Estou recebendo emails da minha própria conta.

por Alencarina Sáb 13 Dez 2014, 23:31

Há alguns dias venho recebendo email e o remetente com o meu nome, não sei como isso acontece, passo o avast e não aponta nada, será que aqui consigo solução pra esse problema? Também estou com problema de duplo clique no mouse, já troquei mas continua, acho que não é o mouse, uso note e é usb, já tentei mudar de entrada e o problema permanece.
Agradeço a atenção.

por **joram** Dom 14 Dez 2014, 10:53

Bom Dia! Alencarina

> Seus problemas podem não estar associados à vírus.

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

por Alencarina Dom 14 Dez 2014, 13:23

Oi, baixei o de 32 mas quando clico em executar ele mostra a tela de clicar em scan e some imediatamente. Não consigo colocar pra funcionar.

por Alencarina Dom 14 Dez 2014, 13:39

O explorer reiniciou e ele funcionou

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-12-2014
Ran by Rilly at 2014-12-14 12:38:14
Running from C:\Users\Rilly\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis (HKLM\...\{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}) (Version: 15.4.5722.2 - Microsoft Corporation)
µTorrent (HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Assistente de Conexão do Windows Live (HKLM\...\{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}) (Version: 5.000.818.5 - Microsoft Corporation)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
BatteryLifeExtender (HKLM\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.3.0.110 - Atheros Communications)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink Media Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
E-POP (HKLM\...\{75282161-8CAC-4071-A225-EBC95E43C7F3}) (Version: 1.00.0000 - Samsung)
ETDWare PS/2-X86 10.7.14.12_WHQL (HKLM\...\Elantech) (Version: 10.7.14.12 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
faceBot Extreme (HKLM\...\{1CD9CE20-C5DE-4778-9E75-5014540F0F54}) (Version: 3036 - RadicalLinux Developments)
Fast Start (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
Ferramenta de Carregamento do Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Google Chrome (HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Lightshot-5.1.4.9 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.9 - Skillbrains)
Malwarebytes Anti-Malware versão 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office com Clique para Executar 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edição 2003 (HKLM\...\{90110416-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Starter 2010 - Português (Brasil) (HKLM\...\{90140011-0066-0416-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850416-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Módulo de Segurança - Banco do Brasil (HKLM\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.11.0.1 - )
Mozilla Firefox 33.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 33.1 (x86 pt-BR)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.5 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.5 - MPC-HC Team)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Multimedia POP (HKLM\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Pacote de Compatibilidade para o sistema Office 2007 (HKLM\...\{90120000-0020-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Photo! Editor 1.1 (HKLM\...\PhotoToolkit_is1) (Version: - )
PhotoFiltre 7 (HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\PhotoFiltre 7) (Version: - )
PhotoScape (HKLM\...\PhotoScape) (Version: - )
PrismaTV Ver. 1.1.3.0 (HKLM\...\PrismaTV Ver. 1.1.3.0) (Version: Ver. 1.1.3.0 - HS Solution)
RealDownloader (Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.11 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.8 - Samsung)
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.7 - )
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Visualizador do Microsoft PowerPoint (HKLM\...\{95140000-00AF-0416-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX kontrola za daljinske veze (HKLM\...\{8985AE5E-622A-4980-8BF8-0A1830643220}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem (HKLM\...\{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤 (HKLM\...\{61920449-0393-4707-B7DD-E6C0013C8B2C}) (Version: 15.4.5722.2 - Microsoft Corporation)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rilly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Rilly\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Rilly\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Rilly\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Rilly\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Rilly\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Rilly\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Rilly\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rilly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rilly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rilly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rilly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rilly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rilly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rilly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rilly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

12-11-2014 22:07:28 Ponto de Verificação Agendado
25-11-2014 21:31:49 Ponto de Verificação Agendado
06-12-2014 16:49:40 Ponto de Verificação Agendado

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:04 - 2014-09-25 21:08 - 00000841 ____N C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00C53DA7-21E6-4243-8D12-7F3C9D9A7A12} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)
Task: {058DDF7C-62F4-47C0-B585-53DC76514B62} - System32\Tasks\avast! Emergency Update => C:\Avast_internet_security\AvastEmUpdate.exe [2014-07-10] (AVAST Software)
Task: {20C97978-5B8B-4799-B2F6-4196E956389E} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-17] (Samsung Electronics. Co. Ltd.)
Task: {274C196B-D6F2-48E7-8830-CC483F302EE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-04] (Google Inc.)
Task: {27512A8B-4F45-48B6-9F28-41ECAB5F5401} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1416997274-2508555047-1895319657-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-06-10] (RealNetworks, Inc.)
Task: {337AEEF9-456E-4F2A-BB49-B8DF1D50B181} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: {3B7C9E91-CFE9-4C08-A8CB-F54AC4FA5CC3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1416997274-2508555047-1895319657-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.)
Task: {3C581461-1B02-4463-BA4B-6F16938F0614} - System32\Tasks\{9CDA8024-60DD-4E04-AB37-2F29CA301898} => Chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Task: {3CD801A8-EC8E-44B9-B1E7-09F29E3CDB02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-04] (Google Inc.)
Task: {5EC68D44-83C1-449B-9D7D-82151CBAA8A7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1416997274-2508555047-1895319657-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {67ADF5F4-6492-4F2B-903B-D307928C1A89} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {755393E5-597C-4683-8995-3CD071A92530} - System32\Tasks\Driver Booster SkipUAC (SISTEMA) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {7ABC475C-A7A2-4CB7-9D7F-BA92EA087635} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {88C93CB1-F384-4FE9-9287-E570A1236806} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-01] (Samsung Electronics)
Task: {91D5C0B4-3DBF-49F1-AB3E-892BA2737486} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {9C1C4D37-13AA-4E07-B8A1-0A30D8990B16} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1416997274-2508555047-1895319657-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A16DB9E6-2CBC-40D5-95BD-46568CC47BC9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1416997274-2508555047-1895319657-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.)
Task: {B305A941-D022-45A9-A302-8309A105421C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core => C:\Users\Rilly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21] (Google Inc.)
Task: {B84EABF8-15B9-4B60-950B-B0E5B1EA8CE4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA => C:\Users\Rilly\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21] (Google Inc.)
Task: {B88AA933-9890-4D05-8DE7-E813DA256594} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics)
Task: {BD205677-3424-49B4-82F0-E21FAF72BA3B} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {BD3142AD-6CD8-4DF1-9CDF-E743056E16CC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-31] (Facebook Inc.)
Task: {CE0F4B08-F5DC-466B-9CAD-1052567DD474} - System32\Tasks\update-S-1-5-21-1416997274-2508555047-1895319657-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: {D513D6C2-187F-48C2-8118-E58AD0C23A68} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {E5CA384F-BE62-4A98-9127-D18F0CCA45A8} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {E627B1EE-3C6A-45C6-ABBD-25B6C0374E49} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E6523757-F1DA-46ED-86E2-B290FCAF9229} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {ED9FD4E9-89E4-4981-AEC1-0E3CA493DCD2} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {EF73B3D7-F3F2-4454-BA83-DC76417B4B67} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-31] (Facebook Inc.)
Task: {F4FD6383-926F-4E3E-995D-F2730D5AFE67} - System32\Tasks\WifiManager => C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {F77F4403-6336-4FA6-B8C2-1EFC942147EA} - System32\Tasks\{D140B47F-D76D-4A54-871A-764266ABA1B0} => Chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Task: {F85F615E-A573-41D5-AEC6-627B668DBAF1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {FFC425B8-F97D-454F-B88D-3187FEF04ED0} - System32\Tasks\MovieColorEnhancer => C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA.job => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job => C:\Users\Rilly\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA.job => C:\Users\Rilly\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\update-S-1-5-21-1416997274-2508555047-1895319657-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2014-07-10 15:17 - 2014-07-10 15:17 - 00301152 _____ () C:\Avast_internet_security\aswProperty.dll
2014-12-14 09:07 - 2014-12-14 09:07 - 02908160 _____ () C:\Avast_internet_security\defs\14121400\algo.dll
2011-12-15 15:36 - 2008-06-04 20:53 - 00026624 _____ () C:\windows\System32\spd__l.dll
2014-06-10 17:50 - 2014-06-10 17:50 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-12 15:45 - 2014-07-12 15:45 - 00861784 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-06-26 00:43 - 2014-06-26 00:43 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2011-12-14 23:32 - 2009-12-01 04:21 - 00244904 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2011-12-14 23:38 - 2010-07-05 07:42 - 00203776 _____ () C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
2014-07-10 15:17 - 2014-07-10 15:17 - 19329904 _____ () C:\Avast_internet_security\libcef.dll
2014-10-21 21:22 - 2014-10-21 21:22 - 00750080 _____ () C:\Users\Rilly\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-14 09:37 - 2014-12-14 09:37 - 00043008 _____ () c:\users\rilly\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr12fgf.dll
2014-10-21 21:22 - 2014-10-21 21:22 - 00047616 _____ () C:\Users\Rilly\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 21:22 - 2014-10-21 21:22 - 00863744 _____ () C:\Users\Rilly\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 21:22 - 2014-10-21 21:22 - 00200704 _____ () C:\Users\Rilly\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-12-14 23:37 - 2006-08-12 00:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-12-12 22:05 - 2014-12-05 22:50 - 01077064 _____ () C:\Users\Rilly\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 22:05 - 2014-12-05 22:50 - 00211272 _____ () C:\Users\Rilly\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 22:05 - 2014-12-05 22:50 - 09009480 _____ () C:\Users\Rilly\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 22:05 - 2014-12-05 22:50 - 01677128 _____ () C:\Users\Rilly\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2011-12-14 23:45 - 2010-05-07 11:22 - 01636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
2011-12-15 15:36 - 2010-10-21 15:24 - 00557056 _____ () C:\windows\system32\SnMinDrv.dll
2013-01-12 22:34 - 2008-09-02 11:29 - 00098304 _____ () C:\Program Files\Photo!\Photo! Editor\IvBar\ivbshlext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows\System32:73713C19_Bb.gbp
AlternateDataStreams: C:\windows\system32\drivers:GbpKmAp.lst
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Rilly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: AthBtTray => "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Rilly\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: LightShot => C:\Users\Rilly\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Sidebar => "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrador (S-1-5-21-1416997274-2508555047-1895319657-500 - Administrator - Disabled)
Convidado (S-1-5-21-1416997274-2508555047-1895319657-501 - Limited - Disabled)
Rilly (S-1-5-21-1416997274-2508555047-1895319657-1000 - Administrator - Enabled) => C:\Users\Rilly

