PC travando

por Janaína Ramos Qui 19 Mar 2015, 22:37

Boa noite.
Meu PC ta travando demais, aparecendo propagandas na própria página, e quando estou em página especifica, do nada aparece outra perguntando se quer fazer o download de determinado programa.
Obrigada.

por **caedurodrigues** Qui 19 Mar 2015, 22:44

Boa noite Janaína,

Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...par Xplode)
Ou aqui >>[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]<<
Salve-a na sua Desktop (área de trabalho).
Feche todos os programas e navegadores de internet abertos.
Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique em Examinar, para iniciar o escaneamento!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Ao término, clique em limpar
Copie o log ou clique "Relatório".
Poste: >>C:\AdwCleaner\AdwCleaner [S0].txt<<

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Oleg N. Scherbakov)>
Salve-o no desktop!
Desabilite seu antivírus!
Para Windows 7, clique direito em JRT.exe e execute-o como [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Aguarde a conclusão e poste o relatório. ( JRT.txt )

Um grande abraço. PC travando 648673379

por Janaína Ramos Sex 20 Mar 2015, 14:45

# AdwCleaner v4.112 - Logfile created 20/03/2015 at 14:39:22
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Home Premium (x86)
# Username : adm - ADM-PC
# Running from : C:\Users\adm\Downloads\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\StormAlert
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\baidu
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Program Files\Common Files\ClaraUpdater
Folder Deleted : C:\Users\adm\AppData\Local\Temp\apn
Folder Deleted : C:\Users\adm\AppData\Local\Temp\baidu
Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Roaming\DealPly
Folder Deleted : C:\Users\adm\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\adm\AppData\Local\globalUpdate
Folder Deleted : C:\Users\adm\AppData\Local\BoBrowser
Folder Deleted : C:\Users\adm\AppData\Local\StormAlert
Folder Deleted : C:\Users\adm\AppData\Roaming\baidu
Folder Deleted : C:\ProgramData\ehjjecoipapgipcakdffpcoaljkgobjo
File Deleted : C:\Users\adm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BoBrowser.lnk
File Deleted : C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_click.dealshark.com_0.localstorage-journal
File Deleted : C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5350-4500-76A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5350-4500-76A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D4202191-E3A2-44BA-8D80-D96BE980F8A1}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Easy Speed Check
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1500}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchfunmoods.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v33.1.1 (x86 pt-BR)

[0ewuxzzw.default\prefs.js] - Line Deleted : user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%[...]
[0ewuxzzw.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14bb7556c4e8ed2c28bafe0e58431472");

-\\ Google Chrome v35.0.1916.17

*************************

AdwCleaner[R0].txt - [6412 bytes] - [20/03/2015 14:33:12]
AdwCleaner[S0].txt - [6222 bytes] - [20/03/2015 14:39:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6281 bytes] ##########

por **caedurodrigues** Sex 20 Mar 2015, 14:57

Boa tarde Janaína, poste também o relatório da JRT. Fico aguardando.

