path"="C:\\Users\\Haroldo\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Haroldo\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Haroldo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hpqtra08.exe]
"item"="hpqtra08"
"path"="C:\\Users\\Haroldo\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hpqtra08.exe"
"backup"="C:\\Windows\\pss\\hpqtra08.exe.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Haroldo\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hpqtra08.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Haroldo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IDriveSync.lnk]
"item"="IDriveSync"
"path"="C:\\Users\\Haroldo\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\IDriveSync.lnk"
"backup"="C:\\Windows\\pss\\IDriveSync.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Haroldo\\AppData\\Roaming\\IDriveSync\\IDriveSyncTray.exe"

==== Startup Folders ======================

2014-11-17 12:30:38 1143 ----a-w- C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2014-09-03 21:50:47 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
2014-10-04 04:05:04 1252 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:8@C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17/10/2014 02:32]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17/10/2014 02:32]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\avastBCLRestartS-1-5-21-1335456900-3083802626-1046228050-1000" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\RealDownloader Update Check" [C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe]
"C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1335456900-3083802626-1046228050-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1335456900-3083802626-1046228050-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1335456900-3083802626-1046228050-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1335456900-3083802626-1046228050-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1335456900-3083802626-1046228050-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-1335456900-3083802626-1046228050-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-1335456900-3083802626-1046228050-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Haroldo" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{0BD50AA7-8FA6-4B84-AE8D-20722FFDE1E8}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{4BDC415D-5AA1-4B55-B654-C45DFA371C0C}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\{9F2307BA-2CCE-4206-8B8C-7F01281A2398}" [C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe]
"C:\Windows\SysNative\tasks\{A97A1B26-1984-4993-96A6-5FB5E197C8F6}" [C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe]
"C:\Windows\SysNative\tasks\{EC091AFA-D315-4214-AA0D-1FC7311011C9}" [C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Nero\Nero Info" [C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\ensx4ttz.default-1412532628526
user_pref("browser.newtab.url", "");
user_pref("keyword.URL", "");

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\extensions
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\se6rb103.default
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{338950EA-82DB-44C1-930D-0C28E023C9F0}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [17/11/2014 12:43]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Haroldo\AppData\Roaming\mozilla\firefox\Profiles\ensx4ttz.default-1412532628526
- Undetermined - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Undetermined - {87F8774F-B485-47E2-A755-A40A8A5E886D}
- Flash Video Downloader - YouTube Full HD Download - %ProfilePath%\extensions\artur.dubovoy@gmail.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526
6C5C8D59CF0FAB004AB572F4F11BC5E0 - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
9860727E477F17B88E39AF8B69B0407A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
ECAA8B7CFE5AF18BFAB1F7D2AB731E4D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit)
E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
D006D3FEB1F62EB274A42FDDD008985C - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal

Profilepath: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\se6rb103.default
6C5C8D59CF0FAB004AB572F4F11BC5E0 - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
ECAA8B7CFE5AF18BFAB1F7D2AB731E4D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit)
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
D006D3FEB1F62EB274A42FDDD008985C - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Haroldo\AppData\Local\Google\Chrome SxS deleted

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17/11/2014 19:54]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Haroldo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[27/07/2014 03:37]

Google Docs - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
Gmail - Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://google.com"
"Search Bar"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://google.com"
"Default_Search_URL"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://google.com"
"Default_Search_URL"="http://google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
@="http://www.oquefazernainternet.com/q/%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://google.com"
"CustomizeSearch"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://google.com"
"CustomizeSearch"="http://google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1335456900-3083802626-1046228050-1000\Software\Mozilla\Firefox\Extensions\smartwebprinting@hp.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\smartwebprinting@hp.com deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Haroldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Haroldo\AppData\Local\Mozilla\Firefox\Profiles\ensx4ttz.default-1412532628526\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=355 folders=106 14385369 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Users\Haroldo\AppData\Local\Temp will be emptied at reboot
C:\Users\Usuário Padrão\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Haroldo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 12/01/2015 at 23:19:05.52 ======================

por **joram** Ter 13 Jan 2015, 07:45

/!\ Bom Dia! pamonha /!\

> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema

> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?

A+

por Conteúdo patrocinado

Impossibilidade de baixar Adobe Flash Player

Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

IMPOSSIBILIDADE DE BAIXAR ADOBE FLASH PLAYER

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

IMPOSSIBILIDADE DE BAIXAR ADOBE FLASH PLAYER

IMPOSSIBILIDADE DE BAIXAR ADOBE FLASH PLAYER

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

IMPOSSIBILIDADE DE BAIXAR ADOBE FLASH PLAYER

Re: Impossibilidade de baixar Adobe Flash Player

IMPOSSIBILIDADE DE BAIXAR ADOBE FLASH PLAYER

Re: Impossibilidade de baixar Adobe Flash Player

Re: Impossibilidade de baixar Adobe Flash Player

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31