==================== Faulty Device Manager Devices =============

Name: Adaptador do Microsoft ISATAP
Description: Adaptador do Microsoft ISATAP
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Adaptador do Microsoft ISATAP #3
Description: Adaptador do Microsoft ISATAP
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Adaptador do Microsoft ISATAP #4
Description: Adaptador do Microsoft ISATAP
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2014 00:35:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17567, carimbo de hora: 0x4d6727a7
Nome do módulo de falhas: DropboxExt.24.dll, versão: 1.0.0.24, carimbo de hora: 0x53a8c6fe
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0000732b
Identificação do processo com falha: 0xb70
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
FCaminho do módulo de falhas: Explorer.EXE2
Identificação do Relatório: Explorer.EXE3

Error: (12/14/2014 09:35:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 09:06:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2014 11:04:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: faceBot Extreme.exe, versão: 3.0.3.6, carimbo de hora: 0x533f6e2a
Nome do módulo de falhas: KERNELBASE.dll, versão: 6.1.7601.18409, carimbo de hora: 0x531599f6
Código de exceção: 0xc0020001
Deslocamento com falha: 0x0000812f
Identificação do processo com falha: 0x1724
Hora de início do aplicativo com falha: 0xfaceBot Extreme.exe0
Caminho do aplicativo com falha: faceBot Extreme.exe1
FCaminho do módulo de falhas: faceBot Extreme.exe2
Identificação do Relatório: faceBot Extreme.exe3

Error: (12/13/2014 10:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17567, carimbo de hora: 0x4d6727a7
Nome do módulo de falhas: DropboxExt.24.dll, versão: 1.0.0.24, carimbo de hora: 0x53a8c6fe
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0000732b
Identificação do processo com falha: 0xf84
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
FCaminho do módulo de falhas: Explorer.EXE2
Identificação do Relatório: Explorer.EXE3

Error: (12/13/2014 11:17:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2014 09:53:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2014 04:44:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Somente informações.
Error: A conexão com o servidor foi interrompida de modo anormal
ErrorCode: 14007(0x36b7).

Error: (12/12/2014 04:29:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 07:56:00 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Somente informações.
Error: A conexão com o servidor foi interrompida de modo anormal
ErrorCode: 14007(0x36b7).

System errors:
=============
Error: (12/14/2014 09:57:07 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "WORKGROUP :1d" não pôde ser registrado na interface com o endereço IP 192.168.1.10.
O computador de endereço IP 192.168.1.9 não permitiu que o nome fosse reivindicado por
este computador.

Error: (12/14/2014 09:35:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\windows\system32\athihvs.dll
Código de Erro: 126

Error: (12/14/2014 09:05:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\windows\system32\athihvs.dll
Código de Erro: 126

Error: (12/13/2014 11:16:37 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\windows\system32\athihvs.dll
Código de Erro: 126

Error: (12/13/2014 09:51:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\windows\system32\athihvs.dll
Código de Erro: 126

Error: (12/12/2014 11:56:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}

Error: (12/12/2014 04:27:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\windows\system32\athihvs.dll
Código de Erro: 126

Error: (12/11/2014 07:35:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\windows\system32\athihvs.dll
Código de Erro: 126

Error: (12/10/2014 04:35:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Windows Search suspenso ao iniciar.

Error: (12/10/2014 04:26:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\windows\system32\athihvs.dll
Código de Erro: 126

Microsoft Office Sessions:
=========================
Error: (12/14/2014 00:35:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7DropboxExt.24.dll1.0.0.2453a8c6fec00000050000732bb7001d0179a6e800d4aC:\windows\Explorer.EXEC:\Users\Rilly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dlld928f97f-83a6-11e4-b431-e81132aab714

Error: (12/14/2014 09:35:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 09:06:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2014 11:04:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: faceBot Extreme.exe3.0.3.6533f6e2aKERNELBASE.dll6.1.7601.18409531599f6c00200010000812f172401d0173dd0323b4cC:\faceBot_Extreme\faceBot Extreme.exeC:\windows\system32\KERNELBASE.dll80a83eca-8335-11e4-9125-e81132aab714

Error: (12/13/2014 10:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7DropboxExt.24.dll1.0.0.2453a8c6fec00000050000732bf8401d016df71254532C:\windows\Explorer.EXEC:\Users\Rilly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll4f7b5f82-832e-11e4-9125-e81132aab714

Error: (12/13/2014 11:17:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2014 09:53:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2014 04:44:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: A conexão com o servidor foi interrompida de modo anormal
ErrorCode: 14007(0x36b7).

Error: (12/12/2014 04:29:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2014 07:56:00 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: A conexão com o servidor foi interrompida de modo anormal
ErrorCode: 14007(0x36b7).