por Janaína Ramos Sex 20 Mar 2015, 21:03

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Home Premium x86
Ran by adm on 20/03/2015 at 20:35:43,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Users\adm\AppData\Roaming\baidu security"
Successfully deleted: [Folder] "C:\Users\adm\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files\baidu security"

~~~ FireFox

Successfully deleted the following from C:\Users\adm\AppData\Roaming\mozilla\firefox\profiles\0ewuxzzw.default\prefs.js

user_pref("extensions.0JrMrS7JvU.scode", "(function(){try{if(window.self.location.href.indexOf(\"qHn5rdwHqjY5rTnHrjg9qHU5rY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecas
Emptied folder: C:\Users\adm\AppData\Roaming\mozilla\firefox\profiles\0ewuxzzw.default\minidumps [291 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/03/2015 at 20:42:15,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **caedurodrigues** Sex 20 Mar 2015, 21:47

Boa noite Janaína,

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...by Smeenk)
Salve na sua Desktop (Área de trabalho) !
Execute o arquivo Zoek.exe.
Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
emptyfolderscheck;delete

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
Clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem], aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
Anexe o zoek-results.txt na sua próxima resposta.

Um grande abraço. PC travando 648673379

por Janaína Ramos Sáb 21 Mar 2015, 11:50

Não apareceu bloco de notas!
Apareceu no próprio zoek isso:
Zoek.exe is still running.
Do not start any browser windows, they may get closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

por Janaína Ramos Sáb 21 Mar 2015, 13:35

Zoek.exe v5.0.0.0 Updated 21-March-2015
Tool run by adm on 21/03/2015 at 12:01:27,36.
Microsoft Windows 7 Home Premium 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\adm\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-03-21-145040.log 564 bytes

==== System Restore Info ======================

21/03/2015 12:04:18 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\adm\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{166682C4-6FD9-41E2-B2AD-7066180FE1E} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17B61B47-8C68-4A93-8A15-42EF47AE9766} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F0259D1-8B16-480F-B691-5EF5434B3AF} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F5FE4DE-B8CD-4636-84BF-2B3D4AAE791C} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21B3AE2-4D37-4192-9360-50A244673D71} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21C7148D-49E4-45B4-AC79-8E6B89AE118E} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{226931A8-1B65-4700-A2E4-32B08F9ED7A} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23F64F80-BADA-45D7-BAD9-84E4E932C9A} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{273ABA5C-780C-400D-82B9-ED1970FF4015} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EAF9386-9C75-4EBC-9CA7-50E4766BACAF} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{389DCDAE-61C8-4281-93F2-F79B56FB51D0} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38B9B47C-2275-43C4-8EAE-74F2D222AAAA} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{392891EC-DCE7-4242-86CB-8C2E234ADB6C} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A1CD80-7EC5-40B0-854E-18C821F5EB9B} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AE0A293-F961-491D-A142-ED36FBFF7790} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41B60FAD-13A5-4006-8A96-FB423FA919E4} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42337C21-A64-431D-BE1C-CDBCA66C67F0} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42779C71-11A3-4E04-8F80-37DF80139B36} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EED3542-D22B-444A-BC74-F7E2805701D} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{504388BD-6A44-4CC6-BD2A-2A8797C4C07E} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{526D317C-829E-4441-BE41-400936407A} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5410393B-B53E-48CC-A6AF-3B16C88C7173} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54D741CB-54CE-4459-A01D-8590D926505D} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{568D8569-5ABE-4A61-98E6-5112FEBD9B9} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56F0E8BC-41AF-4D30-9E53-23D4D36A41C} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AAD41-AE83-4E02-B783-2C34A654334} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CE0D9A5-849F-4186-B67A-CC551F62D565} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DEDAC28-86BC-4C69-9AE1-4E657B97BFEC} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67E00070-C344-4B01-99F2-D668C3E623E5} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E5EFD9B-B60C-4C03-925D-3F44B297693} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E73EFF1-6F7F-46E6-8CA5-B24ACE885ACF} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{706c8257-0edf-4543-9c3b-0812ab845824} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{736F43A4-B474-4D79-B324-E963A2D2ED2A} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7624e77d-921b-425d-aa8e-ea0631384511} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77E94270-B912-4D6A-B81D-4F3D3A3C3922} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F336C6F-11FB-4CE9-A031-4F4B40F64ED6} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FEA316-883D-4CA0-8788-BE967337366C} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF33818-27A5-499F-BE1-57A8BFA4F3AB} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8166D606-6D70-4231-8F82-771966FA4CBA} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C2866FB-6080-4386-823C-94DF68C7628C} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9290935-1358-4EE7-9414-10DC7F50B0} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95297FC-31D4-4647-9A7E-30D153179AF9} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{996B7E62-406F-4CE2-B8CC-41E1BDF71FC6} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CED023F-FA62-4904-8442-46B98350EBEC} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9EB76BCA-9ABE-4760-8668-F79E0AD909A} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9EC585F8-33-49AE-A0A8-5DE45AC546DF} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A07F0F6F-55D6-4F35-8AEE-F2B18DAEC4} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A38041AF-2953-4272-8CAA-3B48229713E0} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3F52870-5CD-457C-A4C8-8C769FAE68E} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4F462C-FFBD-4768-A77E-914551D6C979} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A54E65CB-90D6-4090-A5C3-74943F7D88EB} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A61505C5-351E-46CB-92DA-92D7674CFEB8} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB5363D6-87F2-4228-8D6F-37B71A7B95FF} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