Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.

Implementa recursos de segurança e limpeza ao computador!

Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14810 usuários registrados
O último membro registrado é Josevinil

Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por joram Seg 01 Abr 2024, 06:35

Quem está conectado?
25 usuários online :: 0 registrados, 0 invisíveis e 25 visitantes

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 

Rechercher Pesquisa avançada

Top dos mais postadores
Power Max
muitas propagandas Vote_lcapmuitas propagandas Voting_barmuitas propagandas Vote_rcap 
joram
muitas propagandas Vote_lcapmuitas propagandas Voting_barmuitas propagandas Vote_rcap 
Wings [In Memoriam]
muitas propagandas Vote_lcapmuitas propagandas Voting_barmuitas propagandas Vote_rcap 
caedurodrigues
muitas propagandas Vote_lcapmuitas propagandas Voting_barmuitas propagandas Vote_rcap 
Amigo Brasileiro
muitas propagandas Vote_lcapmuitas propagandas Voting_barmuitas propagandas Vote_rcap 
luizvilarinho
muitas propagandas Vote_lcapmuitas propagandas Voting_barmuitas propagandas Vote_rcap 
Danii
muitas propagandas Vote_lcapmuitas propagandas Voting_barmuitas propagandas Vote_rcap 
Admin
muitas propagandas Vote_lcapmuitas propagandas Voting_barmuitas propagandas Vote_rcap 
Danilo Marsaro
muitas propagandas Vote_lcapmuitas propagandas Voting_barmuitas propagandas Vote_rcap 
Andreata
muitas propagandas Vote_lcapmuitas propagandas Voting_barmuitas propagandas Vote_rcap 

abril 2024
SegTerQuaQuiSexSábDom
1234567
891011121314
15161718192021
22232425262728
2930     

Calendário Calendário

Palavras-chaves

impressora  vídeos  deletar  adobe  flash  pessoas  video  notebook  PARA  placa  instalação  virus  windows  teclado  2025  SOFTWARE  desinstalar  2015  SISPNCD  popup  game  2013  áudio  player  excluir  mcafee  


muitas propagandas

2 participantes

Fórum PC Brasil :: Segurança da Informação :: Tópicos Arquivados

Página 1 de 2 1, 2  Seguinte

Ir para baixo

muitas propagandas Empty muitas propagandas

Mensagem por Gustavorornelas Sex 09 Out 2015, 15:14

Boa tarde! Meu pc está comoletamente infectado. Muitas propagandas aparecem ao mesmo tempo, páginas que não são requisitadas abrem, pc lento demais. Enfim, espero que me ajude. Obrigado!
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por joram Sex 09 Out 2015, 20:12

/!\ Boa Noite! Gustavorornelas /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Clique no botão Parcourir... 
> Busque o relatório e clique no botão Abrir.
> Clique no botão "Créer le lien Cjoint".
> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Sex 09 Out 2015, 22:31

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por joram Sex 09 Out 2015, 23:25

/!\ Boa Noite! Gustavorornelas /!\

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as na pasta Downloads! -/- C:\Users\Gustavo\Downloads <<

start
CloseProcesses:
(QNT) C:\Windows\SysWOW64\NetService\netservice.exe
(Baidu Inc.) C:\Program Files (x86)\baidu\Spark\sparkservice.exe
(Baidu.com, Inc.) C:\Program Files (x86)\baidu\Spark\sparkupdate.exe
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\...\Run: [Facebook Update] => "C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version:  - istartsurf) <==== ATTENTION
YouTube Accelerator (HKLM-x32\...\YouTube Accelerator) (Version: 3394(build_80) - Goobzo Ltd.) <==== ATTENTION
Jungle Net (HKLM-x32\...\Jungle Net) (Version: 2.0.5758.12100 - Jungle Net) <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.istartsurf.com/?type=hp&ts=1444240900&z=59b9e3a11cfd35ffb89c55fg0z8zczbobz4eaqft9q&from=cornl&uid=HitachiXHTS547550A9E384_J1120021DG88DADG88DAX"
CHR DefaultSearchURL: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSearchKeyword: Default -> istartsurf
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R2 MyLocalService; C:\WINDOWS\SysWOW64\NetService\netservice.exe [226888 2015-01-20] (QNT)
S2 NetDNS; C:\Users\Gustavo\AppData\Roaming\NetTemp\SysDnsSvc.exe [173088 2015-07-08] ()
2015-10-09 13:06 - 2015-10-09 13:05 - 00533216 _____ () C:\Users\Gustavo\AppData\Local\Temp\{D3EEE245-CD00-4077-8741-5B69AA8445F2}.dll
2015-10-09 14:49 - 2015-10-09 13:05 - 00055520 _____ () C:\Users\Gustavo\AppData\Local\Temp\{3AF6DD4E-06E2-48FA-880C-6ADFEB43A7E2}.xpi
2015-10-07 15:04 - 2015-10-07 15:05 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\istartsurf
2015-09-30 19:22 - 2015-10-01 15:13 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\RunDir
2015-09-14 13:41 - 2015-09-30 19:22 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\NetTemp
2015-10-01 15:18 - 2015-01-23 18:00 - 00000000 ____D C:\WINDOWS\SysWOW64\RunDir
2015-09-14 13:41 - 2015-09-08 13:21 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\DNSHelper
2014-09-08 19:59 - 2015-06-17 21:34 - 0004608 _____ () C:\Users\Gustavo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-17 12:56 - 2015-04-12 22:16 - 0000112 _____ () C:\ProgramData\8U45ukSL.dat
2015-10-07 15:05 - 2015-10-07 15:05 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {91EE61BD-F68C-42E6-AC6E-A8FF1FD1B71B} - System32\Tasks\FF Watcher {6C3B2C83-B45F-43F1-8E07-8B538ED9F1AE} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {CB1CB265-C8C1-4DC0-9164-CF61EBBD67D7} - System32\Tasks\UNELEVATE_25874 => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.202\jsdrv.exe <==== ATTENTION
Task: {DC02D29F-EAF5-4227-A81B-469E2F9A8456} - \BonanzaDealsLiveUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {E49D304E-0BD2-4F71-A32A-B2BAAC3D8D22} - \BonanzaDealsLiveUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {F2002432-F20C-4D7F-9510-28B1D2EA08C8} - \BonanzaDealsUpdate -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\FF Watcher {6C3B2C83-B45F-43F1-8E07-8B538ED9F1AE}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SPBIW_UpdateTask_Time_323538383431393532392d454a2a415034412a4a6c575a.job => Wscript.exe S/B C:\ProgramData\ShopperPro\spbihe.js spbiu.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:56E2E879
C:\ProgramData\8U45ukSL.dat
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\8U45ukSL.dat
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Gustavo\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Gustavo\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Gustavo\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxeexzw.dll
C:\Users\Gustavo\AppData\Local\Temp\LenovoSHAREit17-9.exe
C:\Users\Gustavo\AppData\Local\Temp\{1E19C331-D780-4FC7-BA74-808B6B18125B}.dll
C:\Users\Gustavo\AppData\Local\Temp\{29D40332-F427-46FC-811D-D4AA1CC8328D}.dll
C:\Users\Gustavo\AppData\Local\Temp\{3A4340A8-FA69-4E3D-8332-82CDD4027DAE}.dll
C:\Users\Gustavo\AppData\Local\Temp\{44403A22-9D8C-4350-8B4E-FD0379A4C6FA}.dll
C:\Users\Gustavo\AppData\Local\Temp\{83A290A2-4789-4CB1-AE32-E5B9DDF24F72}.dll
C:\Users\Gustavo\AppData\Local\Temp\{D3E96160-D9BF-47F9-8800-EA9A85BBEDF3}.dll
C:\Users\Gustavo\AppData\Local\Temp\{D3EEE245-CD00-4077-8741-5B69AA8445F2}.dll
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar
> Poste o relatório! (Fixlog.txt)

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Ter 13 Out 2015, 13:21

Fix result of Farbar Recovery Scan Tool (x64) Version:11-10-2015 02
Ran by Gustavo (2015-10-12 11:36:33) Run:1
Running from C:\Users\Gustavo\Downloads
Loaded Profiles: UpdatusUser & Gustavo (Available Profiles: UpdatusUser & Gustavo & Convidado)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
(QNT) C:\Windows\SysWOW64\NetService\netservice.exe
(Baidu Inc.) C:\Program Files (x86)\baidu\Spark\sparkservice.exe
(Baidu.com, Inc.) C:\Program Files (x86)\baidu\Spark\sparkupdate.exe
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\...\Run: [Facebook Update] => "C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION
YouTube Accelerator (HKLM-x32\...\YouTube Accelerator) (Version: 3394(build_80) - Goobzo Ltd.) <==== ATTENTION
Jungle Net (HKLM-x32\...\Jungle Net) (Version: 2.0.5758.12100 - Jungle Net) <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.istartsurf.com/?type=hp&ts=1444240900&z=59b9e3a11cfd35ffb89c55fg0z8zczbobz4eaqft9q&from=cornl&uid=HitachiXHTS547550A9E384_J1120021DG88DADG88DAX"
CHR DefaultSearchURL: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSearchKeyword: Default -> istartsurf
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R2 MyLocalService; C:\WINDOWS\SysWOW64\NetService\netservice.exe [226888 2015-01-20] (QNT)
S2 NetDNS; C:\Users\Gustavo\AppData\Roaming\NetTemp\SysDnsSvc.exe [173088 2015-07-08] ()
2015-10-09 13:06 - 2015-10-09 13:05 - 00533216 _____ () C:\Users\Gustavo\AppData\Local\Temp\{D3EEE245-CD00-4077-8741-5B69AA8445F2}.dll
2015-10-09 14:49 - 2015-10-09 13:05 - 00055520 _____ () C:\Users\Gustavo\AppData\Local\Temp\{3AF6DD4E-06E2-48FA-880C-6ADFEB43A7E2}.xpi
2015-10-07 15:04 - 2015-10-07 15:05 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\istartsurf
2015-09-30 19:22 - 2015-10-01 15:13 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\RunDir
2015-09-14 13:41 - 2015-09-30 19:22 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\NetTemp
2015-10-01 15:18 - 2015-01-23 18:00 - 00000000 ____D C:\WINDOWS\SysWOW64\RunDir
2015-09-14 13:41 - 2015-09-08 13:21 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\DNSHelper
2014-09-08 19:59 - 2015-06-17 21:34 - 0004608 _____ () C:\Users\Gustavo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-17 12:56 - 2015-04-12 22:16 - 0000112 _____ () C:\ProgramData\8U45ukSL.dat
2015-10-07 15:05 - 2015-10-07 15:05 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {91EE61BD-F68C-42E6-AC6E-A8FF1FD1B71B} - System32\Tasks\FF Watcher {6C3B2C83-B45F-43F1-8E07-8B538ED9F1AE} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {CB1CB265-C8C1-4DC0-9164-CF61EBBD67D7} - System32\Tasks\UNELEVATE_25874 => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.202\jsdrv.exe <==== ATTENTION
Task: {DC02D29F-EAF5-4227-A81B-469E2F9A8456} - \BonanzaDealsLiveUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {E49D304E-0BD2-4F71-A32A-B2BAAC3D8D22} - \BonanzaDealsLiveUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {F2002432-F20C-4D7F-9510-28B1D2EA08C8} - \BonanzaDealsUpdate -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\FF Watcher {6C3B2C83-B45F-43F1-8E07-8B538ED9F1AE}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SPBIW_UpdateTask_Time_323538383431393532392d454a2a415034412a4a6c575a.job => Wscript.exe S/B C:\ProgramData\ShopperPro\spbihe.js spbiu.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:56E2E879
C:\ProgramData\8U45ukSL.dat
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\8U45ukSL.dat
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Gustavo\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Gustavo\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Gustavo\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxeexzw.dll
C:\Users\Gustavo\AppData\Local\Temp\LenovoSHAREit17-9.exe
C:\Users\Gustavo\AppData\Local\Temp\{1E19C331-D780-4FC7-BA74-808B6B18125B}.dll
C:\Users\Gustavo\AppData\Local\Temp\{29D40332-F427-46FC-811D-D4AA1CC8328D}.dll
C:\Users\Gustavo\AppData\Local\Temp\{3A4340A8-FA69-4E3D-8332-82CDD4027DAE}.dll
C:\Users\Gustavo\AppData\Local\Temp\{44403A22-9D8C-4350-8B4E-FD0379A4C6FA}.dll
C:\Users\Gustavo\AppData\Local\Temp\{83A290A2-4789-4CB1-AE32-E5B9DDF24F72}.dll
C:\Users\Gustavo\AppData\Local\Temp\{D3E96160-D9BF-47F9-8800-EA9A85BBEDF3}.dll
C:\Users\Gustavo\AppData\Local\Temp\{D3EEE245-CD00-4077-8741-5B69AA8445F2}.dll
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end

*****************

Processes closed successfully.
C:\Windows\SysWOW64\NetService\netservice.exe => Could not close process
C:\Program Files (x86)\baidu\Spark\sparkservice.exe => No running process found
C:\Program Files (x86)\baidu\Spark\sparkupdate.exe => Could not close process
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION => Error: No automatic fix found for this entry.
YouTube Accelerator (HKLM-x32\...\YouTube Accelerator) (Version: 3394(build_80) - Goobzo Ltd.) <==== ATTENTION => Error: No automatic fix found for this entry.
Jungle Net (HKLM-x32\...\Jungle Net) (Version: 2.0.5758.12100 - Jungle Net) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main\\First Home Page => value removed successfully
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => value restored successfully
MyLocalService => Service stopped successfully.
MyLocalService => service removed successfully
NetDNS => service removed successfully
C:\Users\Gustavo\AppData\Local\Temp\{D3EEE245-CD00-4077-8741-5B69AA8445F2}.dll => moved successfully
"C:\Users\Gustavo\AppData\Local\Temp\{3AF6DD4E-06E2-48FA-880C-6ADFEB43A7E2}.xpi" => File/Folder not found.
C:\Users\Gustavo\AppData\Roaming\istartsurf => moved successfully
C:\Users\Gustavo\AppData\Roaming\RunDir => moved successfully
C:\Users\Gustavo\AppData\Roaming\NetTemp => moved successfully
C:\WINDOWS\SysWOW64\RunDir => moved successfully
C:\Users\Gustavo\AppData\Roaming\DNSHelper => moved successfully
C:\Users\Gustavo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\8U45ukSL.dat => moved successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91EE61BD-F68C-42E6-AC6E-A8FF1FD1B71B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91EE61BD-F68C-42E6-AC6E-A8FF1FD1B71B}" => key removed successfully
C:\WINDOWS\System32\Tasks\FF Watcher {6C3B2C83-B45F-43F1-8E07-8B538ED9F1AE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {6C3B2C83-B45F-43F1-8E07-8B538ED9F1AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB1CB265-C8C1-4DC0-9164-CF61EBBD67D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB1CB265-C8C1-4DC0-9164-CF61EBBD67D7}" => key removed successfully
C:\WINDOWS\System32\Tasks\UNELEVATE_25874 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_25874" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC02D29F-EAF5-4227-A81B-469E2F9A8456}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC02D29F-EAF5-4227-A81B-469E2F9A8456}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E49D304E-0BD2-4F71-A32A-B2BAAC3D8D22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E49D304E-0BD2-4F71-A32A-B2BAAC3D8D22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2002432-F20C-4D7F-9510-28B1D2EA08C8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2002432-F20C-4D7F-9510-28B1D2EA08C8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate" => key removed successfully
C:\WINDOWS\Tasks\FF Watcher {6C3B2C83-B45F-43F1-8E07-8B538ED9F1AE}.job => moved successfully
C:\WINDOWS\Tasks\SPBIW_UpdateTask_Time_323538383431393532392d454a2a415034412a4a6c575a.job => moved successfully
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
"C:\Users\Todos os Usuários\Temp" => ":56E2E879" ADS not found.
"C:\ProgramData\8U45ukSL.dat" => File/Folder not found.
"C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat" => File/Folder not found.
"C:\Users\Todos os Usuários\8U45ukSL.dat" => File/Folder not found.
"C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\BingBarSetup-Partner.exe" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\BSvcProcessor.exe" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\BSvcUpdater.exe" => File/Folder not found.
C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxeexzw.dll => moved successfully
"C:\Users\Gustavo\AppData\Local\Temp\LenovoSHAREit17-9.exe" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\{1E19C331-D780-4FC7-BA74-808B6B18125B}.dll" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\{29D40332-F427-46FC-811D-D4AA1CC8328D}.dll" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\{3A4340A8-FA69-4E3D-8332-82CDD4027DAE}.dll" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\{44403A22-9D8C-4350-8B4E-FD0379A4C6FA}.dll" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\{83A290A2-4789-4CB1-AE32-E5B9DDF24F72}.dll" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\{D3E96160-D9BF-47F9-8800-EA9A85BBEDF3}.dll" => File/Folder not found.
"C:\Users\Gustavo\AppData\Local\Temp\{D3EEE245-CD00-4077-8741-5B69AA8445F2}.dll" => File/Folder not found.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:38:25 ====
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por joram Ter 13 Out 2015, 17:58