CodeIntegrity Errors:
===================================
Date: 2014-11-08 14:24:53.863
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-08 14:24:53.725
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-08 13:39:45.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-08 13:39:44.889
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-08 13:11:08.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-08 13:11:08.697
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-08 12:35:09.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-08 12:35:09.041
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-08 12:27:58.650
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-08 12:27:58.500
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 84%
Total physical RAM: 1908.56 MB
Available physical RAM: 289.49 MB
Total Pagefile: 3817.13 MB
Available Pagefile: 1507.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:180 GB) (Free:96.96 GB) NTFS
Drive d: () (Fixed) (Total:267.8 GB) (Free:245.81 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

por Alencarina Dom 14 Dez 2014, 13:40

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by Rilly (administrator) on RILLY-PC on 14-12-2014 12:36:51
Running from C:\Users\Rilly\Downloads
Loaded Profile: Rilly (Available profiles: Rilly)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Português (Brasil)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files\GbPlugin\GbpSv.exe
(AVAST Software) C:\Avast_internet_security\AvastSvc.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Banco Bradesco S.A.) C:\Program Files\Scpad\scpVista.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(AVAST Software) C:\Avast_internet_security\avastui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Skillbrains) C:\Users\Rilly\AppData\Local\Skillbrains\lightshot\5.1.4.9\Lightshot.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Dropbox, Inc.) C:\Users\Rilly\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Avast_internet_security\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296520 2014-07-12] (RealNetworks, Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\Run: [Google Update] => C:\Users\Rilly\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-21] (Google Inc.)
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\Run: [LightShot] => C:\Users\Rilly\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\Winlogon: [Shell] C:\windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Rilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rilly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Banco Bradesco S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Avast_internet_security\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> DefaultScope Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> URL [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> SuggestionsURL_JSON [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Avast_internet_security\aswWebRepIE.dll (AVAST Software)
BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Rilly\AppData\Roaming\Mozilla\Firefox\Profiles\t7h700yr.default
FF DefaultSearchEngine: Wikipedia (pt)
FF DefaultSearchUrl: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF SelectedSearchEngine: Wikipedia (pt)
FF Homepage: about:home
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @real.com/nppl3260;version=17.0.11.7 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.11.7 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1416997274-2508555047-1895319657-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Rilly\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1416997274-2508555047-1895319657-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1416997274-2508555047-1895319657-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1416997274-2508555047-1895319657-1000: gastecnologia.com.br/sf/bb -> C:\Users\Rilly\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo_ff.xml
FF Extension: leethax.net extension - C:\Users\Rilly\AppData\Roaming\Mozilla\Firefox\Profiles\t7h700yr.default\Extensions\leethax@leethax.net.xpi [2013-04-13]
FF Extension: Greasemonkey - C:\Users\Rilly\AppData\Roaming\Mozilla\Firefox\Profiles\t7h700yr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-29]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Avast_internet_security\WebRep\FF
FF Extension: avast! Online Security - C:\Avast_internet_security\WebRep\FF [2014-04-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-12]
FF HKLM\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Rilly\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Rilly\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-08-29]
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E886C} [Not Found]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "https://www.google.com.br/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-24]
CHR Extension: (Google Drive) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-21]
CHR Extension: (Adblock Plus) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-24]
CHR Extension: (Pesquisa do Google) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-21]
CHR Extension: (Circles Share) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-12-14]
CHR Extension: (Tampermonkey) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-05-26]
CHR Extension: (Hola Uma Internet Melhor) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-12-14]
CHR Extension: (Avast Online Security) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-24]
CHR Extension: (RealPlayer Downloader) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-07]
CHR Extension: (Skype Click to Call) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-24]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2014-08-29]
CHR Extension: (Google Wallet) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Click&Clean App) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-12-14]
CHR Extension: (Gmail) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Avast_internet_security\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [76960 2011-06-15] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Avast_internet_security\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GbpSv; C:\Program Files\GbPlugin\GbpSv.exe [546104 2014-07-21] (GAS Tecnologia)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-12] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-26] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 scpVista; C:\Program Files\Scpad\scpVista.exe [360624 2012-10-24] (Banco Bradesco S.A.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-10] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-10] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-10] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-11-21] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-10] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-10] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-10] ()
R3 AthBTPort; C:\windows\System32\DRIVERS\btath_flt.sys [35488 2011-06-15] (Atheros)
R3 BTATH_A2DP; C:\windows\System32\drivers\btath_a2dp.sys [226976 2011-06-15] (Atheros)
R3 btath_avdt; C:\windows\System32\drivers\btath_avdt.sys [97440 2011-06-15] (Atheros)
R3 BTATH_BUS; C:\windows\System32\DRIVERS\btath_bus.sys [24736 2011-06-15] (Atheros)
R3 BTATH_HCRP; C:\windows\System32\DRIVERS\btath_hcrp.sys [147104 2011-06-15] (Atheros)
R3 BTATH_LWFLT; C:\windows\System32\DRIVERS\btath_lwflt.sys [52384 2011-06-15] (Atheros)
R3 BTATH_RCP; C:\windows\System32\DRIVERS\btath_rcp.sys [266272 2011-06-15] (Atheros)
R3 BtFilter; C:\windows\System32\DRIVERS\btfilter.sys [250528 2011-06-15] (Atheros)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [222544 2012-04-25] (ELAN Microelectronics Corp.)
R0 GbpKm; C:\windows\System32\drivers\gbpkm.sys [47192 2014-07-21] (GAS Tecnologia)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-11-30] (Malwarebytes Corporation)
R1 ndisrd; C:\windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-08-22] (GAS Tecnologia)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2012-02-27] (Windows (R) 2003 DDK 3790 provider)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [33608 2014-04-09] (The OpenVPN Project)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 12:36 - 2014-12-14 12:37 - 00023903 _____ () C:\Users\Rilly\Downloads\FRST.txt
2014-12-14 12:36 - 2014-12-14 12:37 - 00000000 ____D () C:\FRST
2014-12-14 12:18 - 2014-12-14 12:18 - 02119168 _____ (Farbar) C:\Users\Rilly\Downloads\FRST64.exe
2014-12-14 12:18 - 2014-12-14 12:18 - 00001393 _____ () C:\Users\Rilly\Desktop\FRST64 - Atalho.lnk
2014-12-14 12:14 - 2014-12-14 12:23 - 00001373 _____ () C:\Users\Rilly\Desktop\FRST - Atalho.lnk
2014-12-14 12:12 - 2014-12-14 12:12 - 01111552 _____ (Farbar) C:\Users\Rilly\Downloads\FRST.exe
2014-12-02 23:35 - 2014-12-03 00:21 - 00004087 _____ () C:\windows\WindowsUpdate.log
2014-12-01 16:28 - 2014-12-14 09:35 - 00000952 _____ () C:\windows\setupact.log
2014-12-01 16:28 - 2014-12-01 16:28 - 00000000 _____ () C:\windows\setuperr.log
2014-11-22 21:11 - 2014-11-22 21:20 - 779221080 _____ () C:\Users\Rilly\Downloads\wetransfer-d9d9d9.zip
2014-11-22 20:11 - 2014-11-22 20:11 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-19 22:14 - 2014-11-19 22:32 - 00000000 ____D () C:\Users\Rilly\Downloads\About Time [2013]BRRip XviD-SaM[ETRG]
2014-11-19 22:14 - 2014-11-19 22:30 - 733429132 ____R () C:\Users\Rilly\Desktop\About Time [2013]BRRip XviD-SaM[ETRG].avi
2014-11-19 22:13 - 2014-11-19 22:13 - 00043083 _____ () C:\Users\Rilly\Downloads\About.Time.2013.BRRip.BDRip.BluRay (1).zip
2014-11-19 22:12 - 2014-11-19 22:14 - 00000022 _____ () C:\Users\Rilly\Downloads\About.Time.2013.BRRip.BDRip.BluRay.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 12:36 - 2012-08-25 19:08 - 00000902 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 12:35 - 2014-10-13 22:15 - 00000000 ____D () C:\Users\Rilly\AppData\Local\CrashDumps
2014-12-14 12:16 - 2009-07-14 01:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 12:16 - 2009-07-14 01:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 12:09 - 2013-06-04 17:16 - 00001058 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 11:56 - 2013-08-31 23:51 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA.job
2014-12-14 11:55 - 2012-07-21 18:20 - 00001078 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA.job
2014-12-14 10:43 - 2014-09-21 09:16 - 00000376 _____ () C:\windows\Tasks\update-sys.job
2014-12-14 09:59 - 2014-09-21 09:16 - 00000376 _____ () C:\windows\Tasks\update-S-1-5-21-1416997274-2508555047-1895319657-1000.job
2014-12-14 09:37 - 2013-11-25 18:49 - 00000000 ___RD () C:\Users\Rilly\Dropbox
2014-12-14 09:37 - 2013-11-25 18:46 - 00000000 ____D () C:\Users\Rilly\AppData\Roaming\Dropbox
2014-12-14 09:35 - 2009-07-14 01:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-13 23:56 - 2013-08-31 23:51 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job
2014-12-13 23:03 - 2014-06-19 16:21 - 00000000 ____D () C:\faceBot_Extreme
2014-12-13 20:55 - 2012-07-21 18:20 - 00001026 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job
2014-12-12 22:05 - 2013-12-20 19:49 - 00002328 _____ () C:\Users\Rilly\Desktop\Google Chrome.lnk
2014-12-11 19:41 - 2013-11-25 18:49 - 00000979 _____ () C:\Users\Rilly\Desktop\Dropbox.lnk
2014-12-11 19:41 - 2013-11-25 18:47 - 00000000 ____D () C:\Users\Rilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-10 16:36 - 2012-08-25 19:08 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-12-10 16:36 - 2012-08-25 19:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 16:31 - 2013-03-25 10:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-04 16:22 - 2014-04-07 01:40 - 00000000 ____D () C:\Avast_internet_security
2014-11-30 08:26 - 2014-05-04 01:43 - 00000000 ____D () C:\Users\Rilly\AppData\Roaming\uTorrent
2014-11-30 08:22 - 2012-08-15 19:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-30 08:18 - 2014-02-21 18:42 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2014-11-24 20:45 - 2014-08-22 20:20 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-11-21 20:43 - 2014-08-06 21:26 - 00003114 _____ () C:\Users\Rilly\Documents\Receitas.txt
2014-11-21 16:23 - 2014-04-07 01:41 - 00779536 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-11-21 16:17 - 2009-07-14 01:53 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-11-20 20:17 - 2013-08-29 11:33 - 00585728 ____H () C:\Users\Rilly\Downloads\photothumb.db
2014-11-20 20:16 - 2014-08-04 23:02 - 00007168 ____H () C:\Users\Rilly\Desktop\photothumb.db
2014-11-20 20:16 - 2013-08-31 22:49 - 00000000 ____D () C:\Users\Rilly\Downloads\Originals
2014-11-20 20:09 - 2013-10-14 00:37 - 00251904 ____H () C:\Users\Rilly\Documents\photothumb.db
2014-11-20 20:09 - 2012-09-01 18:50 - 00000000 ____D () C:\Users\Rilly\Documents\camera
2014-11-19 22:17 - 2014-01-07 15:43 - 00110539 _____ () C:\Users\Rilly\Desktop\About Time [2013]BRRip XviD-SaM[ETRG].srt.srt
2014-11-15 10:04 - 2013-06-04 17:16 - 00001054 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 09:26 - 2012-10-27 12:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Rilly\AppData\Local\Temp\7za.exe
C:\Users\Rilly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr12fgf.dll
C:\Users\Rilly\AppData\Local\Temp\hijackthis.exe
C:\Users\Rilly\AppData\Local\Temp\ICReinstall_gadwin-printscreen-5-4-2-32-bits.exe
C:\Users\Rilly\AppData\Local\Temp\NirCmd.exe
C:\Users\Rilly\AppData\Local\Temp\PEVZ.EXE
C:\Users\Rilly\AppData\Local\Temp\Quarantine.exe
C:\Users\Rilly\AppData\Local\Temp\remove.exe
C:\Users\Rilly\AppData\Local\Temp\sed.exe
C:\Users\Rilly\AppData\Local\Temp\shortcut.exe
C:\Users\Rilly\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rilly\AppData\Local\Temp\swreg.exe
C:\Users\Rilly\AppData\Local\Temp\swxcacls.exe
C:\Users\Rilly\AppData\Local\Temp\wget.exe
C:\Users\Rilly\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-06 13:42