B455954C-9F1C-48D8-93DA-47D3B7EC5BE1} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B58F28F6-6497-42D5-B13B-9EB7B3241C13} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B614C907-528B-4C1E-9FF6-98152D7FDCC6} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9152878-DA46-447C-879-4DC157A0262E} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF032C01-66DC-4CE1-9B8F-B3CE42DB9EB} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C227415C-BC23-41F3-835A-6327FEBD4D49} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4E65F07-524E-4F35-87BA-422A68520C8} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C830ECF8-C2F6-4AB1-9F34-8768D24B546D} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA964FA8-9AF5-4A9D-AA43-587B3C4B45C8} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB88036-A945-4029-904E-44641507D81} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC528768-568A-43BD-B86B-723EF267325} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF4E5D70-9671-4827-BD8-FBC2E0527A6} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D006F0B-1827-4475-A3CD-9886A257DC8} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1B04088-D5E0-4927-B422-F236DA5ACCFA} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D583A5E6-8E68-4628-B39A-5528307350A8} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D92FBD06-4516-41D5-854E-DAD4E58C4DB5} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA420A7F-5F0F-4A1D-ABD3-671DAC41510} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1609F9D-BD60-49DB-B4E9-7D30AAFE8653} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E351E1AA-D158-4209-8CBA-BDDD71A92C2A} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECEA0C8A-25D9-440C-A466-4726A0E95D6} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECECE033-85A8-4A17-8CCC-E8DB20A18335} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED02B22B-755A-4C30-9151-19A91BCB61F1} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF089BC4-BCA1-4333-9B2E-EFD8E2A35BB} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F07D8A32-D632-454E-9B9F-ED5CD4B88EE} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F19BE96E-1F4A-4143-BDFE-B51721A5C336} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F220F195-D7E8-4512-B587-5A43B9AEC6D0} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3091DA1-9DA9-4985-A99D-F4F8D39F4938} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3828D99-C7C-48EA-AC83-EE7F55AFD6E} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F78621E7-6B59-4F07-9636-8F447DF3D71} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA374567-F0D6-49EF-B37E-C4C87D0184C} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA931B16-A25A-4794-9CB9-DFB8B9954EFF} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF679CE-D82E-442C-95DF-FFE41DABD4C} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB22C0F3-1245-4451-8CC9-58CD4117439} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{706c8257-0edf-4543-9c3b-0812ab845824} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7624e77d-921b-425d-aa8e-ea0631384511} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\adm\AppData\Roaming\Mozilla\Firefox\Profiles\0ewuxzzw.default

user.js not found
---- Lines aMGKN37049485ACPSC11936960com61365 removed from prefs.js ----
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.InstallationTime", 1424710004);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.MGKN37049485@ACPSC11936960.comaMGKN37049485ACPSC11936960com61365_dbWasSet", true);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.MGKN37049485@ACPSC11936960.comaMGKN37049485ACPSC11936960com61365_dbWasSet_FF25_FIX", tr
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.MGKN37049485@ACPSC11936960.comasyncdb_dbWasSet", true);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.MGKN37049485@ACPSC11936960.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.MGKN37049485@ACPSC11936960.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.MGKN37049485@ACPSC11936960.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.active", true);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.addressbar", "NA");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.addressbarenhanced", "");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.asyncdb.was_copied", "true");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.asyncinternaldb.was_copied", "true");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.backgroundver", 25);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.certdomaininstaller", "");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.changeprevious", false);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0300 (Hora oficial d
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.cookie.InstallationTime.value", "1424710004");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.description", "HQ Videos 1.1");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.domain", "");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.enablesearch", false);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.homepage", "");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.iframe", false);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0300 (Hora o
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0300 (Hora ofici
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.Resources_appVer.value", "116");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0300 (Hora
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.Resources_lastVersion.value", "25");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0300 (Hora oficial
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.Resources_nextCheck.expiration", "Wed Mar 18 2015 02:27:14 GMT-0300 (Hora of
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0300 (Hora oficia
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-0
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 G
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GM
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.reporting_user_key_index.expiration", "Thu Feb 20 2025 13:47:06 GMT-0300 (Ho
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.reporting_user_key_index.value", "533");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.lastDailyReport", "1426634829220");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.lastUpdate", "1426634798898");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.manifesturl", "");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.name", "I - Cinema");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.newtab", "");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.opensearch", "");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.pluginsurl", "http://js.ourstaticdatastorage.com/plugin/apps/61365/plugins/na/ff/plugin