/!\ Boa Tarde! Gustavorornelas /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Estando na página,clique: Télécharge
> Salve-a ao desktop! ( ZHPDiag3 )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute ZHPDiag3.exe,como administrador,para instalar a ferramenta!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Ao abri-la,clique Scanner.
> Aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> À seguir,clique Relatório.
> Poste o log de diagnóstico: ~ Modo: Scanner
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Clique no botão Parcourir... 
> Busque o relatório ao desktop.
> Clique no botão Abrir.
> Clique no botão "Créer le lien Cjoint".
> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Qua 14 Out 2015, 13:39

não estou conseguindo executá-lo.
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Qua 14 Out 2015, 14:35

consegui!!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por joram Qua 14 Out 2015, 15:12

/!\ Boa Tarde! Gustavorornelas /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > << Link!

> Estando na página,clique: "Télécharger"
> Salve-o no desktop!
> Instale-o,clicando em: Suivant >> Suivant >>...>> Suivant >> Suivant >> Installer >> Terminer
> Execute este script na ferramenta ZHPFix.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
ShortcutFix
EmptyTemp
EmptyFlash
HiddenFix
ProxyFix
IfeoFix
[MD5.DDA697B0A42A00A85BD55F44E79CC163] - (...) -- C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe [186368] [PID.1880]
[MD5.FBE6921F7E0DCCA5456DEFC8EE979FE9] - (.TODO: <å…¬å?¸å??> - TODO: <文件说明>.) -- C:\Program Files (x86)\SFK\SSFK.exe [169632] [PID.2012]
[MD5.5277F0CCE05BD752715F0394EB39BC49] - (...) -- C:\Program Files\005\vulsrsebjh64.exe [709120] [PID.2244]
[MD5.DBDACA6FB9543C103B42D06AB48266BA] - (.DTools LIMITED - DTools.) -- C:\ProgramData\4WdsManPro4\WdsManPro.exe [435712] [PID.2260]
[MD5.960BD5C23A919E2980C1D46A4DE6639A] - (...) -- C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\updater.exe [612576] [PID.4020]
[MD5.DDF964BE37F44DFC1D7ECDB05771FC94] - (.GOOBZO - .) -- C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe [2218856] [PID.4412]
[MD5.4106E6AD9A69A8BF080D371CDFDC909E] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe [1047776] [PID.4196]
[MD5.7FD29198DEFE1C0897B4FD5BDE8FDDA0] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\2\Plugin.exe [1721568] [PID.3404]
[MD5.249626174AAF42AF4F4DF95EFBF1D4C9] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\10\Plugin.exe [1001696] [PID.3408]
[MD5.FF4AF55F100B2664DCB5823853A8FF6E] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\3\Plugin.exe [1267424] [PID.2252]
[MD5.832F659031E3ED57EFCFBF2B349874E5] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\Plugin.exe [636128] [PID.2752]
[MD5.95BF6034843062E6E1039B0B179E0D60] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\7\Plugin.exe [988384] [PID.980]
[MD5.4B4D9B2DDB4524C86DDF99F7127BC3B5] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\5\Plugin.exe [1295584] [PID.3524]
[MD5.EFB762BEAC87BFEA86AA3F2465FCCA98] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\4\Plugin.exe [844512] [PID.4276]
[MD5.BAC78623651D8FA35C781B696ACDDA97] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\8\Plugin.exe [1256672] [PID.4432]
[MD5.95BF6034843062E6E1039B0B179E0D60] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\7\Plugin.exe [988384] [PID.5072]
[MD5.FF4AF55F100B2664DCB5823853A8FF6E] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\3\Plugin.exe [1267424] [PID.3724]
[MD5.832F659031E3ED57EFCFBF2B349874E5] - (...) -- C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\Plugin.exe [636128] [PID.5980]
P2 - EXT FILE: (...) -- C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\searchplugins\delta-homes.xml
P2 - EXT FILE: (...) -- C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\searchplugins\istartsurf.xml
P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml
P2 - EXT: (.lightningnewtab.com - Default NewTab.) -- C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\extensions\default_newtabff@gmail.com
P2 - EXT: (.roc - Default SearchProtected .) -- C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\extensions\defsearchp@gmail.com
P2 - EXT: (.lightningnewtab.com - deskCut.) -- C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\extensions\deskCutv2@gmail.com
O2 - BHO: ShopperProBHO [64Bits] - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}  (Orphean)
O4 - HKCU\..\Run: [GoobzoYouTubeAccelerator] . (.GOOBZO - .) -- C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe
O4 - GS\Quicklaunch [Administrador]: speed browser.lnk . (...) C:\Program Files (x86)\speed browser\Application\browser.exe
O4 - GS\TaskBar [Administrador]: Mozilla Firefox.lnk . (...) C:\Program Files (x86)\speed browser\Application\browser.exe
O4 - GS\Quicklaunch [Convidado]: speed browser.lnk . (...) C:\Program Files (x86)\speed browser\Application\browser.exe
O4 - GS\TaskBar [Convidado]: Mozilla Firefox.lnk . (...) C:\Program Files (x86)\speed browser\Application\browser.exe
O4 - GS\Quicklaunch [Gustavo]: speed browser.lnk . (...) C:\Program Files (x86)\speed browser\Application\browser.exe
O4 - GS\TaskBar [Gustavo]: Mozilla Firefox.lnk . (...) C:\Program Files (x86)\speed browser\Application\browser.exe
O4 - GS\Quicklaunch [UpdatusUser]: speed browser.lnk . (...) C:\Program Files (x86)\speed browser\Application\browser.exe
O4 - GS\TaskBar [UpdatusUser]: Mozilla Firefox.lnk . (...) C:\Program Files (x86)\speed browser\Application\browser.exe
O23 - Service: CouponarificService64 (CouponarificService64) . (...) - C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe
O23 - Service: Service Mgr JungleNet (Service Mgr JungleNet) . (...) - C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe
O23 - Service: SSFK (SSFK) . (.TODO: <å…¬å?¸å??> - TODO: <文件说明>.) - C:\Program Files (x86)\SFK\SSFK.exe
O23 - Service: Update Mgr JungleNet (Update Mgr JungleNet) . (...) - C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\updater.exe
O23 - Service: vulsrsebjh64 (vulsrsebjh64) . (...) - C:\Program Files\005\vulsrsebjh64.exe
O23 - Service: WdsManPro Service (WdsManPro) . (.DTools LIMITED - DTools.) - C:\ProgramData\4WdsManPro4\WdsManPro.exe
O23 - Service: DNS Helper (DNSSVC) . (...) - C:\Users\Gustavo\AppData\Roaming\DNSHelper\DNSSVC.exe (.not file.)
O42 - Logiciel: istartsurf uninstall - (.istartsurf.) [HKLM][64Bits] -- istartsurf uninstall
O42 - Logiciel: Jungle Net - (.Jungle Net.) [HKLM][64Bits] -- Jungle Net
O42 - Logiciel: Video Downloader version 2.0 - (...) [HKLM][64Bits] -- Video Downloader_is1
O42 - Logiciel: YouTube Accelerator - (.Goobzo Ltd..) [HKLM][64Bits] -- YouTube Accelerator
O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM][64Bits] -- {cfd32d46-7d3f-483f-bace-7172aec5592d}
O43 - CFD: 2013/09/16 19:32:22 - [] D -- C:\Users\Gustavo\AppData\Local\Apps
O43 - CFD: 2014/07/20 15:07:32 - [] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 2014/12/02 15:49:55 - [] D -- C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8
O43 - CFD: 2014/09/20 08:44:29 - [] D -- C:\Program Files (x86)\D20A6820-7C28-4015-945F-09F8551FCE45
O43 - CFD: 2014/07/23 22:42:49 - [0] D -- C:\Program Files (x86)\FLVM Player
O43 - CFD: 2015/10/07 15:02:34 - [] D -- C:\Program Files (x86)\Jungle Net
O43 - CFD: 2015/10/12 01:04:35 - [] D -- C:\Program Files (x86)\SFK
O43 - CFD: 2015/10/12 01:04:17 - [] D -- C:\ProgramData\4WdsManPro4
O43 - CFD: 2015/01/24 20:44:27 - [] D -- C:\ProgramData\Browser
O43 - CFD: 2014/03/18 00:07:49 - [] D -- C:\ProgramData\Log
O43 - CFD: 2015/10/12 01:03:11 - [] D -- C:\ProgramData\OWdsManProO
O43 - CFD: 2014/07/23 22:38:51 - [] D -- C:\ProgramData\WindowsMangerProtect
O43 - CFD: 2015/04/12 18:37:25 - [] D -- C:\Users\Gustavo\AppData\Roaming\Compatibility Verifier
O43 - CFD: 2015/08/13 15:43:46 - [] D -- C:\Users\Gustavo\AppData\Roaming\webssearches
O45 - LFCP:[MD5.94F5535EFC092912A928C17FD6B35503] 2014/12/23 15:10:32 A -- C:\WINDOWS\Prefetch\DIGIHELP.BOAS.EXE-3F5290DF.pf
O45 - LFCP:[MD5.3D34FFD8D6F3E62D95ED12A4B4643EA1] 2014/12/23 15:10:32 A -- C:\WINDOWS\Prefetch\DIGIHELP.BOASPRT.EXE-3726C755.pf
O45 - LFCP:[MD5.259829CE2693F9CBACE45EA30FC5CF51] 2014/12/23 15:10:23 A -- C:\WINDOWS\Prefetch\DIGIHELP.PURBROWSE64.EXE-6EEC3885.pf
O58 - SDL:2014/11/19 12:38:44 A . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\WINDOWS\System32\drivers\netfilter64.sys   [41168]
O58 - SDL:2014/12/13 21:28:40 A . (.StdLib - StdLib.) -- C:\WINDOWS\System32\drivers\{3211ae5b-d056-4176-9f6e-b51496f003f1}w64.sys   [48776]
O58 - SDL:2014/12/08 21:49:38 A . (.StdLib - StdLib.) -- C:\WINDOWS\System32\drivers\{3283b201-5c22-4a7d-8767-24ec5d376ea3}w64.sys   [48776]
O58 - SDL:2014/12/14 23:30:10 A . (.StdLib - StdLib.) -- C:\WINDOWS\System32\drivers\{47a3b56f-80e6-4ea5-8093-7656ffd5c11a}w64.sys   [48776]
O58 - SDL:2014/12/03 05:27:48 A . (.StdLib - StdLib.) -- C:\WINDOWS\System32\drivers\{4f2819d0-bef1-4b68-bead-13848229eb6f}w64.sys   [48776]
O58 - SDL:2014/12/22 02:24:32 A . (.StdLib - StdLib.) -- C:\WINDOWS\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}w64.sys   [48776]
O58 - SDL:2014/12/18 20:31:18 A . (.StdLib - StdLib.) -- C:\WINDOWS\System32\drivers\{993baf86-643c-42e9-95e5-094f337533f0}w64.sys   [48776]
O58 - SDL:2014/12/05 15:47:46 A . (.StdLib - StdLib.) -- C:\WINDOWS\System32\drivers\{a0eab6f4-c7be-497b-981b-51b21c0122f7}w64.sys   [48776]
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files (x86)\baidu\Spark\Spark.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("browser.search.defaultenginename", "delta-homes");
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("browser.search.searchengine.alias", "delta-homes");
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("browser.search.searchengine.iconURL", "http://search.delta-homes.com/favicon.ico");
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("browser.search.searchengine.name", "delta-homes");
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("browser.search.searchengine.ptid", "wpm07163");
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("browser.search.searchengine.uid", "HitachiXHTS547550A9E384_J1120021DG88DADG88DAX");
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("browser.search.searchengine.url", "http://search.delta-homes.com/web/?type=ds&ts=1444622607&z=c1190b9300b491cc5cd738bgd[...]
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("browser.search.selectedEngine", "delta-homes");
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("extensions.enabledAddons", "defsearchp%40gmail.com:1.0.0.1039,deskCutv2%40gmail.com:0.0.10,default_newtabff%40gmail.com[...]
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("extensions.quick_start.enable_search1", false);
O69 - SBI: prefs.js [Gustavo - uxf4416g.default] user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
O69 - SBI: SearchScopes [HKCU] {86c83f9e-48a4-4cd2-a763-64fea5df35f7} - (Baixaki) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O87 - FAEL: "{F73598D6-366C-49C9-88AF-CC0B356E1E0A}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\DigiHelp\bin\DigiHelp.BRT.Helper.exe (.not file.)
O87 - FAEL: "{81C52252-B6F5-4FC4-B6E3-A1223FFC3C5F}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\DigiHelp\bin\DigiHelp.BRT.Helper.exe (.not file.)
O87 - FAEL: "{802562AE-6B1F-4293-A515-039EE9F16513}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\DigiHelp\bin\DigiHelp.BRT.Helper.exe (.not file.)
O87 - FAEL: "{9FF4EED5-CD13-4D23-94AC-05E9BD95504F}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\DigiHelp\bin\DigiHelp.BRT.Helper.exe (.not file.)
SR - Auto   [2014/11/19 12:38:44] [  186368]  CouponarificService64 (CouponarificService64) . (...) - C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe
SR - Auto   [2015/10/14 13:31:38] [ 1047776]  Service Mgr JungleNet (Service Mgr JungleNet) . (...) - C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe
SR - Auto   [2015/10/10 09:53:32] [  169632]  SSFK (SSFK) . (.TODO: <å…¬å?¸å??>.) - C:\Program Files (x86)\SFK\SSFK.exe
SR - Auto   [2015/10/14 13:23:53] [  612576]  Update Mgr JungleNet (Update Mgr JungleNet) . (...) - C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\updater.exe
SR - Auto   [2014/07/23 22:42:04] [  709120]  vulsrsebjh64 (vulsrsebjh64) . (...) - C:\Program Files\005\vulsrsebjh64.exe
SR - Auto   [2015/10/10 09:17:58] [  435712]  WdsManPro Service (WdsManPro) . (.DTools LIMITED.) - C:\ProgramData\4WdsManPro4\WdsManPro.exe
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
HKLM\SOFTWARE\Wow6432Node\AllDaySavings
HKLM\SOFTWARE\Wow6432Node\couponarific
HKLM\SOFTWARE\Wow6432Node\delta-homesSoftware
HKLM\SOFTWARE\Wow6432Node\FFPluginHp
HKLM\SOFTWARE\Wow6432Node\Goobzo
HKLM\SOFTWARE\Wow6432Node\istartsurfSoftware
HKLM\SOFTWARE\Wow6432Node\JungleNet
HKLM\SOFTWARE\Wow6432Node\NetTcpHandler
HKLM\SOFTWARE\Wow6432Node\NtSvcHandler
HKLM\SOFTWARE\Wow6432Node\Sakura
HKLM\SOFTWARE\Wow6432Node\SearchSnacks
HKLM\SOFTWARE\Wow6432Node\SpeedBrowser
HKLM\SOFTWARE\Wow6432Node\supWindowsMangerProtect
HKLM\SOFTWARE\Wow6432Node\V9
HKLM\SOFTWARE\Wow6432Node\WdsManPro
HKLM\SOFTWARE\Wow6432Node\webssearchesSoftware
HKLM\SOFTWARE\Wow6432Node\winzipersvc
HKCU\SOFTWARE\Browser
HKCU\SOFTWARE\Goobzo
HKCU\SOFTWARE\ICSW1.14
HKCU\SOFTWARE\ProductSetup
HKCU\SOFTWARE\AppDataLow\Software\DynConIE
HKCU\SOFTWARE\AppDataLow\Software\Safer-Surf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DigiHelp_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DigiHelp_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateDigiHelp_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateDigiHelp_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilDigiHelp_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilDigiHelp_RASMANCS
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
HKLM\SYSTEM\CurrentControlSet\Services\CouponarificService64
HKLM\SOFTWARE\JungleNet
HKLM\SYSTEM\CurrentControlSet\Services\Service Mgr JungleNet
HKLM\SYSTEM\CurrentControlSet\Services\SSFK
HKLM\SYSTEM\CurrentControlSet\Services\Update Mgr JungleNet
HKLM\SYSTEM\CurrentControlSet\Services\WdsManPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jungle Net
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Video Downloader_is1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d}
C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8
C:\Program Files (x86)\D20A6820-7C28-4015-945F-09F8551FCE45
C:\Program Files (x86)\FLVM Player
C:\Program Files (x86)\Jungle Net
C:\Program Files (x86)\SFK
C:\ProgramData\4WdsManPro4
C:\ProgramData\Browser
C:\ProgramData\OWdsManProO
C:\Program Files (x86)\SFK\SSFK.exe
C:\ProgramData\WindowsMangerProtect
C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de
C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de
C:\Users\Gustavo\AppData\Roaming\Compatibility Verifier
C:\Users\Gustavo\AppData\Roaming\webssearches
C:\WINDOWS\Prefetch\DIGIHELP.BOAS.EXE-3F5290DF.pf
C:\WINDOWS\Prefetch\DIGIHELP.BOASPRT.EXE-3726C755.pf
C:\WINDOWS\Prefetch\DIGIHELP.PURBROWSE64.EXE-6EEC3885.pf
C:\WINDOWS\System32\drivers\{3211ae5b-d056-4176-9f6e-b51496f003f1}w64.sys
C:\WINDOWS\System32\drivers\{3283b201-5c22-4a7d-8767-24ec5d376ea3}w64.sys
C:\WINDOWS\System32\drivers\{47a3b56f-80e6-4ea5-8093-7656ffd5c11a}w64.sys
C:\WINDOWS\System32\drivers\{4f2819d0-bef1-4b68-bead-13848229eb6f}w64.sys
C:\WINDOWS\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}w64.sys
C:\WINDOWS\System32\drivers\{993baf86-643c-42e9-95e5-094f337533f0}w64.sys
C:\WINDOWS\System32\drivers\{a0eab6f4-c7be-497b-981b-51b21c0122f7}w64.sys
C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe
C:\ProgramData\4WdsManPro4\WdsManPro.exe
C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\updater.exe
C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe
C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe
C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\2\Plugin.exe
C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\10\Plugin.exe
C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\3\Plugin.exe
C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\Plugin.exe
C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\7\Plugin.exe
C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\5\Plugin.exe
C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\4\Plugin.exe
C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\8\Plugin.exe
C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\searchplugins\delta-homes.xml
C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\searchplugins\istartsurf.xml
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml
C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\extensions\default_newtabff@gmail.com
C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\extensions\deskCutv2@gmail.com
ServiceStop:CouponarificService64
ServiceStop:Service Mgr JungleNet
ServiceStop:SSFK
ServiceStop:Update Mgr JungleNet
ServiceStop:vulsrsebjh64
ServiceStop:WdsManPro
ServiceStop:DNSSVC

> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ou,clique CONFIGURAR >> Personalizar.
> Cole as informações contidas no Bloco de Notas,ao campo da ferramenta.
> Clique "GO".
> Poste o relatório!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em seus computadores,sob risco de danos aos mesmos! >

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Qua 14 Out 2015, 15:35

Rapport de ZHPFix 2015.8.24.7 par Nicolas Coolman, Update du 24/08/2015
Fichier d'export Registre : C:\Users\Gustavo\AppData\Roaming\ZHP\ZHPExportRegistry-14-10-2015-15-32-46.txt
Run by Gustavo at 14/10/2015 15:32:35
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 10s)
Prefetcher vazio
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\users\gustavo\appdata\roaming\istartsurf\uninstallmanager.exe
AUSENTE Uninstall Process: c:\program files (x86)\jungle net\uninstaller.exe
ELIMINÉ: Video Downloader version 2.0
AUSENTE Uninstall Process: c:\program files (x86)\youtube accelerator\varemove.exe

========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\SFK\SSFK.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files\005\vulsrsebjh64.exe
ELIMINÉ: Memory Process: C:\ProgramData\4WdsManPro4\WdsManPro.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\updater.exe
ELIMINÉ: Memory Process: C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe
ELIMINÉ: Memory Process: C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe
ELIMINÉ: Memory Process: C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\2\Plugin.exe
ELIMINA REINICIAR: Memory Process: C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\10\Plugin.exe
ELIMINÉ: Memory Process: C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\3\Plugin.exe
ELIMINÉ: Memory Process: C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\Plugin.exe
ELIMINÉ: Memory Process: C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\7\Plugin.exe
ELIMINÉ: Memory Process: C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\5\Plugin.exe
ELIMINÉ: Memory Process: C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\4\Plugin.exe
ELIMINÉ: Memory Process: C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\8\Plugin.exe

========== Estado dos serviços ==========
CouponarificService64 Parado
Service Mgr JungleNet Parado
SSFK Parado
Update Mgr JungleNet Parado
vulsrsebjh64 Parado
WdsManPro Parado
DNSSVC Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jungle Net]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d}]
Ramo Base de Registos IFEO não infetado !
ELIMINÉ: Service: CouponarificService64
ELIMINÉ: Service: Service Mgr JungleNet
ELIMINÉ: Service: SSFK
ELIMINÉ: Service: Update Mgr JungleNet
ELIMINÉ: Service: vulsrsebjh64
ELIMINÉ: Service: WdsManPro
ELIMINÉ: Service: DNSSVC
ELIMINÉ: SearchScopes :{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\AllDaySavings
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\couponarific
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\delta-homesSoftware
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\FFPluginHp
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Goobzo
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\istartsurfSoftware
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\JungleNet
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\NetTcpHandler
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\NtSvcHandler
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Sakura
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\SearchSnacks
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\SpeedBrowser
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\supWindowsMangerProtect
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\V9
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\WdsManPro
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\webssearchesSoftware
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\winzipersvc
ELIMINÉ: HKCU\SOFTWARE\Browser
ELIMINÉ: HKCU\SOFTWARE\Goobzo
ELIMINÉ: HKCU\SOFTWARE\ICSW1.14
ELIMINÉ: HKCU\SOFTWARE\ProductSetup
ELIMINÉ: HKCU\SOFTWARE\AppDataLow\Software\DynConIE
ELIMINÉ: HKCU\SOFTWARE\AppDataLow\Software\Safer-Surf
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DigiHelp_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DigiHelp_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateDigiHelp_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateDigiHelp_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilDigiHelp_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilDigiHelp_RASMANCS

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Domain) : {9E3D57FC-7C37-4424-9352-4831E97D029D}
ELIMINÉ: FirewallRaz (Domain) : {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}
ELIMINÉ: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}
ELIMINÉ: FirewallRaz (None) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}
ELIMINÉ: FirewallRaz (Private) : {F73598D6-366C-49C9-88AF-CC0B356E1E0A}
ELIMINÉ: FirewallRaz (Private) : {81C52252-B6F5-4FC4-B6E3-A1223FFC3C5F}
ELIMINÉ: FirewallRaz (Public) : {802562AE-6B1F-4293-A515-039EE9F16513}
ELIMINÉ: FirewallRaz (Public) : {9FF4EED5-CD13-4D23-94AC-05E9BD95504F}
ELIMINÉ: FirewallRaz (Private) : {B5775D63-6A7A-4157-95B3-026DDC048C6D}
ELIMINÉ: FirewallRaz (Private) : {E47B4BB1-592E-46F5-BABF-7AA6C8F378E9}
ELIMINÉ: FirewallRaz (Public) : TCP Query User{962E4604-0485-41DC-8B7B-9A5766194896}C:\program files (x86)\lenovo\shareit\shareit.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{A703520E-74E9-4FD5-8FAC-4C3777850F75}C:\program files (x86)\lenovo\shareit\shareit.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
ELIMINÉ RunValue: GoobzoYouTubeAccelerator

========== Elementos dos dados do Registo ==========
SUBSTITUI Value CheckedValue : Good (1) - Bad (0)

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: user_pref("browser.search.defaultenginename", "delta-homes");
ELIMINÉ Mozilla Pref: user_pref("browser.search.searchengine.alias", "delta-homes");
ELIMINÉ Mozilla Pref: user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
ELIMINÉ Mozilla Pref: user_pref("browser.search.searchengine.iconURL", "http://search.delta-homes.com/favicon.ico");
ELIMINÉ Mozilla Pref: user_pref("browser.search.searchengine.name", "delta-homes");
ELIMINÉ Mozilla Pref: user_pref("browser.search.searchengine.ptid", "wpm07163");
ELIMINÉ Mozilla Pref: user_pref("browser.search.searchengine.uid", "HitachiXHTS547550A9E384_J1120021DG88DADG88DAX");
AUSENTE Mozilla Pref: user_pref("browser.search.searchengine.url", "http://search.delta-homes.com/web/?type=ds&ts=1444622607&z=c1190b9300b491cc5cd738bgd[...]
ELIMINÉ Mozilla Pref: user_pref("browser.search.selectedEngine", "delta-homes");
ELIMINÉ Mozilla Pref: user_pref("extensions.enabledAddons", "defsearchp%40gmail.com:1.0.0.1039,deskCutv2%40gmail.com:0.0.10,default_newtabff%40gmail.com[...]
ELIMINÉ Mozilla Pref: user_pref("extensions.quick_start.enable_search1", false);
ELIMINÉ Mozilla Pref: user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (10)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\Users\Gustavo\AppData\Local\Apps
ELIMINA REINICIAR:** C:\ProgramData\boost_interprocess
ELIMINÉ: C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8
ELIMINÉ: C:\Program Files (x86)\D20A6820-7C28-4015-945F-09F8551FCE45
ELIMINÉ: C:\Program Files (x86)\FLVM Player
ELIMINÉ: C:\Program Files (x86)\Jungle Net
ELIMINÉ: C:\Program Files (x86)\SFK
ELIMINÉ: C:\ProgramData\4WdsManPro4
ELIMINÉ: C:\ProgramData\Browser
ELIMINÉ: C:\ProgramData\Log
ELIMINÉ: C:\ProgramData\OWdsManProO
ELIMINÉ: C:\ProgramData\WindowsMangerProtect
ELIMINÉ: C:\Users\Gustavo\AppData\Roaming\Compatibility Verifier
ELIMINÉ: C:\Users\Gustavo\AppData\Roaming\webssearches
ELIMINÉ: c:\programdata\31f7a620-acbd-4f84-82db-5e231b8ad5de
ELIMINÉ: c:\program files (x86)\common files\31f7a620-acbd-4f84-82db-5e231b8ad5de
ELIMINÉ: c:\users\gustavo\appdata\roaming\mozilla\firefox\profiles\uxf4416g.default\extensions\default_newtabff@gmail.com
ELIMINÉ: c:\users\gustavo\appdata\roaming\mozilla\firefox\profiles\uxf4416g.default\extensions\deskcutv2@gmail.com

========== Ficheiros ==========
ELIMINÉ Temporários windows (37) (5.671.900 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ:** c:\programdata\4wdsmanpro4\wdsmanpro.exe
ELIMINÉ:** c:\programdata\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe
ELIMINÉ:** c:\programdata\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\2\plugin.exe
ELIMINÉ: c:\program files (x86)\0892ccea-3029-46f2-bd98-f3177431f5f8\xtloowpkjv64.exe
ELIMINÉ: c:\program files\005\vulsrsebjh64.exe
ELIMINÉ: c:\windows\prefetch\digihelp.boas.exe-3f5290df.pf
ELIMINÉ: c:\windows\prefetch\digihelp.boasprt.exe-3726c755.pf
ELIMINÉ: c:\windows\prefetch\digihelp.purbrowse64.exe-6eec3885.pf
ELIMINA REINICIAR: c:\windows\system32\drivers\netfilter64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{3211ae5b-d056-4176-9f6e-b51496f003f1}w64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{3283b201-5c22-4a7d-8767-24ec5d376ea3}w64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{47a3b56f-80e6-4ea5-8093-7656ffd5c11a}w64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{4f2819d0-bef1-4b68-bead-13848229eb6f}w64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}w64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{993baf86-643c-42e9-95e5-094f337533f0}w64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{a0eab6f4-c7be-497b-981b-51b21c0122f7}w64.sys
ELIMINÉ: C:\WINDOWS\System32\drivers\{3211ae5b-d056-4176-9f6e-b51496f003f1}w64.sys
ELIMINÉ: C:\WINDOWS\System32\drivers\{3283b201-5c22-4a7d-8767-24ec5d376ea3}w64.sys
ELIMINÉ: C:\WINDOWS\System32\drivers\{47a3b56f-80e6-4ea5-8093-7656ffd5c11a}w64.sys
ELIMINÉ: C:\WINDOWS\System32\drivers\{4f2819d0-bef1-4b68-bead-13848229eb6f}w64.sys
ELIMINÉ: C:\WINDOWS\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}w64.sys
ELIMINÉ: C:\WINDOWS\System32\drivers\{993baf86-643c-42e9-95e5-094f337533f0}w64.sys
ELIMINÉ: C:\WINDOWS\System32\drivers\{a0eab6f4-c7be-497b-981b-51b21c0122f7}w64.sys
ELIMINÉ: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\searchplugins\delta-homes.xml
ELIMINÉ: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\searchplugins\istartsurf.xml

========== Pastas/Ficheiros ocultos restaurados ==========
Mes images (My Pictures) : 5 restaurados com sucesso
Ma musique (My Music) : 1 restaurados com sucesso
Ma Video (My Video) : 2 restaurados com sucesso
Mes Favoris (My Favorites) : 2 restaurados com sucesso
Mes Documents (My Documents) : 7 restaurados com sucesso
Mon Bureau (My Desktop) : 24 restaurados com sucesso
Menu demarrer (Programs) : 12 restaurados com sucesso
Dossier utilisateur (AppData) : 30 restaurados com sucesso
Programmes (Program Files) : 10 restaurados com sucesso

========== Outros ==========
NÃO-TRATADO [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]


========== Recapitulativo ==========
15 : Processo memória
42 : Chaves do Registo
21 : Valores do Registo
1 : Elementos dos dados do Registo
21 : Pastas
27 : Ficheiros
4 : Softwares
12 : Preferências do navegador
7 : Estado dos serviços
93 : Pastas/Ficheiros ocultos restaurados
1 : Outros


End of clean in 03mn 14s

========== Caminho do ficheiro do relatório ==========
C:\Users\Gustavo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18/07/2014 17:11:16 [3116]
C:\Users\Gustavo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 19/07/2014 11:08:39 [1048]
C:\Users\Gustavo\AppData\Roaming\ZHP\ZHPFix[R3].txt - 14/10/2015 15:32:46 [12201]
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por joram Qua 14 Out 2015, 15:46

/!\ Boa Tarde!  Gustavorornelas /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )

> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".