==================== End Of Log ============================

por **joram** Dom 14 Dez 2014, 14:17

Boa Tarde! Alencarina

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as na pasta Downloads! /!\ C:\Users\Rilly\Downloads /!\

start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> DefaultScope Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> URL [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> SuggestionsURL_JSON [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-12-02 23:35 - 2014-12-03 00:21 - 00004087 _____ () C:\windows\WindowsUpdate.log
2014-12-01 16:28 - 2014-12-14 09:35 - 00000952 _____ () C:\windows\setupact.log
2014-12-01 16:28 - 2014-12-01 16:28 - 00000000 _____ () C:\windows\setuperr.log
2014-11-22 20:11 - 2014-11-22 20:11 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-13 23:56 - 2013-08-31 23:51 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job
2014-11-21 16:17 - 2009-07-14 01:53 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA.job => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {EF73B3D7-F3F2-4454-BA83-DC76417B4B67} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-31] (Facebook Inc.)
Task: {BD3142AD-6CD8-4DF1-9CDF-E743056E16CC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-31] (Facebook Inc.)
Task: {CE0F4B08-F5DC-466B-9CAD-1052567DD474} - System32\Tasks\update-S-1-5-21-1416997274-2508555047-1895319657-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: {91D5C0B4-3DBF-49F1-AB3E-892BA2737486} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
C:\Users\Rilly\AppData\Local\Temp\7za.exe
C:\Users\Rilly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr12fgf.dll
C:\Users\Rilly\AppData\Local\Temp\hijackthis.exe
C:\Users\Rilly\AppData\Local\Temp\ICReinstall_gadwin-printscreen-5-4-2-32-bits.exe
C:\Users\Rilly\AppData\Local\Temp\NirCmd.exe
C:\Users\Rilly\AppData\Local\Temp\PEVZ.EXE
C:\Users\Rilly\AppData\Local\Temp\Quarantine.exe
C:\Users\Rilly\AppData\Local\Temp\remove.exe
C:\Users\Rilly\AppData\Local\Temp\sed.exe
C:\Users\Rilly\AppData\Local\Temp\shortcut.exe
C:\Users\Rilly\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rilly\AppData\Local\Temp\swreg.exe
C:\Users\Rilly\AppData\Local\Temp\swxcacls.exe
C:\Users\Rilly\AppData\Local\Temp\wget.exe
C:\Users\Rilly\AppData\Local\Temp\zoek-delete.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
emptytemp:
end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)