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.pluginsversion", 84);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.publisher", "DiscountFrenzy");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.searchstatus", 0);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.setnewtab", false);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.thankyou", "");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.updateinterval", 360);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.ver", 116);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.apps", "61365");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.bic", "14bb7556c4e8ed2c28bafe0e58431472");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.cid", 61365);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.firstrun", false);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.hadappinstalled", true);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.installationdate", 1424710004);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.modetype", "production");
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.reportInstall", true);
user_pref("extensions.aMGKN37049485ACPSC11936960com61365.statsDailyCounter", 2);
---- Lines extensions.0JrMrS7JvU removed from prefs.js ----
user_pref("extensions.0JrMrS7JvU.epoch", "1426721210");
user_pref("extensions.0JrMrS7JvU.url", "http://onionbarstar.info/sync2/?q=hfZ9oekHrHtUtNbPhd9EtMqLDe49CNU0nVsMCMlNhd9FqdaFrHwErTr4rjrMBzqUojw9rjaEqHw9
---- FireFox user.js and prefs.js backups ----

prefs_032015_1236_.backup

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\Program Files\Arquivos Comuns deleted
C:\ProgramData\YTubeAdssRemoveR deleted
C:\Program Files\I - Cinema deleted
C:\Users\adm\AppData\LocalLow\{168FB434-3A00-561D-1117-CF09245737B6} deleted
C:\Users\adm\AppData\LocalLow\{2A4041F1-57B9-CFBA-6E69-F4E159834A19} deleted
C:\Users\adm\AppData\LocalLow\{5256376B-6A49-7DF9-A7FC-B0B5DC97E77B} deleted
C:\Users\adm\AppData\LocalLow\{5402E352-615D-EA54-2998-F667AADFCD73} deleted
C:\Users\adm\AppData\LocalLow\{882D2536-BC86-828C-A666-EF62AFECA9A2} deleted
C:\Users\adm\AppData\LocalLow\{B3FC7BEA-60C8-BEF4-6BE9-C51596AABDD6} deleted
C:\Users\adm\AppData\LocalLow\{B4014E5F-035B-9856-969E-CA0F3AB49E41} deleted
C:\Users\adm\AppData\LocalLow\{DD910D10-EE65-6562-D64F-7935D78E9A77} deleted
C:\Users\adm\AppData\LocalLow\{FAD58691-4771-8A0B-DD3F-259C0F5B9C0F} deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\{168FB434-3A00-561D-1117-CF09245737B6} deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\{5402E352-615D-EA54-2998-F667AADFCD73} deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\{DD910D10-EE65-6562-D64F-7935D78E9A77} deleted
C:\PROGRA~2\64f946bc5560bb7 deleted
C:\Users\adm\AppData\Roaming\WB.CFG deleted
C:\Users\adm\AppData\Roaming\ContentExplorer deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Users\adm\AppData\LocalLow\Company deleted
C:\Users\adm\AppData\LocalLow\{FAECC00E-8025-47C7-94A5-DCC838C392A1} deleted
C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted
C:\Windows\system32\drivers\Msft_Kernel_webinstr_01009.Wdf deleted
C:\Windows\system32\sasnative32.exe deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
C:\Users\adm\Desktop\Continue flashplayer Installation.lnk deleted
C:\Users\adm\AppData\Roaming\Mozilla\Firefox\Profiles\0ewuxzzw.default\Extensions\MGKN37049485@ACPSC11936960.com deleted
C:\Users\adm\AppData\Roaming\Mozilla\Firefox\Profiles\0ewuxzzw.default\Extensions\poyeowkt@ojyl-aa.org deleted
"C:\Windows\Installer\cd2e.msi" deleted
"C:\PROGRA~2\moempeaiplopdojbfcikdhmnhfabieel\moempeaiplopdojbfcikdhmnhfabieel.crx" deleted
"C:\PROGRA~2\moempeaiplopdojbfcikdhmnhfabieel\update.xml" deleted
"C:\Users\adm\AppData\Roaming\Amyw\akekn.kys" deleted
"C:\Users\adm\AppData\Roaming\Bovy\etgu.exe" deleted
"C:\Users\adm\AppData\Roaming\Lyrysy\atew.cuy" deleted
"C:\PROGRA~2\moempeaiplopdojbfcikdhmnhfabieel" deleted
"C:\Users\adm\AppData\Roaming\Amyw" deleted
"C:\Users\adm\AppData\Roaming\Bovy" deleted
"C:\Users\adm\AppData\Roaming\Lyrysy" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [04/02/2015 13:16]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\adm\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\adm\AppData\Roaming\Mozilla\Firefox\Profiles\0ewuxzzw.default
- c72c0c734eb04fb3af0f074e97326cfd - %ProfilePath%\extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\adm\AppData\Roaming\Mozilla\Firefox\Profiles\0ewuxzzw.default
E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25
238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
256C847CD03160C9088FB440DB929448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
711A2E6A55EC7BFD59B5F649D58B704B - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll - Silverlight Plug-In
21A55BABD31DA624449F06A591AE73ED - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrlui.dll - Microsoft (R) Silverlight

==== Chromium Look ======================

Google Chrome Version: 35.0.1916.17 (Possible outdated, latest Stable version: 41.0.2272.101)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[02/12/2012 21:21]

RealPlayer HTML5Video Downloader Extension - adm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
YTubeAdssRemoveR - adm\AppData\Local\Google\Chrome\User Data\Default\Extensions\moempeaiplopdojbfcikdhmnhfabieel
TakkeTheCoaupoon - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\affndlnkkdhnkcgldifalkickgagimfd
Funmoods Chat - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
MSS+ Extension - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Find My Bookmarks - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmhjehomglimoklhidcfdlfmahlold
Funmoods - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
50oCoupOns - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fablpgedmecgmiompponickeehfennbp
Hey Girl - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip
RealPlayer HTML5Video Downloader Extension - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Clickable Links - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgamelhnfokapndfdodnmfiningckjia
YTubeAdssRemoveR - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\moempeaiplopdojbfcikdhmnhfabieel
Lyrics On - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalifdbckgeckmcjidkfgiikhpcdbdah
CouapExtteoNsion - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogmafflapahjopoljjfnmfcklhkodick
Super Notifier - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpnamijjddnpholapdkhokmgnfkdfpp

==== Chromium Fix ======================