> Salve-o no desktop!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Abra a ferramenta e na guia "Opções",assinale todas as Restaurações.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ps: Dê início ao scan,clicando em "Verificar" ou "Examinar". 

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatorio".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt > 

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Malwarebytes.org )

> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ... 

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Qua 14 Out 2015, 16:37

# AdwCleaner v5.013 - Relatório criado 14/10/2015 às 16:28:01
# Atualizado 09/10/2015 por Xplode
# Banco de dados : 2015-10-13.2 [Servidor]
# Sistema operacional : Windows 8.1 Single Language (x64)
# Usuário : Gustavo - GUSTAVO
# Executando de : C:\Users\Gustavo\Desktop\adwcleaner_5.013.exe
# Opção : Limpar
# Apoio : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

***** [ Serviços ] *****

[-] Serviço Excluído : CouponArificService64
[-] Serviço Excluído : netfilter64
[-] Serviço Excluído : winzipersvc
[-] Serviço Excluído : TheDesktopWeatherService
[-] Serviço Excluído : Service Mgr JungleNet
[-] Serviço Excluído : SSFK
[-] Serviço Excluído : WdsManPro
[-] Serviço Excluído : Crashhd

***** [ Pastas ] *****

[-] Pasta Excluído : C:\Program Files\AllDaySavings
[-] Pasta Excluído : C:\Program Files\CouponArific
[-] Pasta Excluído : C:\Program Files (x86)\WinZipper
[-] Pasta Excluído : C:\Program Files (x86)\YouTube Accelerator
[-] Pasta Excluído : C:\Program Files (x86)\WeatherTool
[-] Pasta Excluído : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[-] Pasta Excluído : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
[-] Pasta Excluído : C:\Users\Convidado\AppData\Local\speed browser
[-] Pasta Excluído : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip
[-] Pasta Excluído : C:\Users\Gustavo\AppData\LocalLow\Goobzo
[-] Pasta Excluído : C:\Users\Gustavo\AppData\Roaming\WinZipper
[-] Pasta Excluído : C:\Users\Gustavo\AppData\Roaming\WeatherTool
[-] Pasta Excluído : C:\Users\Gustavo\AppData\Roaming\shortCutStore
[-] Pasta Excluído : C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\defsearchp@gmail.com
[-] Pasta Excluído : C:\Users\Public\Documents\Goobzo
[-] Pasta Excluído : C:\Users\Public\Documents\ShopperPro
[-] Pasta Excluído : C:\Users\UpdatusUser\AppData\Local\speed browser
[-] Pasta Excluído : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\speed browser
[-] Pasta Excluído : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool

***** [ Arquivos ] *****

[-] Arquivo Excluído : C:\END
[-] Arquivo Excluído : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.superfish.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
[-] Arquivo Excluído : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk
[-] Arquivo Excluído : C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
[-] Arquivo Excluído : C:\Users\Convidado\Desktop\Hao123.lnk
[-] Arquivo Excluído : C:\Users\Convidado\Desktop\YouTube Accelerator.lnk
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.tradeadexchange.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.tradeadexchange.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk
[-] Arquivo Excluído : C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
[-] Arquivo Excluído : C:\Users\Public\Desktop\Facebook.lnk
[-] Arquivo Excluído : C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk
[-] Arquivo Excluído : C:\Users\UpdatusUser\Desktop\Hao123.lnk
[-] Arquivo Excluído : C:\Users\UpdatusUser\Desktop\YouTube Accelerator.lnk
[-] Arquivo Excluído : C:\WINDOWS\SysNative\roboot64.exe
[-] Arquivo Excluído : C:\WINDOWS\SysNative\drivers\netfilter64.sys

***** [ DLLs ] *****


***** [ Atalhos ] *****

[-] Atalho Desinfectado : C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Atalho Desinfectado : C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Tarefas agendadas ] *****


***** [ Registro ] *****

[-] Chave Excluída : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[-] Chave Excluída : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Chave Excluída : HKCU\Software\Mozilla\Extends
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Chave Excluída : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Chave Excluída : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Chave Excluída : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Chave Excluída : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.001
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.7z
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.arj
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.bz2
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.bzip2
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.cab
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.cpio
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.deb
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.dmg
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.fat
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.gz
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.gzip
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.hfs
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.iso
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.lha
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.lzh
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.lzma
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.ntfs
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.rar
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.rpm
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.squashfs
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.swm
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.tar
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.taz
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.tbz
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.tbz2
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.tgz
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.tpz
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.txz
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.vhd
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.wim
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.xar
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.xz
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.z
[-] Chave Excluída : HKLM\SOFTWARE\Classes\WinZipper.zip
[-] Valor Excluída : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [default_newtabff@gmail.com]
[-] Valor Excluída : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[-] Valor Excluída : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{DCFB5BFE-1F58-4B1D-96A7-3C7BBAE51B36}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{BDC460F4-12FE-494E-A944-FB47BD22D23E}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DCFB5BFE-1F58-4B1D-96A7-3C7BBAE51B36}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Valor Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Valor Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Chave Excluída : HKU\.DEFAULT\Software\Goobzo
[-] Chave Excluída : HKU\.DEFAULT\Software\AppDataLow\Software\couponarific
[-] Chave Excluída : HKU\.DEFAULT\Software\AppDataLow\Software\allday savings
[-] Chave Excluída : HKCU\Software\WeatherTool
[-] Chave Excluída : HKLM\SOFTWARE\hdcode
[-] Chave Excluída : HKLM\SOFTWARE\TBID
[-] Chave Excluída : HKLM\SOFTWARE\im-dosearch
[-] Chave Excluída : HKLM\SOFTWARE\seekmx
[-] Chave Excluída : HKLM\SOFTWARE\Crashhd
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
[!] Chave Não Excluída : [x64] HKCU\Software\WeatherTool
[-] Chave Excluída : [x64] HKLM\SOFTWARE\AllDaySavings
[-] Chave Excluída : [x64] HKLM\SOFTWARE\AllDaySavings
[-] Chave Excluída : [x64] HKLM\SOFTWARE\ShopperPro
[-] Chave Excluída : [x64] HKLM\SOFTWARE\TBID
[-] Chave Excluída : [x64] HKLM\SOFTWARE\couponarific
[-] Chave Excluída : [x64] HKLM\SOFTWARE\allday savings
[-] Chave Excluída : [x64] HKLM\SOFTWARE\WeatherTool
[-] Chave Excluída : [x64] HKLM\SOFTWARE\im-dosearch
[-] Chave Excluída : [x64] HKLM\SOFTWARE\seekmx
[-] Chave Excluída : [x64] HKLM\SOFTWARE\SAKURA
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherTool
[!] Chave Não Excluída : HKU\.DEFAULT\Software\AppDataLow\Software\couponarific
[!] Chave Não Excluída : HKU\.DEFAULT\Software\AppDataLow\Software\allday savings
[!] Chave Não Excluída : HKU\S-1-5-18\Software\AppDataLow\Software\couponarific
[!] Chave Não Excluída : HKU\S-1-5-18\Software\AppDataLow\Software\allday savings
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}

***** [ Navegadores ] *****

[-] [C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\prefs.js] [Preference] Excluída : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[-] [C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\prefs.js] [Preference] Excluída : user_pref("browser.search.defaultenginename", "delta-homes");
[-] [C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\prefs.js] [Preference] Excluída : user_pref("browser.search.selectedEngine", "delta-homes");
[-] [C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\prefs.js] [Preference] Excluída : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\prefs.js] [Preference] Excluída : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.ask.com

*************************

:: Configurações Proxy restauradas
:: Configurações Winsock restauradas
:: Configurações TCP/IP restauradas
:: Configurações do Firewall restauradas
:: Configurações IPSec restauradas
:: Políticas do Chrome excluídas

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [20761 bytes] ##########
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Qua 14 Out 2015, 16:50

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 Single Language x64
Ran by Gustavo on 14/10/2015 at 16:40:16,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] {3211ae5b-d056-4176-9f6e-b51496f003f1}w64 [Reboot required]
Successfully deleted: [Service] {3283b201-5c22-4a7d-8767-24ec5d376ea3}w64 [Reboot required]
Successfully deleted: [Service] {47a3b56f-80e6-4ea5-8093-7656ffd5c11a}w64 [Reboot required]
Successfully deleted: [Service] {4f2819d0-bef1-4b68-bead-13848229eb6f}w64 [Reboot required]
Successfully deleted: [Service] {8aefbcaf-640f-4dca-9a92-ed05ee387238}w64 [Reboot required]
Successfully deleted: [Service] {993baf86-643c-42e9-95e5-094f337533f0}w64 [Reboot required]
Successfully deleted: [Service] {a0eab6f4-c7be-497b-981b-51b21c0122f7}w64 [Reboot required]
Successfully deleted: [Service] sparksvc [Reboot required]
Successfully deleted: [Service] sparkupdater [Reboot required]



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SparkUpdater



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Public\Desktop\google.lnk
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAP1329.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAP1435.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAP1744.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAP193A.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAP1B8E.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAP2091.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAP248A.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAP24BB.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAP26F0.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAP2F8D.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAP322F.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\FAPE45A.tmp



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\005
Successfully deleted: [Folder] C:\Users\Gustavo\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Gustavo\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\users\Public\Documents\guid
Successfully deleted: [Folder] C:\users\Public\Documents\pc faster



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Gustavo\AppData\Roaming\mozilla\firefox\profiles\uxf4416g.default\prefs.js