A+

por Alencarina Dom 14 Dez 2014, 14:40

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by Rilly (administrator) on RILLY-PC on 14-12-2014 13:36:09
Running from C:\Users\Rilly\Downloads
Loaded Profile: Rilly (Available profiles: Rilly)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Português (Brasil)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files\GbPlugin\GbpSv.exe
(AVAST Software) C:\Avast_internet_security\AvastSvc.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Banco Bradesco S.A.) C:\Program Files\Scpad\scpVista.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(AVAST Software) C:\Avast_internet_security\avastui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Skillbrains) C:\Users\Rilly\AppData\Local\Skillbrains\lightshot\5.1.4.9\Lightshot.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Dropbox, Inc.) C:\Users\Rilly\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Avast_internet_security\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296520 2014-07-12] (RealNetworks, Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\Run: [Google Update] => C:\Users\Rilly\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-21] (Google Inc.)
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\Run: [LightShot] => C:\Users\Rilly\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\Winlogon: [Shell] C:\windows\explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Rilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rilly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Banco Bradesco S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Avast_internet_security\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> DefaultScope Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> URL [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> SuggestionsURL_JSON [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files\Scpad\scpsssh2.dll (Banco Bradesco S.A.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Avast_internet_security\aswWebRepIE.dll (AVAST Software)
BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Rilly\AppData\Roaming\Mozilla\Firefox\Profiles\t7h700yr.default
FF DefaultSearchEngine: Wikipedia (pt)
FF DefaultSearchUrl: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF SelectedSearchEngine: Wikipedia (pt)
FF Homepage: about:home
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @real.com/nppl3260;version=17.0.11.7 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.11.7 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1416997274-2508555047-1895319657-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Rilly\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1416997274-2508555047-1895319657-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1416997274-2508555047-1895319657-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1416997274-2508555047-1895319657-1000: gastecnologia.com.br/sf/bb -> C:\Users\Rilly\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo_ff.xml
FF Extension: leethax.net extension - C:\Users\Rilly\AppData\Roaming\Mozilla\Firefox\Profiles\t7h700yr.default\Extensions\leethax@leethax.net.xpi [2013-04-13]
FF Extension: Greasemonkey - C:\Users\Rilly\AppData\Roaming\Mozilla\Firefox\Profiles\t7h700yr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-29]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Avast_internet_security\WebRep\FF
FF Extension: avast! Online Security - C:\Avast_internet_security\WebRep\FF [2014-04-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-12]
FF HKLM\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Rilly\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Rilly\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-08-29]
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E886C} [Not Found]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "https://www.google.com.br/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-24]
CHR Extension: (Google Drive) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-21]
CHR Extension: (Adblock Plus) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-24]
CHR Extension: (Pesquisa do Google) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-21]
CHR Extension: (Circles Share) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-12-14]
CHR Extension: (Tampermonkey) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-05-26]
CHR Extension: (Hola Uma Internet Melhor) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-12-14]
CHR Extension: (Avast Online Security) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-24]
CHR Extension: (RealPlayer Downloader) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-07]
CHR Extension: (Skype Click to Call) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-24]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2014-08-29]
CHR Extension: (Google Wallet) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Click&Clean App) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-12-14]
CHR Extension: (Gmail) - C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Avast_internet_security\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [76960 2011-06-15] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Avast_internet_security\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GbpSv; C:\Program Files\GbPlugin\GbpSv.exe [546104 2014-07-21] (GAS Tecnologia)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-12] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-26] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 scpVista; C:\Program Files\Scpad\scpVista.exe [360624 2012-10-24] (Banco Bradesco S.A.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-10] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-10] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-10] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-11-21] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-10] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-10] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-10] ()
R3 AthBTPort; C:\windows\System32\DRIVERS\btath_flt.sys [35488 2011-06-15] (Atheros)
R3 BTATH_A2DP; C:\windows\System32\drivers\btath_a2dp.sys [226976 2011-06-15] (Atheros)
R3 btath_avdt; C:\windows\System32\drivers\btath_avdt.sys [97440 2011-06-15] (Atheros)
R3 BTATH_BUS; C:\windows\System32\DRIVERS\btath_bus.sys [24736 2011-06-15] (Atheros)
R3 BTATH_HCRP; C:\windows\System32\DRIVERS\btath_hcrp.sys [147104 2011-06-15] (Atheros)
R3 BTATH_LWFLT; C:\windows\System32\DRIVERS\btath_lwflt.sys [52384 2011-06-15] (Atheros)
R3 BTATH_RCP; C:\windows\System32\DRIVERS\btath_rcp.sys [266272 2011-06-15] (Atheros)
R3 BtFilter; C:\windows\System32\DRIVERS\btfilter.sys [250528 2011-06-15] (Atheros)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [222544 2012-04-25] (ELAN Microelectronics Corp.)
R0 GbpKm; C:\windows\System32\drivers\gbpkm.sys [47192 2014-07-21] (GAS Tecnologia)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-11-30] (Malwarebytes Corporation)
R1 ndisrd; C:\windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-08-22] (GAS Tecnologia)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2012-02-27] (Windows (R) 2003 DDK 3790 provider)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [33608 2014-04-09] (The OpenVPN Project)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 13:22 - 2014-12-14 13:22 - 00003787 _____ () C:\Users\Rilly\Downloads\fixlist..txt
2014-12-14 12:38 - 2014-12-14 13:25 - 00052416 _____ () C:\Users\Rilly\Downloads\Addition.txt
2014-12-14 12:36 - 2014-12-14 13:36 - 00023984 _____ () C:\Users\Rilly\Downloads\FRST.txt
2014-12-14 12:36 - 2014-12-14 13:36 - 00000000 ____D () C:\FRST
2014-12-14 12:18 - 2014-12-14 12:18 - 02119168 _____ (Farbar) C:\Users\Rilly\Downloads\FRST64.exe
2014-12-14 12:18 - 2014-12-14 12:18 - 00001393 _____ () C:\Users\Rilly\Desktop\FRST64 - Atalho.lnk
2014-12-14 12:14 - 2014-12-14 12:23 - 00001373 _____ () C:\Users\Rilly\Desktop\FRST - Atalho.lnk
2014-12-14 12:12 - 2014-12-14 12:12 - 01111552 _____ (Farbar) C:\Users\Rilly\Downloads\FRST.exe
2014-12-02 23:35 - 2014-12-03 00:21 - 00004087 _____ () C:\windows\WindowsUpdate.log
2014-12-01 16:28 - 2014-12-14 09:35 - 00000952 _____ () C:\windows\setupact.log
2014-12-01 16:28 - 2014-12-01 16:28 - 00000000 _____ () C:\windows\setuperr.log
2014-11-22 21:11 - 2014-11-22 21:20 - 779221080 _____ () C:\Users\Rilly\Downloads\wetransfer-d9d9d9.zip
2014-11-22 20:11 - 2014-11-22 20:11 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-19 22:14 - 2014-11-19 22:32 - 00000000 ____D () C:\Users\Rilly\Downloads\About Time [2013]BRRip XviD-SaM[ETRG]
2014-11-19 22:14 - 2014-11-19 22:30 - 733429132 ____R () C:\Users\Rilly\Desktop\About Time [2013]BRRip XviD-SaM[ETRG].avi
2014-11-19 22:13 - 2014-11-19 22:13 - 00043083 _____ () C:\Users\Rilly\Downloads\About.Time.2013.BRRip.BDRip.BluRay (1).zip
2014-11-19 22:12 - 2014-11-19 22:14 - 00000022 _____ () C:\Users\Rilly\Downloads\About.Time.2013.BRRip.BDRip.BluRay.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 13:36 - 2012-08-25 19:08 - 00000902 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 13:09 - 2013-06-04 17:16 - 00001058 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 12:55 - 2012-07-21 18:20 - 00001078 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA.job
2014-12-14 12:35 - 2014-10-13 22:15 - 00000000 ____D () C:\Users\Rilly\AppData\Local\CrashDumps
2014-12-14 12:16 - 2009-07-14 01:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 12:16 - 2009-07-14 01:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 11:56 - 2013-08-31 23:51 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA.job
2014-12-14 10:43 - 2014-09-21 09:16 - 00000376 _____ () C:\windows\Tasks\update-sys.job
2014-12-14 09:59 - 2014-09-21 09:16 - 00000376 _____ () C:\windows\Tasks\update-S-1-5-21-1416997274-2508555047-1895319657-1000.job
2014-12-14 09:37 - 2013-11-25 18:49 - 00000000 ___RD () C:\Users\Rilly\Dropbox
2014-12-14 09:37 - 2013-11-25 18:46 - 00000000 ____D () C:\Users\Rilly\AppData\Roaming\Dropbox
2014-12-14 09:35 - 2009-07-14 01:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-13 23:56 - 2013-08-31 23:51 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job
2014-12-13 23:03 - 2014-06-19 16:21 - 00000000 ____D () C:\faceBot_Extreme
2014-12-13 20:55 - 2012-07-21 18:20 - 00001026 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job
2014-12-12 22:05 - 2013-12-20 19:49 - 00002328 _____ () C:\Users\Rilly\Desktop\Google Chrome.lnk
2014-12-11 19:41 - 2013-11-25 18:49 - 00000979 _____ () C:\Users\Rilly\Desktop\Dropbox.lnk
2014-12-11 19:41 - 2013-11-25 18:47 - 00000000 ____D () C:\Users\Rilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-10 16:36 - 2012-08-25 19:08 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-12-10 16:36 - 2012-08-25 19:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 16:31 - 2013-03-25 10:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-04 16:22 - 2014-04-07 01:40 - 00000000 ____D () C:\Avast_internet_security
2014-11-30 08:26 - 2014-05-04 01:43 - 00000000 ____D () C:\Users\Rilly\AppData\Roaming\uTorrent
2014-11-30 08:22 - 2012-08-15 19:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-30 08:18 - 2014-02-21 18:42 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2014-11-24 20:45 - 2014-08-22 20:20 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-11-21 20:43 - 2014-08-06 21:26 - 00003114 _____ () C:\Users\Rilly\Documents\Receitas.txt
2014-11-21 16:23 - 2014-04-07 01:41 - 00779536 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-11-21 16:17 - 2009-07-14 01:53 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-11-20 20:17 - 2013-08-29 11:33 - 00585728 ____H () C:\Users\Rilly\Downloads\photothumb.db
2014-11-20 20:16 - 2014-08-04 23:02 - 00007168 ____H () C:\Users\Rilly\Desktop\photothumb.db
2014-11-20 20:16 - 2013-08-31 22:49 - 00000000 ____D () C:\Users\Rilly\Downloads\Originals
2014-11-20 20:09 - 2013-10-14 00:37 - 00251904 ____H () C:\Users\Rilly\Documents\photothumb.db
2014-11-20 20:09 - 2012-09-01 18:50 - 00000000 ____D () C:\Users\Rilly\Documents\camera
2014-11-19 22:17 - 2014-01-07 15:43 - 00110539 _____ () C:\Users\Rilly\Desktop\About Time [2013]BRRip XviD-SaM[ETRG].srt.srt
2014-11-15 10:04 - 2013-06-04 17:16 - 00001054 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 09:26 - 2012-10-27 12:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Rilly\AppData\Local\Temp\7za.exe
C:\Users\Rilly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr12fgf.dll
C:\Users\Rilly\AppData\Local\Temp\hijackthis.exe
C:\Users\Rilly\AppData\Local\Temp\ICReinstall_gadwin-printscreen-5-4-2-32-bits.exe
C:\Users\Rilly\AppData\Local\Temp\NirCmd.exe
C:\Users\Rilly\AppData\Local\Temp\PEVZ.EXE
C:\Users\Rilly\AppData\Local\Temp\Quarantine.exe
C:\Users\Rilly\AppData\Local\Temp\remove.exe
C:\Users\Rilly\AppData\Local\Temp\sed.exe
C:\Users\Rilly\AppData\Local\Temp\shortcut.exe
C:\Users\Rilly\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rilly\AppData\Local\Temp\swreg.exe
C:\Users\Rilly\AppData\Local\Temp\swxcacls.exe
C:\Users\Rilly\AppData\Local\Temp\wget.exe
C:\Users\Rilly\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-06 13:42