C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ciuvo.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ciuvo.com_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.groupon.com.br_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.groupon.com.br_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.uol.com.br_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.uol.com.br_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.search.smartshopping.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.search.smartshopping.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.shoppingparalela.com.br_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.shoppingparalela.com.br_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cheaphotelfinder.org_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cheaphotelfinder.org_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.adbutter.net_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.adbutter.net_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.addtoany.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.addtoany.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coolfree-downloads.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coolfree-downloads.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.cuponsvip.com.br_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.cuponsvip.com.br_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ernmoneynow.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ernmoneynow.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.freetwittube.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.freetwittube.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.greatappsdownload.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.greatappsdownload.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ny.us.criteo.net_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ny.us.criteo.net_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.onlinefastpaydayloan.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.onlinefastpaydayloan.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.salesresourcepartners.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.salesresourcepartners.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.shinyinnovation.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.shinyinnovation.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.unitedfamilycareinc.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.unitedfamilycareinc.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static1.chaordicsystems.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static1.chaordicsystems.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static2.chaordicsystems.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static2.chaordicsystems.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastdailyfind.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastdailyfind.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.speedanalysis.net_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.speedanalysis.net_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_valuedealshopper.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_valuedealshopper.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Extensions\moempeaiplopdojbfcikdhmnhfabieel deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\moempeaiplopdojbfcikdhmnhfabieel deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_moempeaiplopdojbfcikdhmnhfabieel_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_moempeaiplopdojbfcikdhmnhfabieel_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\moempeaiplopdojbfcikdhmnhfabieel deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fablpgedmecgmiompponickeehfennbp deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fablpgedmecgmiompponickeehfennbp_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fablpgedmecgmiompponickeehfennbp_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fablpgedmecgmiompponickeehfennbp_0.localstorage deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fablpgedmecgmiompponickeehfennbp_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalifdbckgeckmcjidkfgiikhpcdbdah deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage-journal deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\affndlnkkdhnkcgldifalkickgagimfd deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_affndlnkkdhnkcgldifalkickgagimfd_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_affndlnkkdhnkcgldifalkickgagimfd_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_affndlnkkdhnkcgldifalkickgagimfd_0.localstorage deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_affndlnkkdhnkcgldifalkickgagimfd_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmhjehomglimoklhidcfdlfmahlold deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cahmhjehomglimoklhidcfdlfmahlold_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cahmhjehomglimoklhidcfdlfmahlold_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cahmhjehomglimoklhidcfdlfmahlold_0.localstorage deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cahmhjehomglimoklhidcfdlfmahlold_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcpmmhaffdebnmkjelaohgjmndeongip deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcpmmhaffdebnmkjelaohgjmndeongip_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcpmmhaffdebnmkjelaohgjmndeongip_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgamelhnfokapndfdodnmfiningckjia deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mgamelhnfokapndfdodnmfiningckjia_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mgamelhnfokapndfdodnmfiningckjia_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogmafflapahjopoljjfnmfcklhkodick deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogmafflapahjopoljjfnmfcklhkodick_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogmafflapahjopoljjfnmfcklhkodick_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogmafflapahjopoljjfnmfcklhkodick_0.localstorage deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogmafflapahjopoljjfnmfcklhkodick_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpnamijjddnpholapdkhokmgnfkdfpp deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfpnamijjddnpholapdkhokmgnfkdfpp_0.localstorage deleted successfully
C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfpnamijjddnpholapdkhokmgnfkdfpp_0.localstorage-journal deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfpnamijjddnpholapdkhokmgnfkdfpp_0.localstorage deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfpnamijjddnpholapdkhokmgnfkdfpp_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5402E352-615D-EA54-2998-F667AADFCD73} deleted successfully
HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5402E352-615D-EA54-2998-F667AADFCD73} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5402E352-615D-EA54-2998-F667AADFCD73} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{5402E352-615D-EA54-2998-F667AADFCD73} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5402E352-615D-EA54-2998-F667AADFCD73} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2584262736-182078570-2434660759-1000\Software\mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC05100 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9D452772-F1B5-BE81-3265-2C706857A470} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D17934AD-32CD-634A-4822-A9FA10099DF3} deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{83821CF7-35DE-D3FA-8D5F-CB3AA83794B1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC05100 deleted successfully