user_pref(browser.search.searchengine.alias, delta-homes);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
user_pref(browser.search.searchengine.name, delta-homes);
user_pref(browser.search.searchengine.ptid, wpm07163);
user_pref(browser.search.searchengine.uid, HitachiXHTS547550A9E384_J1120021DG88DADG88DAX);
user_pref(browser.search.searchengine.url, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Emptied folder: C:\Users\Gustavo\AppData\Roaming\mozilla\firefox\profiles\uxf4416g.default\minidumps [8 files]



~~~ Chrome


[C:\Users\Gustavo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Gustavo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Gustavo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Gustavo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/10/2015 at 16:49:28,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por joram Qua 14 Out 2015, 16:57

/!\ Boa Tarde! Gustavorornelas /!\

> Realmente,sua máquina estava muito infectada.

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Nicolas Coolman )

> Ou |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Mirror!
> Estando na página,clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Salve-a no desktop! ( ZHPCleaner.exe )
> Execute ZHPCleaner.exe <<

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Clique "Eu".

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Clique Scanner.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ao concluir,clique Reparar.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Acesse as guias que estão assinaladas em vermelho
> Clique Reparar ou desmarque algum ítem que seja Falso Positivo.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ao concluir,clique Relatório!
> Poste o log de reparo: ~ Type : Reparo

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Qua 14 Out 2015, 17:28

~ ZHPCleaner v2015.4.26.191 by Nicolas Coolman (14/10/2015)
~ Run by Gustavo (Administrator) (14/10/2015 17:24:17)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version KO
~ Type : Reparo
~ Report : C:\Users\Gustavo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Gustavo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 64-bit (Build 9600)


---\\ Serviços (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Navegadores de Internet (2)
SUBSTITUIDO Chrome URL: {extensions:{settings:{ahfgeienlihckogmohjhadlkjgocpleb:{active_permissions:{api:[management,system.[...] (Hijacker.Proxy)
MOVIDO pasta: C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk [Bad : C:\Program Files (x86)\speed browser\Application\browser.exe] (PUP.SpeedBrowser)


---\\ Arquivo hosts (1)
~ O arquivo hosts é legítimo (1)


---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Explorer ( Arquivos, Pastas) (2)
MOVIDO pasta*: C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_junglenet-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
MOVIDO pasta*: C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_junglenet-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)


---\\ Registro ( Chaves, Valores, Dados ) (10)
SUPRIMIDO dados: HKCR\BaiduSparkHTML\Shell\Open\Command\\Default [Bad : [html] "C:\Program Files (x86)\baidu\Spark\Spark.exe" -- "%1"] (Broken.OpenCommand)
SUBSTITUIDO dados: HKLM\...\BaiduSpark.EXE\Shell\open\Command\\"C:\Program Files (x86)\baidu\Spark\Spark.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (PUP.IsStart)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\0892CCEA-3029-46F2-BD98-F3177431F5F8 [] (Adware.CrossRider)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\D20A6820-7C28-4015-945F-09F8551FCE45 [] (Adware.CrossRider)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\api.digihelp.info [160147] (PUP.DigiHelp)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\digihelp.info [] (PUP.DigiHelp)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vitruvianleads.com [] (PUP.Vitruvian)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [28] (PUP.Vitruvian)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apidigihelpinfo-a.akamaihd.net [67] (PUP.DigiHelp)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2311927973-3537350689-1432087344-1002\Products\25D05E5D856C61C47922F9B950B7F5F0 [Snap.Do] (Hijacker.SmartBar)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 855
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 14


End of clean at 17:24:46
===================
ZHPCleaner-[R]-14102015-17_24_46.txt
ZHPCleaner-[S]-14102015-17_21_22.txt
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por joram Qua 14 Out 2015, 17:57

/!\ Boa Tarde! Gustavorornelas /!\

> Pelo visto seu navegador Spark foi removido
> Posteriormente,vc pode reinstalá-lo novamente.

> Poste novo relatório da FRST +Addition.txt <<
> As propagandas ainda o incomodam?

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Qui 15 Out 2015, 13:47

~ ZHPCleaner v2015.4.26.191 by Nicolas Coolman (15/10/2015)
~ Run by Gustavo (Administrator) (15/10/2015 13:46:04)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version KO
~ Type : Reparo
~ Report : C:\Users\Gustavo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Gustavo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 64-bit (Build 9600)


---\\ Serviços (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Navegadores de Internet (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Arquivo hosts (1)
~ O arquivo hosts é legítimo (1)


---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Explorer ( Arquivos, Pastas) (2)
MOVIDO pasta*: C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_junglenet-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
MOVIDO pasta*: C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_junglenet-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)


---\\ Registro ( Chaves, Valores, Dados ) (1)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2311927973-3537350689-1432087344-1001\Software\Goobzo [] (PUP.Goobzo)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Google Chrome)
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 854
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 3


End of clean at 13:46:29
===================
ZHPCleaner-[R]-14102015-17_24_46.txt
ZHPCleaner-[R]-15102015-13_46_29.txt
ZHPCleaner-[S]-14102015-17_21_22.txt
ZHPCleaner-[S]-15102015-13_44_48.txt
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Qui 15 Out 2015, 13:52

ainda incomoda simm!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by Gustavo (administrator) on GUSTAVO (09-10-2015 22:13:46)
Running from C:\Users\Gustavo\Downloads
Loaded Profiles: UpdatusUser & Gustavo (Available Profiles: UpdatusUser & Gustavo & Convidado)
Platform: Windows 8.1 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\baidu\Spark\Spark.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe
() C:\Users\Gustavo\AppData\Local\Crsoft\crsvc.exe
() C:\Users\Gustavo\AppData\Roaming\DNSHelper\DNSSVC.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(QNT) C:\Windows\SysWOW64\NetService\netservice.exe
(Baidu Inc.) C:\Program Files (x86)\baidu\Spark\sparkservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\WeatherTool\2.0.0.10766\WeatherService.exe
() C:\Program Files\005\vulsrsebjh64.exe
(DTools LIMITED) C:\ProgramData\OWdsManProO\WdsManPro.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.0.10766\weather.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(GOOBZO) C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\Gustavo\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Baidu.com, Inc.) C:\Program Files (x86)\baidu\Spark\sparkupdate.exe
() C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\updater.exe
() C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe
() C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\10\Plugin.exe
() C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\2\Plugin.exe
() C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\5\Plugin.exe
() C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\Plugin.exe
() C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\3\Plugin.exe
() C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\Plugin.exe
() C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\3\Plugin.exe
() C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\7\Plugin.exe
() C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\7\Plugin.exe
() C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\8\Plugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3940040 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [CertificateRegistration] => C:\windows\system32\aetcrss1.exe [191488 2011-04-20] (A.E.T. Europe B.V.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-10] (Symantec Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36710768 2015-10-01] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2014-05-05] (Banco Itaú Unibanco)
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\...\Run: [Facebook Update] => "C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\Run: [GoobzoYouTubeAccelerator] => C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe [2218856 2014-07-23] (GOOBZO)
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\Run: [Viber] => "C:\Users\Gustavo\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\Run: [BingSvc] => C:\Users\Gustavo\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2015-09-15] ()
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COOL.vbs [2014-03-29] ()
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2014-02-25]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2013-05-07]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{347ECC0F-6BDF-4A97-AD01-EF5CCD95EFFC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E757FE2C-39E1-44C0-9B4A-B6EE5007D5A4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM-x32 -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1001 -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1001 -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1001 -> {A1B24F64-A61A-4E03-A031-A19B11173500} URL =
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> DefaultScope Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> {A1B24F64-A61A-4E03-A031-A19B11173500} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-08] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2014-05-05] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Jungle Net -> {dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36} -> C:\Program Files (x86)\Jungle Net\Extensions\dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36.dll [2015-10-07] ()
BHO-x32: AllDaySavings -> {fbdff406-2c4c-5d35-8469-34bb67ea3353} -> C:\Program Files\D20A6820-7C28-4015-945F-09F8551FCE45\kzhxnitccw.dll [2014-07-28] ()
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

FireFox:
========
FF ProfilePath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: istartsurf
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: istartsurf
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2311927973-3537350689-1432087344-1002: gastecnologia.com.br/sf/uni -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-03-27] (GAS Tecnologia)
FF user.js: detected! => C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\user.js [2015-10-07]
FF SearchPlugin: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\searchplugins\bing-.xml [2015-10-09]
FF SearchPlugin: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\searchplugins\istartsurf.xml [2015-10-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\SearchTheWeb.xml [2015-01-23]
FF Extension: Bing Search - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\bingsearch.full@microsoft.com [2015-10-07]
FF Extension: Default SearchProtected - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\defsearchp@gmail.com [2015-10-07]
FF Extension: deskCut - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\deskCutv2@gmail.com [2015-10-07]
FF Extension: Jungle Net - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\{27198e32-9f26-4000-8352-13ebbebb1d2c}.xpi [2015-10-07]
FF Extension: Adblock Plus - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\extensions\deskCutv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Chrome:
=======
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.istartsurf.com/?type=hp&ts=1444240900&z=59b9e3a11cfd35ffb89c55fg0z8zczbobz4eaqft9q&from=cornl&uid=HitachiXHTS547550A9E384_J1120021DG88DADG88DAX"
CHR DefaultSearchURL: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSearchKeyword: Default -> istartsurf
CHR Profile: C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-10]
CHR Extension: (Jungle Net) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmihnbcolkckpfmjbmlmhpafbdcaclb [2015-10-07]
CHR Extension: (Bing) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-10-07]
CHR Extension: (ABP AdBlock Plus) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iednhhlkbjnhhfekkmiomcifoedpgelp [2014-08-10]
CHR Extension: (EasyCalendar) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-10-07]
CHR Extension: (Adblock Super) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-12-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-10]
CHR Extension: (Skype Click to Call) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-07]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-10]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-09-11]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 CouponarificService64; C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe [186368 2014-11-19] () [File not signed]
R2 Crashhd; C:\Users\Gustavo\AppData\Local\Crsoft\crsvc.exe [185800 2015-10-01] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-29] (Dropbox, Inc.)
R2 DNSSVC; C:\Users\Gustavo\AppData\Roaming\DNSHelper\DNSSVC.exe [142792 2015-09-08] ()
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928 2014-05-05] (GAS Tecnologia)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 MyLocalService; C:\WINDOWS\SysWOW64\NetService\netservice.exe [226888 2015-01-20] (QNT)
S2 NetDNS; C:\Users\Gustavo\AppData\Roaming\NetTemp\SysDnsSvc.exe [173088 2015-07-08] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-10] (Symantec Corporation)
R2 Service Mgr JungleNet; C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe [1048288 2015-10-09] ()
R2 SparkSvc; C:\Program Files (x86)\baidu\Spark\sparkservice.exe [97080 2015-08-17] (Baidu Inc.)
S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1359040 2014-12-18] (Baidu.com, Inc.) [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246464 2015-06-12] (Synaptics Incorporated)
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.0.10766\WeatherService.exe [149752 2015-07-21] ()
R2 Update Mgr JungleNet; C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\updater.exe [613600 2015-10-09] ()
R2 vulsrsebjh64; C:\Program Files\005\vulsrsebjh64.exe [709120 2014-07-23] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WdsManPro; C:\ProgramData\OWdsManProO\WdsManPro.exe [442504 2015-10-07] (DTools LIMITED)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20151005.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20151009.001\IDSvia64.sys [767216 2015-09-22] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20151009.003\ENG64.SYS [138488 2015-10-05] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20151009.003\EX64.SYS [2146040 2015-10-05] (Symantec Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [41168 2014-11-19] (NetFilterSDK.com)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2013-01-13] (Windows (R) 2003 DDK 3790 provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [40448 2011-01-21] (Generic)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R1 {3211ae5b-d056-4176-9f6e-b51496f003f1}w64; C:\Windows\System32\drivers\{3211ae5b-d056-4176-9f6e-b51496f003f1}w64.sys [48776 2014-12-13] (StdLib)
R1 {3283b201-5c22-4a7d-8767-24ec5d376ea3}w64; C:\Windows\System32\drivers\{3283b201-5c22-4a7d-8767-24ec5d376ea3}w64.sys [48776 2014-12-08] (StdLib)
R1 {47a3b56f-80e6-4ea5-8093-7656ffd5c11a}w64; C:\Windows\System32\drivers\{47a3b56f-80e6-4ea5-8093-7656ffd5c11a}w64.sys [48776 2014-12-14] (StdLib)
R1 {4f2819d0-bef1-4b68-bead-13848229eb6f}w64; C:\Windows\System32\drivers\{4f2819d0-bef1-4b68-bead-13848229eb6f}w64.sys [48776 2014-12-03] (StdLib)
R1 {8aefbcaf-640f-4dca-9a92-ed05ee387238}w64; C:\Windows\System32\drivers\{8aefbcaf-640f-4dca-9a92-ed05ee387238}w64.sys [48776 2014-12-22] (StdLib)
R1 {993baf86-643c-42e9-95e5-094f337533f0}w64; C:\Windows\System32\drivers\{993baf86-643c-42e9-95e5-094f337533f0}w64.sys [48776 2014-12-18] (StdLib)
R1 {a0eab6f4-c7be-497b-981b-51b21c0122f7}w64; C:\Windows\System32\drivers\{a0eab6f4-c7be-497b-981b-51b21c0122f7}w64.sys [48776 2014-12-05] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 22:13 - 2015-10-09 22:14 - 00037579 _____ C:\Users\Gustavo\Downloads\FRST.txt
2015-10-09 22:12 - 2015-10-09 22:14 - 00000000 ____D C:\FRST
2015-10-09 22:12 - 2015-10-09 22:12 - 02194944 _____ (Farbar) C:\Users\Gustavo\Downloads\FRST64.exe
2015-10-09 22:11 - 2015-10-09 22:11 - 01698304 _____ (Farbar) C:\Users\Gustavo\Downloads\FRST.exe
2015-10-08 12:48 - 2015-10-08 12:48 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2015-10-07 17:41 - 2015-10-07 17:41 - 00000000 ____D C:\Users\Gustavo\Tracing
2015-10-07 17:26 - 2015-10-07 17:26 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Skype
2015-10-07 17:25 - 2015-10-09 21:59 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\Skype
2015-10-07 17:25 - 2015-10-07 17:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-07 17:25 - 2015-10-07 17:25 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-07 17:25 - 2015-10-07 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-10-07 17:25 - 2015-10-07 17:25 - 00000000 ____D C:\ProgramData\Skype
2015-10-07 17:25 - 2015-10-07 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-07 17:23 - 2015-10-07 17:23 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Gustavo\Downloads\SkypeSetup.exe
2015-10-07 15:07 - 2015-10-07 15:14 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Lenovo
2015-10-07 15:06 - 2015-10-07 15:14 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-10-07 15:06 - 2015-10-07 15:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-10-07 15:06 - 2015-10-07 15:06 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-10-07 15:05 - 2015-10-07 15:06 - 00000000 ____D C:\Users\Todos os Usuários\OWdsManProO
2015-10-07 15:05 - 2015-10-07 15:06 - 00000000 ____D C:\ProgramData\OWdsManProO
2015-10-07 15:05 - 2015-10-07 15:05 - 00000102 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-10-07 15:05 - 2015-10-07 15:05 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-10-07 15:04 - 2015-10-07 15:05 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\istartsurf