==================== End Of Log ============================

por **joram** Dom 14 Dez 2014, 15:56

Boa Tarde! Alencarina

> Postou o relatório errado! Leia com atenção as instruções e poste o Fixlog.txt.

A+

por Alencarina Dom 14 Dez 2014, 20:47

Desculpe.
Pode ver se agora acertei? Obrigada!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-12-2014 01
Ran by Rilly at 2014-12-14 19:33:33 Run:1
Running from C:\Users\Rilly\Downloads
Loaded Profile: Rilly (Available profiles: Rilly)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> DefaultScope Web URL =
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> URL
SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> SuggestionsURL_JSON
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-12-02 23:35 - 2014-12-03 00:21 - 00004087 _____ () C:\windows\WindowsUpdate.log
2014-12-01 16:28 - 2014-12-14 09:35 - 00000952 _____ () C:\windows\setupact.log
2014-12-01 16:28 - 2014-12-01 16:28 - 00000000 _____ () C:\windows\setuperr.log
2014-11-22 20:11 - 2014-11-22 20:11 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-13 23:56 - 2013-08-31 23:51 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job
2014-11-21 16:17 - 2009-07-14 01:53 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA.job => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {EF73B3D7-F3F2-4454-BA83-DC76417B4B67} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-31] (Facebook Inc.)
Task: {BD3142AD-6CD8-4DF1-9CDF-E743056E16CC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA => C:\Users\Rilly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-31] (Facebook Inc.)
Task: {CE0F4B08-F5DC-466B-9CAD-1052567DD474} - System32\Tasks\update-S-1-5-21-1416997274-2508555047-1895319657-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: {91D5C0B4-3DBF-49F1-AB3E-892BA2737486} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
C:\Users\Rilly\AppData\Local\Temp\7za.exe
C:\Users\Rilly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr12fgf.dll
C:\Users\Rilly\AppData\Local\Temp\hijackthis.exe
C:\Users\Rilly\AppData\Local\Temp\ICReinstall_gadwin-printscreen-5-4-2-32-bits.exe
C:\Users\Rilly\AppData\Local\Temp\NirCmd.exe
C:\Users\Rilly\AppData\Local\Temp\PEVZ.EXE
C:\Users\Rilly\AppData\Local\Temp\Quarantine.exe
C:\Users\Rilly\AppData\Local\Temp\remove.exe
C:\Users\Rilly\AppData\Local\Temp\sed.exe
C:\Users\Rilly\AppData\Local\Temp\shortcut.exe
C:\Users\Rilly\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rilly\AppData\Local\Temp\swreg.exe
C:\Users\Rilly\AppData\Local\Temp\swxcacls.exe
C:\Users\Rilly\AppData\Local\Temp\wget.exe
C:\Users\Rilly\AppData\Local\Temp\zoek-delete.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
emptytemp:
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> URL => Value not found.
HKU\S-1-5-21-1416997274-2508555047-1895319657-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-1416997274-2508555047-1895319657-1000 -> SuggestionsURL_JSON => Value not found.
esgiguard => Service deleted successfully.
C:\windows\WindowsUpdate.log => Moved successfully.
C:\windows\setupact.log => Moved successfully.
C:\windows\setuperr.log => Moved successfully.
C:\ProgramData\boost_interprocess => Moved successfully.
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job => Moved successfully.
Could not move "C:\windows\Tasks\SCHEDLGU.TXT" => Scheduled to move on reboot.
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core.job not found.
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF73B3D7-F3F2-4454-BA83-DC76417B4B67}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF73B3D7-F3F2-4454-BA83-DC76417B4B67}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000Core" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD3142AD-6CD8-4DF1-9CDF-E743056E16CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD3142AD-6CD8-4DF1-9CDF-E743056E16CC}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-1416997274-2508555047-1895319657-1000UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE0F4B08-F5DC-466B-9CAD-1052567DD474}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE0F4B08-F5DC-466B-9CAD-1052567DD474}" => Key deleted successfully.
C:\Windows\System32\Tasks\update-S-1-5-21-1416997274-2508555047-1895319657-1000 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-1416997274-2508555047-1895319657-1000" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91D5C0B4-3DBF-49F1-AB3E-892BA2737486}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91D5C0B4-3DBF-49F1-AB3E-892BA2737486}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
C:\Users\Rilly\AppData\Local\Temp\7za.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr12fgf.dll => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\hijackthis.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\ICReinstall_gadwin-printscreen-5-4-2-32-bits.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\NirCmd.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\PEVZ.EXE => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\remove.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\sed.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\shortcut.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\swreg.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\swxcacls.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\wget.exe => Moved successfully.
C:\Users\Rilly\AppData\Local\Temp\zoek-delete.exe => Moved successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":430C6D84" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
EmptyTemp: => Removed 957.3 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-14 19:42:19)<=

"C:\windows\Tasks\SCHEDLGU.TXT" => File could not move.

==== End of Fixlog ====

por **joram** Dom 14 Dez 2014, 21:53

Boa Noite! Alencarina

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ps: Dê início ao scan,clicando em "Examinar".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >

A+

por Alencarina Dom 14 Dez 2014, 23:31

Baixei mas o AdwCleaner não abre Sad

por **joram** Seg 15 Dez 2014, 00:28

Alencarina escreveu:Baixei mas o AdwCleaner não abre

Boa Noite! Alencarina

> Tente a JRT e,ao concluir,verifique se funciona a AdwCleaner.