==== Empty IE Cache ======================

C:\Users\adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\adm\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\adm\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\adm\Desktop\backup\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\adm\Desktop\backup\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\adm\AppData\Local\Mozilla\Firefox\Profiles\0ewuxzzw.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=503 folders=110 16401674 bytes)

==== Empty Temp Folders ======================

C:\Users\adm\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\adm\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 21/03/2015 at 13:31:38,09 ======================

por **caedurodrigues** Sáb 21 Mar 2015, 14:42

Boa tarde Janaína,

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Farbar)>
Ou aqui:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Salve-a na Área de trabalho !
Execute a ferramenta ! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Verifique se as caixinhas em "Whitelist" estão assinaladas.
Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
Será gerado o relatório! (FRST.txt)
Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !

Um grande abraço. PC travando 648673379

por Janaína Ramos Sáb 21 Mar 2015, 15:34

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by adm at 2015-03-21 15:32:03
Running from C:\Users\adm\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AS: avast! Antivirus (Disabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
avast! Free Antivirus (HKLM\...\avast5) (Version: 5.0.396.0 - Alwil Software)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
DealPly (HKU\.DEFAULT\...\DealPly) (Version: - ) <==== ATTENTION
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Firebird 2.0.4.13130 (win32) (HKLM\...\FBDBServer_2_0_is1) (Version: 2.0.4.13130 - Firebird Project)
Gerenciador Eficaz 7 (HKLM\...\Gerenciador Eficaz 7_is1) (Version: - Regra Consultoria Informática)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - Portuguese/Português (Brasil) (HKLM\...\OMUI.pt-br) (Version: 12.0.4518.1019 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 33.1.1 (x86 pt-BR)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
TIM Communicator (HKLM\...\OrolixCommunicator) (Version: - )
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

30-10-2012 11:25:06 Windows Update
02-11-2012 13:12:56 Windows Update
06-11-2012 09:43:13 Windows Update
13-11-2012 08:55:12 Windows Update
14-11-2012 22:49:43 Windows Update
06-12-2014 19:12:18 Ponto de Verificação Agendado
07-12-2014 20:41:25 Operação de restauração
09-01-2015 15:43:37 Ponto de Verificação Agendado
14-01-2015 16:01:20 Installed LG United Mobile Drivers.
22-01-2015 14:43:24 Ponto de Verificação Agendado
10-03-2015 17:50:28 Ponto de Verificação Agendado
21-03-2015 11:47:25 zoek.exe restore point
21-03-2015 12:03:37 zoek.exe restore point

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2F133CEF-2859-4164-8FC4-8EE3785FA322} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-08] (Google Inc.)
Task: {30BCB296-61C2-41EA-966F-598A6840F925} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {30CF682B-895B-4978-AB31-231E53E191DE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2584262736-182078570-2434660759-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {3E0C63B2-A5E4-4EBD-B437-5CF108521466} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {76E11A47-58D8-4ED4-AB0B-AF35C608FD85} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2584262736-182078570-2434660759-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {8E982B1C-5E61-4815-AC2A-52CD5974627B} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {A9C8BFC7-BFEF-4FCE-8F4E-A3E185E784E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {CE48F10F-17C1-4996-9F70-3DA80B8392F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-08] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-07 09:52 - 2014-04-07 09:52 - 00681056 _____ () C:\Users\adm\AppData\SystemOperation\aavm4h.dll.sum.exe
2015-03-21 13:20 - 2015-03-14 07:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-21 13:20 - 2015-03-14 07:12 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
2014-05-11 10:29 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\adm\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-05-11 10:29 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\adm\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2584262736-182078570-2434660759-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\adm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 186.207.160.26 - 186.207.160.29

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

adm (S-1-5-21-2584262736-182078570-2434660759-1000 - Administrator - Enabled) => C:\Users\adm
Administrador (S-1-5-21-2584262736-182078570-2434660759-500 - Administrator - Disabled)
Convidado (S-1-5-21-2584262736-182078570-2434660759-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Controlador Ethernet
Description: Controlador Ethernet
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controlador de vídeo
Description: Controlador de vídeo
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2015 03:13:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: FlashPlayerUpdateService.exe, versão: 11.6.602.180, carimbo de hora: 0x51a4ab8c
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bdadb
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000335d3
Identificação do processo com falha: 0xb9c
Hora de início do aplicativo com falha: 0xFlashPlayerUpdateService.exe0
Caminho do aplicativo com falha: FlashPlayerUpdateService.exe1
FCaminho do módulo de falhas: FlashPlayerUpdateService.exe2
Identificação do Relatório: FlashPlayerUpdateService.exe3

Error: (03/21/2015 02:19:45 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Falha na geração de contexto de ativação para "1". Erro no arquivo de manifesto ou de diretiva 2", na linha 3.
Sintaxe XMl inválida.

Error: (03/21/2015 01:31:19 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Falha na geração de contexto de ativação para "1". Erro no arquivo de manifesto ou de diretiva 2", na linha 3.
Sintaxe XMl inválida.

Error: (03/21/2015 01:13:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: FlashPlayerUpdateService.exe, versão: 11.6.602.180, carimbo de hora: 0x51a4ab8c
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bdadb
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000335d3