2015-10-07 15:04 - 2015-10-07 15:04 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Baidu
2015-10-07 15:02 - 2015-10-08 12:33 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\WeatherTool
2015-10-07 15:02 - 2015-10-07 15:02 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-10-07 15:02 - 2015-10-07 15:02 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2015-10-07 15:01 - 2015-10-09 13:04 - 00000000 ____D C:\Users\Todos os Usuários\31f7a620-acbd-4f84-82db-5e231b8ad5de
2015-10-07 15:01 - 2015-10-09 13:04 - 00000000 ____D C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de
2015-10-07 15:01 - 2015-10-07 15:02 - 00000000 ____D C:\Program Files (x86)\Jungle Net
2015-10-07 15:01 - 2015-10-07 15:00 - 01349943 _____ C:\Users\Gustavo\Downloads\skype-voice-changer-32-bits.zip
2015-10-07 14:58 - 2015-10-07 14:59 - 01093439 _____ C:\Users\Gustavo\Downloads\installer.zip
2015-10-06 16:26 - 2015-10-06 16:26 - 00000900 _____ C:\Users\Gustavo\Desktop\LUCAS iNDENIZAÇÃO - Atalho.lnk
2015-10-06 12:58 - 2015-10-06 12:58 - 00016999 _____ C:\Users\Gustavo\Downloads\EDITAL VERTICALIZADO - TJDFT Constitucional.xlsx
2015-10-05 18:52 - 2015-10-05 18:52 - 01081058 _____ C:\Users\Gustavo\Downloads\051020151718425320 (2).zip
2015-10-05 18:52 - 2015-10-05 18:52 - 01081058 _____ C:\Users\Gustavo\Downloads\051020151718425320 (1).zip
2015-10-05 18:51 - 2015-10-05 18:52 - 01081058 _____ C:\Users\Gustavo\Downloads\051020151718425320.zip
2015-10-05 13:42 - 2015-10-05 13:42 - 00677384 _____ C:\Users\Gustavo\Downloads\29092014162703150 (1).rar
2015-10-05 13:41 - 2015-10-05 13:41 - 00677384 _____ C:\Users\Gustavo\Downloads\29092014162703150.rar
2015-10-03 14:44 - 2015-10-03 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-02 16:32 - 2015-10-02 16:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-10-01 15:18 - 2015-10-01 15:18 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\shortCutStore
2015-10-01 15:18 - 2015-10-01 15:18 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Crsoft
2015-10-01 14:59 - 2015-10-01 15:26 - 00000000 ____D C:\Users\Gustavo\Desktop\LUCAS iNDENIZAÇÃO
2015-09-30 19:22 - 2015-10-01 15:13 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\RunDir
2015-09-24 16:50 - 2015-09-24 16:50 - 00000000 ____D C:\Users\Gustavo\AppData\Local\A.E.T. Europe B.V
2015-09-24 16:42 - 2015-09-24 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeSign Standard
2015-09-24 16:42 - 2015-09-24 16:42 - 00000000 ____D C:\Program Files (x86)\A.E.T. Europe B.V
2015-09-24 16:41 - 2015-09-24 16:41 - 00000000 ____D C:\Users\Todos os Usuários\SZCCID
2015-09-24 16:41 - 2015-09-24 16:41 - 00000000 ____D C:\ProgramData\SZCCID
2015-09-24 16:41 - 2015-09-24 16:41 - 00000000 ____D C:\Program Files (x86)\G&D
2015-09-24 16:40 - 2015-09-24 16:41 - 00000000 ____D C:\Program Files (x86)\VALID
2015-09-24 16:19 - 2015-09-24 16:30 - 83961755 _____ C:\Users\Gustavo\Downloads\NovaCAA_instalador.exe
2015-09-14 13:45 - 2015-09-14 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-14 13:44 - 2015-09-14 13:44 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-09-14 13:41 - 2015-09-30 19:22 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\NetTemp
2015-09-09 14:24 - 2015-09-02 23:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 14:24 - 2015-09-02 23:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 14:24 - 2015-09-02 15:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 14:24 - 2015-09-02 14:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 14:24 - 2015-08-26 23:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 14:24 - 2015-08-26 15:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 14:24 - 2015-08-26 15:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 14:24 - 2015-08-26 15:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 14:24 - 2015-08-26 15:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 14:24 - 2015-08-26 11:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 14:24 - 2015-08-26 11:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 14:24 - 2015-08-26 11:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 14:24 - 2015-08-26 11:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 14:24 - 2015-08-26 11:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 14:24 - 2015-08-26 11:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 14:24 - 2015-08-26 11:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 14:24 - 2015-08-22 15:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 14:24 - 2015-08-22 14:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 14:24 - 2015-08-22 14:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 14:24 - 2015-08-22 14:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 14:24 - 2015-08-22 13:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 14:24 - 2015-08-22 13:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 14:24 - 2015-08-22 13:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 14:24 - 2015-08-22 13:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 14:24 - 2015-08-22 13:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 14:24 - 2015-07-30 14:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 14:24 - 2015-07-30 13:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 14:24 - 2015-07-22 11:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-09 14:24 - 2015-07-22 10:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-09 14:24 - 2015-07-17 11:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-09 14:24 - 2015-07-17 11:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-09 14:24 - 2015-06-27 08:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 14:23 - 2015-09-01 23:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 14:23 - 2015-09-01 23:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 14:23 - 2015-09-01 23:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 14:23 - 2015-09-01 23:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 14:23 - 2015-09-01 23:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 14:23 - 2015-08-22 14:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 14:23 - 2015-08-22 14:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 14:23 - 2015-08-22 13:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 14:23 - 2015-08-22 13:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 14:23 - 2015-08-22 13:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 14:23 - 2015-08-22 13:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 14:23 - 2015-08-22 13:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 14:23 - 2015-08-22 13:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 14:23 - 2015-08-22 13:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 14:23 - 2015-08-22 13:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 14:23 - 2015-08-22 13:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 14:23 - 2015-08-22 13:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 14:23 - 2015-08-22 13:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 14:23 - 2015-08-22 13:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 14:23 - 2015-08-22 13:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 14:23 - 2015-08-22 13:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 14:23 - 2015-08-22 13:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 14:23 - 2015-08-22 13:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 14:23 - 2015-08-22 12:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 14:23 - 2015-08-22 12:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 14:23 - 2015-08-01 00:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 14:23 - 2015-08-01 00:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 14:23 - 2015-08-01 00:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 14:23 - 2015-08-01 00:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 14:23 - 2015-08-01 00:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 14:23 - 2015-07-22 11:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 14:23 - 2015-07-22 11:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 14:23 - 2015-07-22 11:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 14:23 - 2015-07-22 11:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 14:23 - 2015-07-18 15:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 14:23 - 2015-07-18 15:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 14:23 - 2015-07-18 15:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 14:23 - 2015-07-18 15:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 14:23 - 2015-07-13 16:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-09 14:23 - 2015-07-09 13:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-09 14:23 - 2015-07-03 18:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-09 14:23 - 2015-07-03 11:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-09 14:23 - 2015-06-19 14:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-09 14:22 - 2015-08-03 18:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 14:22 - 2015-08-03 18:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 14:22 - 2015-08-01 11:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 14:19 - 2015-07-10 16:06 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-09 14:18 - 2015-07-14 00:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 22:11 - 2014-12-03 23:04 - 01835066 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-09 22:00 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-09 16:29 - 2015-06-10 11:35 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-09 16:29 - 2013-02-28 17:48 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2311927973-3537350689-1432087344-1002
2015-10-09 16:21 - 2014-12-04 09:30 - 00003722 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-10-09 16:21 - 2014-12-04 09:30 - 00003476 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-10-09 16:17 - 2014-12-23 21:50 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-09 16:15 - 2014-12-02 15:49 - 00000000 ____D C:\Program Files\Couponarific
2015-10-09 15:47 - 2015-07-29 16:42 - 00001038 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-09 14:59 - 2014-07-19 12:23 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 14:38 - 2014-12-10 23:10 - 00050862 _____ C:\WINDOWS\setupact.log
2015-10-09 13:07 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-08 16:47 - 2015-07-29 16:42 - 00001034 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-08 12:38 - 2012-10-09 04:25 - 00000000 ____D C:\Users\Todos os Usuários\WinClon
2015-10-08 12:38 - 2012-10-09 04:25 - 00000000 ____D C:\ProgramData\WinClon
2015-10-08 12:34 - 2015-07-29 16:53 - 00000000 ___RD C:\Users\Gustavo\Dropbox
2015-10-08 12:34 - 2015-07-29 16:42 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Dropbox
2015-10-08 12:33 - 2014-12-04 07:40 - 00000000 __RDO C:\Users\Gustavo\OneDrive
2015-10-08 12:33 - 2012-10-09 04:31 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2015-10-08 12:33 - 2012-10-09 04:31 - 00000000 ____D C:\ProgramData\Temp
2015-10-07 17:41 - 2014-12-03 22:35 - 00000000 ____D C:\Users\Gustavo
2015-10-07 17:17 - 2014-12-10 23:06 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-10-07 17:17 - 2014-12-10 23:06 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-10-07 17:16 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-07 17:15 - 2014-12-10 23:04 - 00151796 _____ C:\WINDOWS\PFRO.log
2015-10-07 17:15 - 2012-07-26 05:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-07 15:04 - 2015-04-21 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-07 15:03 - 2015-06-10 11:38 - 00001580 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-07 15:03 - 2015-06-10 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-07 15:03 - 2015-02-18 12:23 - 00001375 _____ C:\Users\Gustavo\Desktop\Mozilla Firefox.lnk
2015-10-07 13:14 - 2015-04-11 11:48 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-05 15:00 - 2012-07-26 04:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-05 14:58 - 2015-04-11 11:48 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-03 14:44 - 2015-07-29 16:42 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-01 23:46 - 2013-03-02 00:44 - 00000000 ____D C:\Users\Gustavo\AppData\Local\CrashDumps
2015-10-01 17:03 - 2014-05-17 16:43 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-10-01 15:30 - 2014-09-24 11:04 - 01797166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-01 15:30 - 2014-09-24 10:19 - 00774900 _____ C:\WINDOWS\system32\prfh0416.dat
2015-10-01 15:30 - 2014-09-24 10:19 - 00158494 _____ C:\WINDOWS\system32\prfc0416.dat
2015-10-01 15:18 - 2015-01-23 18:00 - 00000000 ____D C:\WINDOWS\SysWOW64\RunDir
2015-10-01 15:05 - 2013-08-22 10:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-09-30 19:25 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-30 19:22 - 2014-07-23 17:55 - 00000302 _____ C:\WINDOWS\Tasks\FF Watcher {6C3B2C83-B45F-43F1-8E07-8B538ED9F1AE}.job
2015-09-29 00:08 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-25 13:39 - 2013-05-02 22:11 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-24 16:41 - 2012-10-09 03:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-22 14:19 - 2014-12-23 21:50 - 00003790 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-18 13:24 - 2015-06-10 11:35 - 00004064 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-18 13:24 - 2015-06-10 11:35 - 00003828 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-18 13:24 - 2015-06-10 11:35 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-15 13:54 - 2014-07-23 17:55 - 00003250 _____ C:\WINDOWS\System32\Tasks\FF Watcher {6C3B2C83-B45F-43F1-8E07-8B538ED9F1AE}
2015-09-15 13:14 - 2013-09-16 19:34 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Google
2015-09-14 22:18 - 2015-05-16 16:45 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-14 22:18 - 2015-05-16 16:45 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 14:15 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-14 13:45 - 2015-08-03 13:06 - 00001950 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-14 13:41 - 2015-09-08 13:21 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\DNSHelper
2015-09-14 13:39 - 2013-08-22 11:44 - 00529880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-14 13:33 - 2014-09-24 10:40 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-14 13:33 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 16:03 - 2013-11-15 16:36 - 00000000 ____D C:\WINDOWS\system32\MRT

==================== Files in the root of some directories =======

2014-09-08 19:59 - 2015-06-17 21:34 - 0004608 _____ () C:\Users\Gustavo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-12 10:18 - 2014-08-13 17:42 - 0000080 _____ () C:\Users\Gustavo\AppData\Local\X-Plane Installer.prf
2014-08-12 10:09 - 2014-08-12 10:09 - 0000042 _____ () C:\Users\Gustavo\AppData\Local\x-plane_install.txt
2015-01-17 12:56 - 2015-04-12 22:16 - 0000112 _____ () C:\ProgramData\8U45ukSL.dat
2015-10-07 15:05 - 2015-10-07 15:05 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\8U45ukSL.dat
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\EasySurvey\EasySurvey.exe
C:\Users\Todos os Usuários\8U45ukSL.dat
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\Gustavo\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Gustavo\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Gustavo\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxeexzw.dll
C:\Users\Gustavo\AppData\Local\Temp\LenovoSHAREit17-9.exe
C:\Users\Gustavo\AppData\Local\Temp\{1E19C331-D780-4FC7-BA74-808B6B18125B}.dll
C:\Users\Gustavo\AppData\Local\Temp\{29D40332-F427-46FC-811D-D4AA1CC8328D}.dll
C:\Users\Gustavo\AppData\Local\Temp\{3A4340A8-FA69-4E3D-8332-82CDD4027DAE}.dll
C:\Users\Gustavo\AppData\Local\Temp\{44403A22-9D8C-4350-8B4E-FD0379A4C6FA}.dll
C:\Users\Gustavo\AppData\Local\Temp\{83A290A2-4789-4CB1-AE32-E5B9DDF24F72}.dll
C:\Users\Gustavo\AppData\Local\Temp\{D3E96160-D9BF-47F9-8800-EA9A85BBEDF3}.dll
C:\Users\Gustavo\AppData\Local\Temp\{D3EEE245-CD00-4077-8741-5B69AA8445F2}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-08 13:32

==================== End of FRST.txt ============================
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Qui 15 Out 2015, 13:53

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by Gustavo (2015-10-09 22:15:58)
Running from C:\Users\Gustavo\Downloads
Windows 8.1 Single Language (X64) (2014-12-04 10:32:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2311927973-3537350689-1432087344-500 - Administrator - Disabled)
Convidado (S-1-5-21-2311927973-3537350689-1432087344-501 - Limited - Enabled) => C:\Users\Convidado
Gustavo (S-1-5-21-2311927973-3537350689-1432087344-1002 - Administrator - Enabled) => C:\Users\Gustavo
UpdatusUser (S-1-5-21-2311927973-3537350689-1432087344-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Baidu Browser (HKLM-x32\...\Spark) (Version: 33.12 Preview - Baidu Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Foto-galerija (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Giesecke & Devrient GmbH StarSign CUT (HKLM-x32\...\SZCCID) (Version: 1.7.17.0 - Giesecke & Devrient GmbH)
Giesecke & Devrient GmbH StarSign CUT (x32 Version: 1.7.17.0 - Giesecke & Devrient GmbH) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hao123-Client (HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\hao123desk-br) (Version: 1.0.0.1111 - Baidu Online Network Technology (Beijing) Co., Ltd.) <==== ATTENTION
Help Desk (HKLM\...\{D93F0B49-12AA-4AE6-8349-0ECB13B9532F}) (Version: 1.0.5 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Jungle Net (HKLM-x32\...\Jungle Net) (Version: 2.0.5758.12100 - Jungle Net) <==== ATTENTION
LibreOffice 4.2.5.2 (HKLM-x32\...\{93AD8CBD-C32E-4318-90BB-A294BE2D712C}) (Version: 4.2.5.2 - The Document Foundation)
Malwarebytes Anti-Malware versão 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
NVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
SafeSign 64-bits (HKLM\...\{66913111-2F8A-4950-AA93-51C26182FC35}) (Version: 3.0.45 - A.E.T. Europe B.V.)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Support Center (HKLM\...\{AC0273F1-68A3-42CF-B487-C594B0A92F8D}) (Version: 2.0.12 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.5 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.11.1 - Synaptics Incorporated)
The Desktop Weather 2.0 (HKLM\...\WeatherTool) (Version: 2.0.0.10766 - ShenZhen Enode Techology co,.Ltd)
Unity Web Player (HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
User Guide (HKLM-x32\...\{9914AD8E-C0D6-420D-BEF6-40BF4DEDE3BA}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VALID 1.4.01.2 (HKLM-x32\...\{D32F77F7-2906-46F9-ABFF-A4A4EB26BFE}_is1) (Version: 1.4.01.2 - Valid Certificadora Digital)
Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