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Oleg N. Scherbakov )

> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

por Alencarina Seg 15 Dez 2014, 11:24

Também não funciona!

por **joram** Seg 15 Dez 2014, 12:46

Boa Tarde! Alencarina

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Salve-o no desktop!
> Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
> Aceite o contrato e marque: "YES, I accept the Terms of Use"
> Clique: "Start"

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Em "Computer scan settings",marque:

<*> Enable detection of potentially unwanted applications

> Em "Hide advanced settings",marque:

<1> Scan archives
<2> Scan for potentially unsafe applications
<3> Enable Anti-Stealth technology
<4> Remove found threats

> Clique em "Advanced settings".
> Clique "Change" e marque a caixa "Computador".
> Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
> Ao concluir,clique em "List of found threats".
> Clique em "Export to text file" e salve o relatório no desktop.
> Clique "Back" >> "Finish".
> Poste o relatório!

A+

por Alencarina Seg 15 Dez 2014, 12:46

Consegui o JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Starter x86
Ran by Rilly on 15/12/2014 at 11:42:36,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update webget
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util webget

~~~ Files

Successfully deleted: [File] C:\windows\System32\Tasks\Driver Booster SkipUAC (SISTEMA)

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Rilly\AppData\Roaming\mozilla\firefox\profiles\t7h700yr.default\prefs.js

user_pref("keyword.url", "hxxp://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402&st=c
Emptied folder: C:\Users\Rilly\AppData\Roaming\mozilla\firefox\profiles\t7h700yr.default\minidumps [15 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Rilly\appdata\local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm
Successfully deleted: [Folder] C:\Users\Rilly\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/12/2014 at 11:45:45,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **joram** Seg 15 Dez 2014, 12:50

Boa Tarde! Alencarina

> Caso queira,pode executar a ferramenta da Eset.
> Como está seu PC? Algum problema ainda?

A+

por Alencarina Seg 15 Dez 2014, 12:57

Consegui o JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Starter x86
Ran by Rilly on 15/12/2014 at 11:42:36,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update webget
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util webget

~~~ Files

Successfully deleted: [File] C:\windows\System32\Tasks\Driver Booster SkipUAC (SISTEMA)

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Rilly\AppData\Roaming\mozilla\firefox\profiles\t7h700yr.default\prefs.js

user_pref("keyword.url", "hxxp://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402&st=c
Emptied folder: C:\Users\Rilly\AppData\Roaming\mozilla\firefox\profiles\t7h700yr.default\minidumps [15 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Rilly\appdata\local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm
Successfully deleted: [Folder] C:\Users\Rilly\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/12/2014 at 11:45:45,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por Alencarina Seg 15 Dez 2014, 12:58

Agora o ADWCLEANER

# AdwCleaner v4.105 - Relatório criado 15/12/2014 às 11:51:15
# Atualizado 08/12/2014 por Xplode
# Database : 2014-12-13.4 [Live]
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : Rilly - RILLY-PC
# Executando de : C:\Users\Rilly\Downloads\adwcleaner_4.105.exe
# Opção : Limpar

***** [ Serviços ] *****

[x] Não Deletada : c2cautoupdatesvc
[x] Não Deletada : c2cpnrsvc

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm
Pasta Deletada : C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Tarefas ] *****

Tarefa Deletedo : update-sys
Tarefa Deletedo : update-S-1-5-21-1416997274-2508555047-1895319657-1000

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\Web
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismaTV Ver. 1.1.3.0

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.17088

-\\ Mozilla Firefox v33.1 (x86 pt-BR)

-\\ Google Chrome v

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [15673 octets] - [24/05/2014 00:20:24]
AdwCleaner[R1].txt - [1790 octets] - [25/05/2014 22:16:54]
AdwCleaner[R2].txt - [1864 octets] - [28/05/2014 11:50:22]
AdwCleaner[R3].txt - [9391 octets] - [19/06/2014 13:36:47]
AdwCleaner[R4].txt - [2301 octets] - [20/06/2014 21:17:49]
AdwCleaner[R5].txt - [4803 octets] - [11/09/2014 19:36:58]
AdwCleaner[R6].txt - [2417 octets] - [20/09/2014 00:45:31]
AdwCleaner[R7].txt - [2654 octets] - [20/09/2014 00:47:12]
AdwCleaner[R8].txt - [3023 octets] - [15/12/2014 11:48:40]
AdwCleaner[S0].txt - [14588 octets] - [24/05/2014 00:21:43]
AdwCleaner[S1].txt - [1904 octets] - [25/05/2014 22:18:32]
AdwCleaner[S2].txt - [1912 octets] - [28/05/2014 11:51:08]
AdwCleaner[S3].txt - [6154 octets] - [19/06/2014 13:38:58]
AdwCleaner[S4].txt - [2347 octets] - [20/06/2014 21:21:19]
AdwCleaner[S5].txt - [4823 octets] - [11/09/2014 19:43:52]
AdwCleaner[S6].txt - [2553 octets] - [20/09/2014 00:49:22]
AdwCleaner[S7].txt - [2881 octets] - [15/12/2014 11:51:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2941 octets] ##########

por Alencarina Seg 15 Dez 2014, 13:00

Oi boa tarde!
O note está meio lento, nem uso o internet explorer e o mesmo fica reiniciando de vez em quando, só depois que ele reiniciou que consegui executar o JRT e o Adwcleaner.

por **joram** Seg 15 Dez 2014, 13:36

Boa Tarde! Alencarina

> Deixe o scan da Eset para o final e execute a Zoek.

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute zoek.exe como administrador.

autoclean;
emptytemp;

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt <<

A+

por Alencarina Seg 15 Dez 2014, 22:33

Boa noite!
Segue relatório.

Zoek.exe v5.0.0.0 Updated 14-December-2014
Tool run by Rilly on 15/12/2014 at 20:50:28,51.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rilly\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-24-042657.log 47785 bytes
C:\zoek-results2014-05-24-174210.log 41399 bytes
C:\zoek-results2014-05-24-180434.log 10121 bytes
C:\zoek-results2014-05-24-181310.log 1564 bytes
C:\zoek-results2014-05-24-214742.log 1225 bytes
C:\zoek-results2014-09-20-034947.log 21704 bytes

==== Empty Folders Check ======================

C:\Users\Rilly\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} deleted successfully
HKEY_USERS\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully
HKEY_USERS\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69E79F0F-6F42-464B-8A65-2DE4BF55A3F4} deleted successfully
HKEY_USERS\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83A1B25A-6950-42D4-83EA-DE169C12882} deleted successfully
HKEY_USERS\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D1C372E-6B23-4D4A-964E-672A7BB07FB8} deleted successfully
HKEY_USERS\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D54207E0-E965-4BBD-A07E-984C3640AAC} deleted successfully
HKEY_USERS\S-1-5-21-1416997274-2508555047-1895319657-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Rilly\AppData\Roaming\Mozilla\Firefox\Profiles\t7h700yr.default

user.js not found
---- Lines FindRight removed from prefs.js ----
user_pref("extensions.FindRight.aul", "1393210554326");
user_pref("extensions.FindRight.irl", true);
user_pref("extensions.FindRight.is", "isgiwhBR");
user_pref("extensions.FindRight.ug", "9C80B8FD-73A9-4EFC-9FAA-5C62DAA9EB08");
---- FireFox user.js and prefs.js backups ----