Identificação do processo com falha: 0xf00
Hora de início do aplicativo com falha: 0xFlashPlayerUpdateService.exe0
Caminho do aplicativo com falha: FlashPlayerUpdateService.exe1
FCaminho do módulo de falhas: FlashPlayerUpdateService.exe2
Identificação do Relatório: FlashPlayerUpdateService.exe3

Error: (03/21/2015 00:13:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: FlashPlayerUpdateService.exe, versão: 11.6.602.180, carimbo de hora: 0x51a4ab8c
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bdadb
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000335d3
Identificação do processo com falha: 0xcbc
Hora de início do aplicativo com falha: 0xFlashPlayerUpdateService.exe0
Caminho do aplicativo com falha: FlashPlayerUpdateService.exe1
FCaminho do módulo de falhas: FlashPlayerUpdateService.exe2
Identificação do Relatório: FlashPlayerUpdateService.exe3

Error: (03/21/2015 11:52:58 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Falha na geração de contexto de ativação para "1". Erro no arquivo de manifesto ou de diretiva 2", na linha 3.
Sintaxe XMl inválida.

Error: (03/21/2015 11:38:03 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Falha na geração de contexto de ativação para "1". Erro no arquivo de manifesto ou de diretiva 2", na linha 3.
Sintaxe XMl inválida.

Error: (03/20/2015 09:13:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: FlashPlayerUpdateService.exe, versão: 11.6.602.180, carimbo de hora: 0x51a4ab8c
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bdadb
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000335d3
Identificação do processo com falha: 0xfe8
Hora de início do aplicativo com falha: 0xFlashPlayerUpdateService.exe0
Caminho do aplicativo com falha: FlashPlayerUpdateService.exe1
FCaminho do módulo de falhas: FlashPlayerUpdateService.exe2
Identificação do Relatório: FlashPlayerUpdateService.exe3

System errors:
=============
Error: (03/21/2015 03:20:43 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (03/21/2015 02:50:21 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (03/21/2015 02:22:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (03/21/2015 02:21:00 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (03/21/2015 02:20:43 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (03/21/2015 02:20:41 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (03/21/2015 02:19:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (03/21/2015 02:19:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (03/21/2015 02:19:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço avast! Antivirus devido ao seguinte erro:
%%14001

Error: (03/21/2015 01:35:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU D425 @ 1.80GHz
Percentage of memory in use: 57%
Total physical RAM: 2038.3 MB
Available physical RAM: 858.43 MB
Total Pagefile: 4076.61 MB
Available Pagefile: 2788.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:151.6 GB) (Free:46.12 GB) NTFS
Drive d: () (Fixed) (Total:146.39 GB) (Free:121.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool

(Size: 298.1 GB) (Disk ID: F01F10C3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

por Janaína Ramos Sáb 21 Mar 2015, 15:35

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by adm (administrator) on ADM-PC on 21-03-2015 15:30:33
Running from C:\Users\adm\Downloads
Loaded Profiles: adm (Available profiles: adm)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Português (Brasil)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
(FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
(Orolix Desenvolvimento de Software LTDA.) C:\Program Files\TIM Communicator\module\devicemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Users\adm\AppData\SystemOperation\aavm4h.dll.sum.exe
(FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [2757512 2010-01-28] (ALWIL Software)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [296096 2012-12-02] (RealNetworks, Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software\Avast5\avastui.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software\Avast5\ashUpd.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software\Avast5\* <====== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\Run: [aavm4h.dll.sum] => C:\Users\adm\AppData\SystemOperation\aavm4h.dll.sum.exe [681056 2014-04-07] ()
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\Run: [911k1e97] => C:\ProgramData\6b407430\safpdndnn.exe [208896 2014-05-06] (MAGIX AG)
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\MountPoints2: {24228556-d94c-11e2-a93d-80ee73158b61} - F:\AutoRun.exe
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\MountPoints2: {3c359ae1-3778-11e3-b59d-8c8ad4f5c56a} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\MountPoints2: {c14d0438-3bff-11e3-b89b-b37d466373b9} - G:\LGAutoRun.exe
HKU\S-1-5-18\...\Run: [911k1e97] => C:\ProgramData\6b407430\safpdndnn.exe [208896 2014-05-06] (MAGIX AG)
HKU\S-1-5-18\...\Run: [Windows Update Service] => C:\ProgramData\6b407430\safpdndnn.exe [208896 2014-05-06] (MAGIX AG)
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50664;https=127.0.0.1:50664;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2584262736-182078570-2434660759-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-15] (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 186.207.160.26 186.207.160.29

FireFox:
========
FF ProfilePath: C:\Users\adm\AppData\Roaming\Mozilla\Firefox\Profiles\0ewuxzzw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-09-02] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [2014-01-15] (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2012-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2012-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-12-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-12-02] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-21] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-12-11]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-12-11]
FF Extension: c72c0c734eb04fb3af0f074e97326cfd - C:\Users\adm\AppData\Roaming\Mozilla\Firefox\Profiles\0ewuxzzw.default\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd} [2014-09-14]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-12-02]
FF Extension: No Name - C:\Users\adm\AppData\Roaming\Mozilla\Firefox\Profiles\0ewuxzzw.default\extensions\MGKN37049485@ACPSC11936960.com [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-08]
CHR Extension: (Google Drive) - C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-15]
CHR Extension: (YouTube) - C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-15]
CHR Extension: (Google Search) - C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-15]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-21]