YouTube Accelerator (HKLM-x32\...\YouTube Accelerator) (Version: 3394(build_80) - Goobzo Ltd.) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)

==================== Restore Points =========================

22-09-2015 00:31:47 Instalador de Módulos do Windows
24-09-2015 16:40:52 Installed Giesecke & Devrient GmbH StarSign CUT
05-10-2015 14:56:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-03-03 13:43 - 2015-09-14 13:45 - 00000855 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 d3oxij66pru1i3.cloudfront.net
0.0.0.1 mssplus.mcafee.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CDBFFEF-BA15-46BE-911F-195B52243E4B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {0FAE6BAF-6EA5-4E42-960C-A1F89A34CD9C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {1E2B1AAA-9AC9-4BDF-934A-4F787BC686CE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-12] (Synaptics Incorporated)
Task: {273A5093-B17E-4BB2-938E-C933FABE5D3E} - System32\Tasks\SparkUpdater => C:\Program Files (x86)\baidu\Spark\SparkUpdate.exe [2015-08-17] (Baidu.com, Inc.)
Task: {5518F319-4357-4A4A-91D2-D8C98B9BCFBA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {5CF534E2-9396-42EF-9926-FA42D3FB850D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {5CF8C7AB-2C79-428F-8E3C-0EFDC44207BE} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {633E1923-B922-40F2-AA0A-4E3BA161BD2E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {7350331F-3AA0-4ABA-A75E-97BFBD68DE86} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-29] (Dropbox, Inc.)
Task: {899619B1-5CB5-45D1-9341-3A032FC53DF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
Task: {91EE61BD-F68C-42E6-AC6E-A8FF1FD1B71B} - System32\Tasks\FF Watcher {6C3B2C83-B45F-43F1-8E07-8B538ED9F1AE} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {95DC2913-4CEA-4009-9A82-D0930EB26FB5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {A0ECE448-A897-4FF3-BC14-A4C0C4001599} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {A6E950CF-85B3-4856-B5C5-7D222893E973} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {ADB8FF09-8692-44F7-A86E-2749BE8563FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {B17FFA46-1114-4802-B402-F382517D5C7B} - System32\Tasks\{35207827-183E-4A38-B65C-5490330BFE42} => pcalua.exe -a "C:\Users\Gustavo\AppData\Local\Temp\Temp1_X-PlaneDemoInstallerWindows (1).zip\X-Plane Demo Installer Windows.exe"
Task: {B38520C4-5CA3-45EC-A6B9-AD48ACD1C6D8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {B961C412-8D8A-44B5-8466-9768D0134EE5} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-16] (SEC)
Task: {CB1CB265-C8C1-4DC0-9164-CF61EBBD67D7} - System32\Tasks\UNELEVATE_25874 => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.202\jsdrv.exe <==== ATTENTION
Task: {CEB938AA-6271-47B0-B5FF-48BE52EDD2FE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {D3C497FA-3751-4A05-94F3-B7A6417A5171} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {D3EF1224-4774-4769-BD1D-43C9659D5F59} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {DC02D29F-EAF5-4227-A81B-469E2F9A8456} - \BonanzaDealsLiveUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {E0362E8E-61DF-4D58-9F30-5620487D315C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
Task: {E07C78A4-B054-455E-8DB3-E41857E8732E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-29] (Dropbox, Inc.)
Task: {E3C36E44-C2C9-4483-A7CB-4F57B9C1A64F} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {E49D304E-0BD2-4F71-A32A-B2BAAC3D8D22} - \BonanzaDealsLiveUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {F2002432-F20C-4D7F-9510-28B1D2EA08C8} - \BonanzaDealsUpdate -> No File <==== ATTENTION
Task: {F7D12CE1-4366-4105-9303-086F483C2B08} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FF Watcher {6C3B2C83-B45F-43F1-8E07-8B538ED9F1AE}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SPBIW_UpdateTask_Time_323538383431393532392d454a2a415034412a4a6c575a.job => Wscript.exe S/B C:\ProgramData\ShopperPro\spbihe.js spbiu.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2014-10-24 09:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-19 12:38 - 2014-11-19 12:38 - 00186368 _____ () C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe
2014-11-19 12:38 - 2014-11-19 12:38 - 00110080 _____ () C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\nfapi.dll
2014-11-19 12:38 - 2014-11-19 12:38 - 00471040 _____ () C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\ProtocolFilters.dll
2015-10-01 15:18 - 2015-10-01 15:18 - 00185800 _____ () C:\Users\Gustavo\AppData\Local\Crsoft\crsvc.exe
2015-09-08 13:21 - 2015-09-08 13:21 - 00142792 _____ () C:\Users\Gustavo\AppData\Roaming\DNSHelper\DNSSVC.exe
2015-07-21 03:47 - 2015-07-21 03:47 - 00149752 _____ () C:\Program Files (x86)\WeatherTool\2.0.0.10766\WeatherService.exe
2014-07-23 22:42 - 2014-07-23 22:42 - 00709120 _____ () C:\Program Files\005\vulsrsebjh64.exe
2012-09-05 04:50 - 2012-09-05 04:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2015-07-21 03:48 - 2015-07-21 03:48 - 01043912 _____ () C:\Program Files (x86)\WeatherTool\2.0.0.10766\WeatherEntryDll.dll
2014-03-20 06:53 - 2014-03-20 06:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-10 06:28 - 2012-08-10 06:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 06:22 - 2012-08-10 06:22 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\pt-BR\BtTray.pt-BR.dll
2012-09-14 07:18 - 2012-09-14 07:18 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2015-10-07 14:47 - 2015-10-09 12:58 - 00613600 _____ () C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\updater.exe
2015-10-07 13:44 - 2015-10-09 13:03 - 01048288 _____ () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe
2015-10-09 13:05 - 2015-10-09 13:05 - 01001696 _____ () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\10\plugin.exe
2015-10-09 13:05 - 2015-10-09 13:05 - 01706208 _____ () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\2\plugin.exe
2015-10-09 13:05 - 2015-10-09 13:05 - 01296608 _____ () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\5\plugin.exe
2015-10-09 13:05 - 2015-10-09 13:05 - 00638688 _____ () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\plugin.exe
2015-10-09 13:05 - 2015-10-09 13:05 - 01266912 _____ () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\3\plugin.exe
2015-10-09 13:05 - 2015-10-09 13:05 - 00988896 _____ () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\7\plugin.exe
2015-10-09 14:20 - 2015-10-09 14:20 - 01254624 _____ () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\8\plugin.exe
2014-12-09 10:41 - 2012-05-30 03:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2012-09-05 04:50 - 2012-09-05 04:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 04:50 - 2012-09-05 04:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 04:50 - 2012-09-05 04:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 04:50 - 2012-09-05 04:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 04:50 - 2012-09-05 04:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 04:50 - 2012-09-05 04:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 04:50 - 2012-09-05 04:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 04:50 - 2012-09-05 04:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 04:50 - 2012-09-05 04:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-10-09 04:31 - 2012-06-08 00:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 23:34 - 2012-06-07 23:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-10-08 12:34 - 2015-10-08 12:34 - 00071168 _____ () c:\users\gustavo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxeexzw.dll
2015-08-14 14:55 - 2015-09-23 20:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-08-14 14:55 - 2015-09-23 20:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-14 14:55 - 2015-09-23 20:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-14 14:55 - 2015-09-23 20:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-01-30 15:26 - 2015-08-17 13:43 - 01018168 _____ () C:\Program Files (x86)\baidu\Spark\bdxui.dll
2015-10-09 13:06 - 2015-10-09 13:05 - 00533216 _____ () C:\Users\Gustavo\AppData\Local\Temp\{D3EEE245-CD00-4077-8741-5B69AA8445F2}.dll
2015-10-09 14:49 - 2015-10-09 13:05 - 00055520 _____ () C:\Users\Gustavo\AppData\Local\Temp\{3AF6DD4E-06E2-48FA-880C-6ADFEB43A7E2}.xpi
2015-09-29 13:39 - 2015-09-23 23:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-29 13:39 - 2015-09-23 23:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-09-29 13:39 - 2015-09-23 23:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\Gustavo\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:56E2E879

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\itau.com.br -> bankline.itau.com.br


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Gustavo\Desktop\Chapada dos Veadeiros\G2776243.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Baidu Antivirus"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\...\StartupApproved\StartupFolder: => "Enviar para o OneNote.lnk"
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\StartupApproved\StartupFolder: => "Enviar para o OneNote.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9A76FCDD-2C62-4B8B-920D-1AB5DB1CF8FE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{D6AEE7BF-6F18-40C6-83AA-139ED1A92A2E}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{E7A9F941-D171-46DC-AB91-24ED79BFE78D}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{46A1C290-4410-46D2-8EF8-06824D1B1BC0}C:\users\convidado\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\convidado\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [TCP Query User{B0553813-A3A4-4796-B8D1-777320FA2012}C:\users\convidado\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\convidado\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{B04209C1-01C8-4CCA-BD60-18AB82967BE2}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [{D0F26087-D198-4F53-A277-0188A5417D34}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [{F5E6D503-2208-4E89-9AF0-C10AE7EFB9E7}] => (Allow) LPort=1900
FirewallRules: [{550397B7-A027-4BB9-84D0-CF8C278ED518}] => (Allow) LPort=2869
FirewallRules: [{5AD0DCF8-04C8-40BF-9E0B-02BE2B6988A1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E154A618-8DEE-4256-B586-9CE24CAC7BC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{EB74704B-9EE2-4371-8346-6D8DB436A850}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{FDE6BDB8-432D-4AEB-BC00-008183BEE6CB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{53CB25DC-85BC-423B-98B2-E7FCD6C91367}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F73598D6-366C-49C9-88AF-CC0B356E1E0A}] => (Allow) C:\Program Files (x86)\DigiHelp\bin\DigiHelp.BRT.Helper.exe
FirewallRules: [{81C52252-B6F5-4FC4-B6E3-A1223FFC3C5F}] => (Allow) C:\Program Files (x86)\DigiHelp\bin\DigiHelp.BRT.Helper.exe
FirewallRules: [{802562AE-6B1F-4293-A515-039EE9F16513}] => (Allow) C:\Program Files (x86)\DigiHelp\bin\DigiHelp.BRT.Helper.exe
FirewallRules: [{9FF4EED5-CD13-4D23-94AC-05E9BD95504F}] => (Allow) C:\Program Files (x86)\DigiHelp\bin\DigiHelp.BRT.Helper.exe
FirewallRules: [{95D66AE8-C0B6-433E-995E-BCAD42B18708}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8FA383D8-111D-48CA-AE54-E94B41A5DAD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E20C4EB5-5758-4B38-95FA-BADCFFF10EE6}] => (Allow) C:\Program Files (x86)\baidu\Spark\Spark.exe
FirewallRules: [{A5A7BAA1-0FEF-469D-A516-C51F42C949C8}] => (Allow) C:\Program Files (x86)\baidu\Spark\Spark.exe
FirewallRules: [{B5775D63-6A7A-4157-95B3-026DDC048C6D}] => (Allow) C:\Program Files (x86)\baidu\Spark\bdtray.exe
FirewallRules: [{E47B4BB1-592E-46F5-BABF-7AA6C8F378E9}] => (Allow) C:\Program Files (x86)\baidu\Spark\bdtray.exe
FirewallRules: [TCP Query User{C7444DE7-60F3-4C16-896A-22020AB4D9AD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A07A0B2E-5EE2-477E-A4C0-D28E05D20F3E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{EDD4A07D-E02A-4403-8782-2DCF5269492F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{87D04861-56BC-4F43-B834-E4E48B2FFDBB}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{0E2EE6E2-C894-4D46-9F22-89CDB0B970F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{17A9DC7F-0527-4627-B117-3740962D7D5D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{962E4604-0485-41DC-8B7B-9A5766194896}C:\program files (x86)\lenovo\shareit\shareit.exe] => (Allow) C:\program files (x86)\lenovo\shareit\shareit.exe
FirewallRules: [UDP Query User{A703520E-74E9-4FD5-8FAC-4C3777850F75}C:\program files (x86)\lenovo\shareit\shareit.exe] => (Allow) C:\program files (x86)\lenovo\shareit\shareit.exe
FirewallRules: [TCP Query User{A8FAF70B-8564-4F78-9A64-D86FFAFD12E3}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{5B1A137F-0ECB-4E02-BA76-E73882279B01}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{B42A214C-CF30-4A9B-944A-E14C5A9DC743}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9B2C0058-0782-4AB2-BB12-5D4B552F1BCE}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{717F6CBE-18A3-4CD0-B61A-D29A57E644EB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{777590DA-CF8A-4111-9DBD-BAB268B67FE3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2015 10:08:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302

Error: (10/09/2015 12:49:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302

Error: (10/07/2015 05:22:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: SysDnsSvc.exe, versão: 0.0.0.0, carimbo de data/hora: 0x557e7cf3
Nome do módulo com falha: SysDnsSvc.exe, versão: 0.0.0.0, carimbo de data/hora: 0x557e7cf3
Código de exceção: 0xc0000409
Deslocamento da falha: 0x00013174
ID do processo com falha: 0x71c
Hora de início do aplicativo com falha: 0xSysDnsSvc.exe0
Caminho do aplicativo com falha: SysDnsSvc.exe1
Caminho do módulo com falha: SysDnsSvc.exe2
ID do Relatório: SysDnsSvc.exe3
Nome completo do pacote com falha: SysDnsSvc.exe4
ID do aplicativo relativo ao pacote com falha: SysDnsSvc.exe5

Error: (10/07/2015 03:15:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: Explorer.EXE, versão: 6.3.9600.17667, carimbo de data/hora: 0x54c6f7c2
Nome do módulo com falha: Windows.UI.Search.dll, versão: 6.3.9600.17415, carimbo de data/hora: 0x54503885
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000019ea20
ID do processo com falha: 0xcf4
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
Caminho do módulo com falha: Explorer.EXE2
ID do Relatório: Explorer.EXE3
Nome completo do pacote com falha: Explorer.EXE4
ID do aplicativo relativo ao pacote com falha: Explorer.EXE5

Error: (10/07/2015 01:21:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302

Error: (10/06/2015 12:57:39 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302

Error: (10/05/2015 01:38:38 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/04/2015 10:36:22 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/04/2015 07:32:06 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302

Error: (10/03/2015 09:14:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302


System errors:
=============
Error: (10/09/2015 04:21:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Intel(R) Update Manager foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (10/07/2015 05:36:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro:
%%1

Error: (10/07/2015 05:27:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Net Event Report foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (10/07/2015 05:16:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento do sistema que ocorreu às 15:21:49 do dia ‎07/‎10/‎2015 não era esperado.

Error: (10/01/2015 03:30:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Net Event Report foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (10/01/2015 03:14:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Net Event Report foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (09/30/2015 07:30:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Net Event Report foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (09/30/2015 07:24:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço BHDrvx64 devido ao seguinte erro:
%%20

Error: (09/30/2015 07:20:07 PM) (Source: DCOM) (EventID: 10010) (User: GUSTAVO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/30/2015 07:20:07 PM) (Source: DCOM) (EventID: 10010) (User: GUSTAVO)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 69%
Total physical RAM: 3797.53 MB
Available physical RAM: 1174.03 MB
Total Virtual: 8149.54 MB
Available Virtual: 4336.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:439.93 GB) (Free:300.31 GB) NTFS
Drive d: () (CDROM) (Total:2.63 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Qui 15 Out 2015, 14:03

desculpe, mensagem errada.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-10-2015 01
Ran by Gustavo (administrator) on GUSTAVO (15-10-2015 13:59:20)
Running from C:\Users\Gustavo\Downloads
Loaded Profiles: UpdatusUser & Gustavo (Available Profiles: UpdatusUser & Gustavo & Convidado)
Platform: Windows 8.1 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: "%1" %*)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(tsvr.com) C:\Users\Gustavo\AppData\Roaming\TSv\TSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\Gustavo\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Gustavo\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3940040 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [CertificateRegistration] => C:\windows\system32\aetcrss1.exe [191488 2011-04-20] (A.E.T. Europe B.V.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-10] (Symantec Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36710768 2015-10-01] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2014-05-05] (Banco Itaú Unibanco)
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\Run: [Viber] => "C:\Users\Gustavo\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\Run: [BingSvc] => C:\Users\Gustavo\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2015-10-14] ()
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COOL.vbs [2014-03-29] ()
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2014-02-25]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2013-05-07]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.225.197.37 200.225.197.34
Tcpip\..\Interfaces\{347ECC0F-6BDF-4A97-AD01-EF5CCD95EFFC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E757FE2C-39E1-44C0-9B4A-B6EE5007D5A4}: [DhcpNameServer] 200.225.197.37 200.225.197.34

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1001 -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1001 -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1001 -> {A1B24F64-A61A-4E03-A031-A19B11173500} URL =