prefs_122014_2125_.backup

ProfilePath: C:\Users\Rilly\AppData\Roaming\Netscape\Navigator\Profiles\ossdn5xe.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_122014_2125_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\SamsungPrinterLiveUpdateInstaller deleted
C:\Program Files\Skillbrains deleted
C:\Users\Rilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot deleted
C:\windows\system32\GroupPolicy\Machine deleted
C:\windows\system32\GroupPolicy\User deleted
C:\windows\system32\GroupPolicy\gpt.ini deleted
"C:\Users\Rilly\AppData\Local\Skillbrains\lightshot\5.1.4.9\Lightshot.dll" deleted
"C:\Users\Rilly\AppData\Local\Skillbrains\lightshot\5.1.4.9\Lightshot.exe" deleted
"C:\Users\Rilly\AppData\Local\Skillbrains" deleted
"C:\Users\Rilly\AppData\Local\Skillbrains\lightshot" deleted
"C:\Users\Rilly\AppData\Local\Skillbrains\lightshot\5.1.4.9" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1DD9AC48-0855-4AE7-9934-159B4377FFA2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [12/07/2014 15:46]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Rilly\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [29/08/2014 23:08]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Rilly\AppData\Roaming\Mozilla\Firefox\Profiles\t7h700yr.default
- Undetermined - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Undetermined - {87F8774F-B485-47E2-A755-A40A8A5E886C}
- Undetermined - {e4a8a97b-f2ed-450b-b12d-ee082ba24781}
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Rilly\AppData\Roaming\Mozilla\Firefox\Profiles\t7h700yr.default
9860727E477F17B88E39AF8B69B0407A - C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
D2377C9458EFEB094E38B8C874AA214C - C:\Users\Rilly\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
BFD1CDA328C83054154DD05EA233F79B - C:\Users\Rilly\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
863FFC28C30385B5ADBF6A6BE5A130E5 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
3C16B6372AEBE923265A4C7048418E04 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
39F5F83EF0847C08A572328B7F306DAE - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit)
6AA2BD1250A1328EDB6322E812068378 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealPlayer Video Downloader for PepperFlash (32-bit)
917ED2479611A36053F664928D6C7C91 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealPlayer Video Downloader (32-bit)
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Avast_internet_security\WebRep\Chrome\aswWebRepChrome.crx[10/07/2014 15:17]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[10/06/2014 17:54]

Tampermonkey - Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Avast Online Security - Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
RealPlayer Downloader - Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
GBBD Banco do Brasil - Rilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp
Feven Pro 1.3 - Rilly\AppData\Roaming\Opera Software\Opera Stable\Extensions\hjmimgeipgjgdblgkjpgaknjeidbnjdb

==== Chromium Fix ======================

C:\Users\Rilly\AppData\Roaming\Opera Software\Opera Stable\Extensions\hjmimgeipgjgdblgkjpgaknjeidbnjdb deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402"
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402"
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot deleted successfully

==== Empty IE Cache ======================

C:\Users\Rilly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Rilly\AppData\Local\Mozilla\Firefox\Profiles\t7h700yr.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Rilly\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Rilly\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=584 folders=190 215425740 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Rilly\AppData\Local\Temp will be emptied at reboot
C:\windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Rilly\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 15/12/2014 at 21:30:58,21 ======================

por **joram** Seg 15 Dez 2014, 23:22

Boa Noite! Alencarina

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Nicolas Coolman )

> Estando na página,clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Salve-a no desktop!
> Execute-a e ao abrir,clique "J'accept/I Agree".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Para correções mais abrangentes,marque todas as opções disponíveis.
> Clique Réparer.
> Clique Rapport.
> Poste o relatório!

A+

por Alencarina Ter 16 Dez 2014, 13:27

~ ZHPCleaner v2014.12.15.261 by Nicolas Coolman (15/12/2014)
~ Run by Rilly (Administrator) (16/12/2014 12:27:04)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Rilly\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Rilly\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Windows 7, 32-bit Service Pack 1 (Build 7601)

por Alencarina Ter 16 Dez 2014, 13:32

~ ZHPCleaner v2014.12.15.261 by Nicolas Coolman (15/12/2014)
~ Run by Rilly (Administrator) (16/12/2014 12:20:28)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Rilly\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Rilly\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Windows 7, 32-bit Service Pack 1 (Build 7601)

---\\ Services (0)
~ No malicious items found.

---\\ Browser internet (3)
REPLACED IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
REPLACED Firefox: [t7h700yr.default] URL HomePage : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
REPLACED: [t7h700yr.default] - user_pref("browser.search.order.1", "Yahoo! (Avast)"); (PUP.Babylon)

---\\ Hosts file (2)
REPLACED:
Number of found redirections 1/22

---\\ Scheduled automatic tasks. (0)
~ No malicious items found.

---\\ Explorer ( File, Folder) (6)
MOVED: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)
MOVED: C:\Program Files\Enigma Software Group\SpyHunter [ - ] (PUP.EnigmaSoftware)
MOVED: C:\Users\Rilly\Downloads\browsermngr_keys.cfg[] (PUP.Babylon)
MOVED: C:\Users\Rilly\Downloads\browsermngr_values.cfg[] (PUP.Babylon)
MOVED: C:\Users\Rilly\Downloads\datamngr_del.reg[] (PUP.Datamngr)
MOVED: C:\Users\Rilly\Downloads\FFbrowsermngr.dat[] (PUP.Babylon)

---\\ Registry ( Key, Value, Data) (11)
DELETED: HKEY_CLASSES_ROOT\ChromeHTML\Shell\Open\Command\ChromeHTML\Shell\Open\Command\\ChromeHTML [Bad : "C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe" -- "%1"] (Broken.OpenCommand)
DELETED: HKCR\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} [http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1402266435645&tguid=77324-18194-1402266435645-A9D78AD64C34D4A7000613EE62E21402&q={searchTerms}] [Web Search] (PUP.CertifiedToolbar)
DELETED RUN: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LightShot [C:\Users\Rilly\AppData\Local\Skillbrains\lightshot\Lightshot.exe] (Adware.SkillBrains)
DELETED chiave: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [ShopperReports.dll] (Adware.ShopperReports)
DELETED chiave: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [ShoppingReport.dll] (Adware.ShoppingReport)
DELETED chiave: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [BabylonToolbar.dll] (PUP.Babylon)
DELETED chiave: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [BabylonToolbar.dll] (PUP.Babylon)
DELETED chiave: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [BabylonToolbarTlbr.dll] (PUP.Babylon)
DELETED chiave: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [ShoppingReport.dll] (Adware.ShoppingReport)
DELETED chiave: HKCU\Software\SkillBrains [] (Adware.SkillBrains)
DELETED chiave: HKLM\SOFTWARE\SkillBrains [] (Adware.SkillBrains)

---\\ Result of repair
~ Repair carried out successfully
~ Repair canceled by the user (Google Chrome)

---\\ Statistics
~ Items scanned : 44920
~ Items found : 1
~ Items repair : 20

End of clean at 12:27:01

por Alencarina Ter 16 Dez 2014, 13:38

~ ZHPCleaner v2014.12.15.261 by Nicolas Coolman (15/12/2014)
~ Run by Rilly (Administrator) (16/12/2014 12:27:04)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Rilly\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Rilly\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Windows 7, 32-bit Service Pack 1 (Build 7601)

---\\ Services (0)
~ No malicious items found.

---\\ Browser internet (0)
~ No malicious items found.

---\\ Hosts file (1)
~ The hosts file is legitimate (21)

---\\ Scheduled automatic tasks. (0)
~ No malicious items found.

---\\ Explorer ( File, Folder) (0)
~ No malicious items found.

---\\ Registry ( Key, Value, Data) (1)
DELETED: HKEY_CLASSES_ROOT\ChromeHTML\Shell\Open\Command\ChromeHTML\Shell\Open\Command\\ChromeHTML [Bad : "C:\Users\Rilly\AppData\Local\Google\Chrome\Application\chrome.exe" -- "%1"] (Broken.OpenCommand)

---\\ Result of repair
~ Any repair made
~ Repair canceled by the user (Google Chrome)

---\\ Statistics
~ Items scanned : 44932
~ Items found : 1
~ Items repair : 0

End of clean at 12:38:06

por Conteúdo patrocinado

Estou recebendo emails da minha própria conta.

Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Re: Estou recebendo emails da minha própria conta.

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30