CHR Extension: (Gmail) - C:\Users\adm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-15]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-12-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [163328 2013-05-28] (Adobe Systems Incorporated) [File not signed]
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-01-28] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-01-28] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-01-28] (ALWIL Software)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2008-04-23] (FirebirdSQL Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2015232 2008-04-23] (FirebirdSQL Project) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 OrolixDeviceMonitor; C:\Program Files\TIM Communicator\module\devicemon.exe [27040 2010-04-20] (Orolix Desenvolvimento de Software LTDA.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [2097152 2014-05-06] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [19024 2010-01-28] (ALWIL Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [51792 2010-01-28] (ALWIL Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23376 2010-01-28] (ALWIL Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [163280 2010-01-28] (ALWIL Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [46672 2010-01-28] (ALWIL Software)
S3 ONDAusbmdm6k; C:\Windows\System32\DRIVERS\ONDAusbmdm6k.sys [105088 2010-06-02] (Onda Communication)
S3 ONDAusbnmea; C:\Windows\System32\DRIVERS\ONDAusbnmea.sys [105088 2010-06-02] (Onda Communication)
S3 ONDAusbser6k; C:\Windows\System32\DRIVERS\ONDAusbser6k.sys [105088 2010-06-02] (Onda Communication)
S3 ONDAusbvoice; C:\Windows\System32\DRIVERS\ONDAusbvoice.sys [105088 2010-06-02] (Onda Communication)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [1036904 2011-06-23] (Realtek Semiconductor Corporation )
S3 JME; system32\DRIVERS\JME.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 15:30 - 2015-03-21 15:31 - 00013734 _____ () C:\Users\adm\Downloads\FRST.txt
2015-03-21 15:30 - 2015-03-21 15:30 - 00000000 ____D () C:\FRST
2015-03-21 15:29 - 2015-03-21 15:30 - 01135104 _____ (Farbar) C:\Users\adm\Downloads\FRST.exe
2015-03-21 13:31 - 2015-03-21 13:31 - 00000000 ____D () C:\Users\adm\AppData\Local\VirtualStore
2015-03-21 12:46 - 2015-03-21 12:00 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-03-21 12:00 - 2015-03-21 12:00 - 01305600 _____ () C:\Users\adm\Downloads\zoek.exe
2015-03-21 11:47 - 2015-03-21 13:31 - 00055386 _____ () C:\zoek-results.log
2015-03-21 11:45 - 2015-03-21 12:40 - 00000000 ____D () C:\zoek_backup
2015-03-20 20:42 - 2015-03-20 20:42 - 00001340 _____ () C:\Users\adm\Desktop\JRT.txt
2015-03-20 14:32 - 2015-03-20 14:39 - 00000000 ____D () C:\AdwCleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 15:13 - 2014-04-08 11:03 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-21 15:13 - 2013-05-26 11:23 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-21 14:27 - 2009-07-14 01:34 - 00020208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-21 14:27 - 2009-07-14 01:34 - 00020208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-21 14:27 - 2009-07-13 23:04 - 00000513 _____ () C:\Windows\win.ini
2015-03-21 14:20 - 2014-04-08 11:03 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-21 14:19 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-21 14:19 - 2009-07-14 01:39 - 00138835 _____ () C:\Windows\setupact.log
2015-03-21 13:31 - 2014-01-30 23:39 - 00000008 __RSH () C:\Users\Todos os Usuários\ntuser.pol
2015-03-21 13:31 - 2014-01-30 23:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-21 13:31 - 2012-11-21 16:07 - 00079564 _____ () C:\Windows\PFRO.log
2015-03-21 13:20 - 2014-04-08 11:05 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-21 12:36 - 2009-07-13 23:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-20 10:13 - 2012-11-21 01:45 - 01578022 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 10:13 - 2009-07-14 05:31 - 00685270 _____ () C:\Windows\system32\prfh0416.dat
2015-03-20 10:13 - 2009-07-14 05:31 - 00138160 _____ () C:\Windows\system32\prfc0416.dat
2015-02-28 22:39 - 2012-11-25 16:11 - 00000000 ____D () C:\Users\adm\Desktop\Janaína
2015-02-26 15:12 - 2012-11-24 15:00 - 00000000 ____D () C:\Users\adm\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2013-01-01 14:39 - 2013-01-01 15:20 - 0000626 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-17 16:25

==================== End Of Log ============================

por Janaína Ramos Sáb 21 Mar 2015, 15:38

Nos dois últimos que vc mandou, é para fazer o que?

por **caedurodrigues** Sáb 21 Mar 2015, 15:43

Boa tarde tarde Janaína, a Zoek com o script que foi montado ela fez a remoção de alguns itens indesejáveis. Já a FRST diante do que for mostrado no seu relatório eu elaborarei um script se for realmente necessário. Como está o PC ?

por **caedurodrigues** Sáb 21 Mar 2015, 15:49

Boa tarde Janaína, você configurou esse proxy que foi encontrado no relatório da FRST?

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50664;https=127.0.0.1:50664;

por Janaína Ramos Sáb 21 Mar 2015, 16:52

Eu não entendo muito o que vc perguntou, realmente n sei te responder se eu configurei ou não!
O PC continua do jeito que tava, com as propogandas.

por **caedurodrigues** Sáb 21 Mar 2015, 16:56

Boa tarde Janaína, foi detectada uma versão de desenvolvimento do Chrome. Atualize para uma versão estavél.

PC travando 772309

>>CHR dev: Chrome dev build detected! <======= ATTENTION<<

Copie estas informações que estão em vermelho,para o Bloco de Notas.
Salve-a com o nome fixlist.txt
Salve-a no mesmo local em que se encontra a FRST

start
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software\Avast5\avastui.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software\Avast5\ashUpd.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software\Avast5\* <====== ATTENTION
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\MountPoints2: {24228556-d94c-11e2-a93d-80ee73158b61} - F:\AutoRun.exe
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\MountPoints2: {3c359ae1-3778-11e3-b59d-8c8ad4f5c56a} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2584262736-182078570-2434660759-1000\...\MountPoints2: {c14d0438-3bff-11e3-b89b-b37d466373b9} - G:\LGAutoRun.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2584262736-182078570-2434660759-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S3 JME; system32\DRIVERS\JME.sys [X]
DealPly (HKU\.DEFAULT\...\DealPly) (Version: - ) <==== ATTENTION
RemoveProxy:
emptytemp:
end
Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
Poste o relatório! (Fixlog.txt)

Um grande abraço. PC travando 648673379

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

por **caedurodrigues** Sex 08 maio 2015, 00:33

TÓPICO ARQUIVADO

Como o autor não respondeu por mais de 45 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

PC travando

PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Re: PC travando

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31