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> {A1B24F64-A61A-4E03-A031-A19B11173500} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-08] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2014-05-05] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default
FF SearchEngineOrder.3: Bing
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2311927973-3537350689-1432087344-1002: gastecnologia.com.br/sf/uni -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-03-27] (GAS Tecnologia)
FF SearchPlugin: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\searchplugins\bing-.xml [2015-10-09]
FF Extension: Bing Search - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\bingsearch.full@microsoft.com [2015-10-07]
FF Extension: Jungle Net - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\{27198e32-9f26-4000-8352-13ebbebb1d2c}.xpi [2015-10-07]
FF Extension: Adblock Plus - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn

Chrome:
=======
CHR Profile: C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-15]
CHR Extension: (Jungle Net) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmihnbcolkckpfmjbmlmhpafbdcaclb [2015-10-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-10]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-29] (Dropbox, Inc.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928 2014-05-05] (GAS Tecnologia)
R2 IhPul; C:\Users\Gustavo\AppData\Roaming\TSv\TSvr.exe [396944 2015-09-20] (tsvr.com)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-10] (Symantec Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246464 2015-06-12] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20151008.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20151014.001\IDSvia64.sys [767216 2015-09-22] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20151014.054\ENG64.SYS [138488 2015-10-05] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20151014.054\EX64.SYS [2146040 2015-10-05] (Symantec Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2013-01-13] (Windows (R) 2003 DDK 3790 provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [40448 2011-01-21] (Generic)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Gustavo\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 13:59 - 2015-10-15 14:00 - 00026780 _____ C:\Users\Gustavo\Downloads\FRST.txt
2015-10-15 13:57 - 2015-10-15 13:58 - 02196992 _____ (Farbar) C:\Users\Gustavo\Downloads\FRST64(1).exe
2015-10-15 13:23 - 2015-10-15 13:23 - 01812480 _____ C:\Users\Gustavo\Desktop\ZHPCleaner-2015.4.26.191.exe
2015-10-14 17:21 - 2015-10-15 13:46 - 00001782 _____ C:\Users\Gustavo\Desktop\ZHPCleaner.txt
2015-10-14 17:04 - 2015-10-15 13:25 - 00000922 _____ C:\Users\Gustavo\Desktop\ZHPCleaner.lnk
2015-10-14 17:03 - 2015-10-14 17:03 - 01812480 _____ C:\Users\Gustavo\Downloads\ZHPCleaner-2015.4.26.191(1).exe
2015-10-14 16:49 - 2015-10-14 16:49 - 00004110 _____ C:\Users\Gustavo\Desktop\JRT.txt
2015-10-14 16:38 - 2015-10-14 16:38 - 01801288 _____ (Malwarebytes) C:\Users\Gustavo\Desktop\JRT(1).exe
2015-10-14 16:22 - 2015-10-14 16:22 - 01682432 _____ C:\Users\Gustavo\Desktop\adwcleaner_5.013.exe
2015-10-14 15:32 - 2015-10-14 15:32 - 00012284 _____ C:\Users\Gustavo\Desktop\ZHPFixReport.txt
2015-10-14 15:22 - 2015-10-14 15:26 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2015-10-14 15:22 - 2015-10-14 15:22 - 00001865 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2015-10-14 15:22 - 2015-10-14 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-10-14 15:21 - 2015-10-14 15:21 - 03521472 _____ (Nicolas Coolman ) C:\Users\Gustavo\Desktop\ZHPFix.exe
2015-10-14 14:28 - 2015-10-14 14:32 - 00119771 _____ C:\Users\Gustavo\Desktop\ZHPDiag.txt
2015-10-14 14:19 - 2015-10-14 14:19 - 00000867 _____ C:\Users\Gustavo\Desktop\ZHPDiag.lnk
2015-10-14 13:17 - 2015-10-14 13:17 - 00001189 _____ C:\Users\Gustavo\Desktop\ZHPDiag3 - Atalho.lnk
2015-10-14 13:15 - 2015-10-14 13:15 - 01956352 _____ C:\Users\Gustavo\Downloads\ZHPDiag3.exe
2015-10-13 16:35 - 2015-10-13 16:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-10-13 14:57 - 2015-10-15 13:14 - 00000001 _____ C:\WINDOWS\SysWOW64\br.html
2015-10-12 11:35 - 2015-10-15 13:55 - 00000000 ____D C:\Users\Gustavo\Downloads\FRST-OlderVersion
2015-10-12 01:03 - 2015-10-12 01:04 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\TSv
2015-10-09 22:12 - 2015-10-15 13:59 - 00000000 ____D C:\FRST
2015-10-09 22:12 - 2015-10-15 13:55 - 02196992 _____ (Farbar) C:\Users\Gustavo\Downloads\FRST64.exe
2015-10-08 12:48 - 2015-10-08 12:48 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2015-10-07 17:41 - 2015-10-07 17:41 - 00000000 ____D C:\Users\Gustavo\Tracing
2015-10-07 17:26 - 2015-10-07 17:26 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Skype
2015-10-07 17:25 - 2015-10-15 13:56 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\Skype
2015-10-07 17:25 - 2015-10-14 13:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-07 17:25 - 2015-10-07 17:25 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-07 17:25 - 2015-10-07 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-10-07 17:25 - 2015-10-07 17:25 - 00000000 ____D C:\ProgramData\Skype
2015-10-07 17:25 - 2015-10-07 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-07 17:23 - 2015-10-07 17:23 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Gustavo\Downloads\SkypeSetup.exe
2015-10-07 15:07 - 2015-10-07 15:14 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Lenovo
2015-10-07 15:06 - 2015-10-07 15:14 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-10-07 15:06 - 2015-10-07 15:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-10-07 15:06 - 2015-10-07 15:06 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-10-07 15:04 - 2015-10-07 15:04 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Baidu
2015-10-07 15:01 - 2015-10-07 15:00 - 01349943 _____ C:\Users\Gustavo\Downloads\skype-voice-changer-32-bits.zip
2015-10-07 14:58 - 2015-10-07 14:59 - 01093439 _____ C:\Users\Gustavo\Downloads\installer.zip
2015-10-06 16:26 - 2015-10-06 16:26 - 00000900 _____ C:\Users\Gustavo\Desktop\LUCAS iNDENIZAÇÃO - Atalho.lnk
2015-10-06 12:58 - 2015-10-06 12:58 - 00016999 _____ C:\Users\Gustavo\Downloads\EDITAL VERTICALIZADO - TJDFT Constitucional.xlsx
2015-10-05 18:52 - 2015-10-05 18:52 - 01081058 _____ C:\Users\Gustavo\Downloads\051020151718425320 (2).zip
2015-10-05 18:52 - 2015-10-05 18:52 - 01081058 _____ C:\Users\Gustavo\Downloads\051020151718425320 (1).zip
2015-10-05 18:51 - 2015-10-05 18:52 - 01081058 _____ C:\Users\Gustavo\Downloads\051020151718425320.zip
2015-10-05 13:42 - 2015-10-05 13:42 - 00677384 _____ C:\Users\Gustavo\Downloads\29092014162703150 (1).rar
2015-10-05 13:41 - 2015-10-05 13:41 - 00677384 _____ C:\Users\Gustavo\Downloads\29092014162703150.rar
2015-10-03 14:44 - 2015-10-03 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-01 15:18 - 2015-10-01 15:18 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Crsoft
2015-10-01 14:59 - 2015-10-01 15:26 - 00000000 ____D C:\Users\Gustavo\Desktop\LUCAS iNDENIZAÇÃO
2015-09-24 16:50 - 2015-09-24 16:50 - 00000000 ____D C:\Users\Gustavo\AppData\Local\A.E.T. Europe B.V
2015-09-24 16:42 - 2015-09-24 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeSign Standard
2015-09-24 16:42 - 2015-09-24 16:42 - 00000000 ____D C:\Program Files (x86)\A.E.T. Europe B.V
2015-09-24 16:41 - 2015-09-24 16:41 - 00000000 ____D C:\Users\Todos os Usuários\SZCCID
2015-09-24 16:41 - 2015-09-24 16:41 - 00000000 ____D C:\ProgramData\SZCCID
2015-09-24 16:41 - 2015-09-24 16:41 - 00000000 ____D C:\Program Files (x86)\G&D
2015-09-24 16:40 - 2015-09-24 16:41 - 00000000 ____D C:\Program Files (x86)\VALID
2015-09-24 16:19 - 2015-09-24 16:30 - 83961755 _____ C:\Users\Gustavo\Downloads\NovaCAA_instalador.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 14:00 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-15 13:51 - 2014-07-18 15:14 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\ZHP
2015-10-15 13:47 - 2015-07-29 16:42 - 00001038 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-15 13:33 - 2013-02-28 17:48 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2311927973-3537350689-1432087344-1002
2015-10-15 13:30 - 2014-12-03 23:04 - 01207162 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-15 13:29 - 2015-06-10 11:35 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-15 13:28 - 2015-01-29 23:39 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-15 13:27 - 2015-05-25 13:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-15 13:22 - 2014-09-24 11:04 - 01797166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-15 13:22 - 2014-09-24 10:19 - 00774900 _____ C:\WINDOWS\system32\prfh0416.dat
2015-10-15 13:22 - 2014-09-24 10:19 - 00158494 _____ C:\WINDOWS\system32\prfc0416.dat
2015-10-15 13:20 - 2012-10-09 04:25 - 00000000 ____D C:\Users\Todos os Usuários\WinClon
2015-10-15 13:20 - 2012-10-09 04:25 - 00000000 ____D C:\ProgramData\WinClon
2015-10-15 13:19 - 2014-12-10 23:10 - 00053194 _____ C:\WINDOWS\setupact.log
2015-10-15 13:17 - 2014-12-23 21:50 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-15 13:16 - 2015-07-29 16:53 - 00000000 ___RD C:\Users\Gustavo\Dropbox
2015-10-15 13:16 - 2015-07-29 16:42 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Dropbox
2015-10-15 13:14 - 2015-07-29 16:42 - 00001034 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-15 13:14 - 2014-12-04 07:40 - 00000000 __RDO C:\Users\Gustavo\OneDrive
2015-10-15 13:14 - 2014-12-03 22:35 - 00000000 ____D C:\Users\Gustavo
2015-10-15 13:13 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-14 17:28 - 2014-07-14 14:34 - 00000000 ____D C:\AdwCleaner
2015-10-14 16:31 - 2014-12-10 23:04 - 00159460 _____ C:\WINDOWS\PFRO.log
2015-10-14 15:30 - 2012-10-09 04:31 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2015-10-14 15:30 - 2012-10-09 04:31 - 00000000 ____D C:\ProgramData\Temp
2015-10-14 14:19 - 2014-12-23 21:50 - 00003790 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-14 13:22 - 2012-07-26 05:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-14 13:21 - 2013-08-22 10:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-10-13 13:02 - 2014-05-17 16:43 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-10-12 11:45 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-12 11:36 - 2014-06-30 10:48 - 00000000 ____D C:\Users\Gustavo\AppData\LocalLow\Temp
2015-10-12 11:36 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-12 01:04 - 2015-04-21 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-09 16:21 - 2014-12-04 09:30 - 00003722 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-10-09 16:21 - 2014-12-04 09:30 - 00003476 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-10-09 14:59 - 2014-07-19 12:23 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 13:07 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-07 15:03 - 2015-06-10 11:38 - 00001580 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-07 15:03 - 2015-06-10 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-07 15:03 - 2015-02-18 12:23 - 00001375 _____ C:\Users\Gustavo\Desktop\Mozilla Firefox.lnk
2015-10-07 13:14 - 2015-04-11 11:48 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-05 15:00 - 2012-07-26 04:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-05 14:58 - 2015-04-11 11:48 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-03 14:44 - 2015-07-29 16:42 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-01 23:46 - 2013-03-02 00:44 - 00000000 ____D C:\Users\Gustavo\AppData\Local\CrashDumps
2015-09-29 00:08 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-25 13:39 - 2013-05-02 22:11 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-24 16:41 - 2012-10-09 03:36 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2015-09-18 13:24 - 2015-06-10 11:35 - 00004064 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-18 13:24 - 2015-06-10 11:35 - 00003828 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-18 13:24 - 2015-06-10 11:35 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-15 13:14 - 2013-09-16 19:34 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Google

==================== Files in the root of some directories =======

2014-08-12 10:18 - 2014-08-13 17:42 - 0000080 _____ () C:\Users\Gustavo\AppData\Local\X-Plane Installer.prf
2014-08-12 10:09 - 2014-08-12 10:09 - 0000042 _____ () C:\Users\Gustavo\AppData\Local\x-plane_install.txt

Files to move or delete:
====================
C:\Users\EasySurvey\EasySurvey.exe


Some files in TEMP:
====================
C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuiwb7o.dll
C:\Users\Gustavo\AppData\Local\Temp\sqlite3.dll
C:\Users\Gustavo\AppData\Local\Temp\VARemove.exe
C:\Users\Gustavo\AppData\Local\Temp\{247FEA36-F0BF-4663-AB43-52FDFC29EE4B}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-14 15:15

==================== End of FRST.txt ============================
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Qui 15 Out 2015, 14:04

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-10-2015 01
Ran by Gustavo (administrator) on GUSTAVO (15-10-2015 13:59:20)
Running from C:\Users\Gustavo\Downloads
Loaded Profiles: UpdatusUser & Gustavo (Available Profiles: UpdatusUser & Gustavo & Convidado)
Platform: Windows 8.1 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: "%1" %*)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(tsvr.com) C:\Users\Gustavo\AppData\Roaming\TSv\TSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\Gustavo\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Gustavo\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3940040 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [CertificateRegistration] => C:\windows\system32\aetcrss1.exe [191488 2011-04-20] (A.E.T. Europe B.V.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-10] (Symantec Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36710768 2015-10-01] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2014-05-05] (Banco Itaú Unibanco)
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\Run: [Viber] => "C:\Users\Gustavo\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\...\Run: [BingSvc] => C:\Users\Gustavo\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2015-10-14] ()
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COOL.vbs [2014-03-29] ()
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2014-02-25]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2013-05-07]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.225.197.37 200.225.197.34
Tcpip\..\Interfaces\{347ECC0F-6BDF-4A97-AD01-EF5CCD95EFFC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E757FE2C-39E1-44C0-9B4A-B6EE5007D5A4}: [DhcpNameServer] 200.225.197.37 200.225.197.34

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1001 -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1001 -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1001 -> {A1B24F64-A61A-4E03-A031-A19B11173500} URL =
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKU\S-1-5-21-2311927973-3537350689-1432087344-1002 -> {A1B24F64-A61A-4E03-A031-A19B11173500} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-08] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2014-05-05] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default
FF SearchEngineOrder.3: Bing
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2311927973-3537350689-1432087344-1002: gastecnologia.com.br/sf/uni -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-03-27] (GAS Tecnologia)
FF SearchPlugin: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\searchplugins\bing-.xml [2015-10-09]
FF Extension: Bing Search - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\bingsearch.full@microsoft.com [2015-10-07]
FF Extension: Jungle Net - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\{27198e32-9f26-4000-8352-13ebbebb1d2c}.xpi [2015-10-07]
FF Extension: Adblock Plus - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uxf4416g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn

Chrome:
=======
CHR Profile: C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-15]
CHR Extension: (Jungle Net) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmihnbcolkckpfmjbmlmhpafbdcaclb [2015-10-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-10]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-29] (Dropbox, Inc.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928 2014-05-05] (GAS Tecnologia)
R2 IhPul; C:\Users\Gustavo\AppData\Roaming\TSv\TSvr.exe [396944 2015-09-20] (tsvr.com)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-10] (Symantec Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246464 2015-06-12] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20151008.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20151014.001\IDSvia64.sys [767216 2015-09-22] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20151014.054\ENG64.SYS [138488 2015-10-05] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20151014.054\EX64.SYS [2146040 2015-10-05] (Symantec Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2013-01-13] (Windows (R) 2003 DDK 3790 provider)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [40448 2011-01-21] (Generic)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Gustavo\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 13:59 - 2015-10-15 14:00 - 00026780 _____ C:\Users\Gustavo\Downloads\FRST.txt
2015-10-15 13:57 - 2015-10-15 13:58 - 02196992 _____ (Farbar) C:\Users\Gustavo\Downloads\FRST64(1).exe
2015-10-15 13:23 - 2015-10-15 13:23 - 01812480 _____ C:\Users\Gustavo\Desktop\ZHPCleaner-2015.4.26.191.exe
2015-10-14 17:21 - 2015-10-15 13:46 - 00001782 _____ C:\Users\Gustavo\Desktop\ZHPCleaner.txt
2015-10-14 17:04 - 2015-10-15 13:25 - 00000922 _____ C:\Users\Gustavo\Desktop\ZHPCleaner.lnk
2015-10-14 17:03 - 2015-10-14 17:03 - 01812480 _____ C:\Users\Gustavo\Downloads\ZHPCleaner-2015.4.26.191(1).exe
2015-10-14 16:49 - 2015-10-14 16:49 - 00004110 _____ C:\Users\Gustavo\Desktop\JRT.txt
2015-10-14 16:38 - 2015-10-14 16:38 - 01801288 _____ (Malwarebytes) C:\Users\Gustavo\Desktop\JRT(1).exe
2015-10-14 16:22 - 2015-10-14 16:22 - 01682432 _____ C:\Users\Gustavo\Desktop\adwcleaner_5.013.exe
2015-10-14 15:32 - 2015-10-14 15:32 - 00012284 _____ C:\Users\Gustavo\Desktop\ZHPFixReport.txt
2015-10-14 15:22 - 2015-10-14 15:26 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2015-10-14 15:22 - 2015-10-14 15:22 - 00001865 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2015-10-14 15:22 - 2015-10-14 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-10-14 15:21 - 2015-10-14 15:21 - 03521472 _____ (Nicolas Coolman ) C:\Users\Gustavo\Desktop\ZHPFix.exe
2015-10-14 14:28 - 2015-10-14 14:32 - 00119771 _____ C:\Users\Gustavo\Desktop\ZHPDiag.txt
2015-10-14 14:19 - 2015-10-14 14:19 - 00000867 _____ C:\Users\Gustavo\Desktop\ZHPDiag.lnk
2015-10-14 13:17 - 2015-10-14 13:17 - 00001189 _____ C:\Users\Gustavo\Desktop\ZHPDiag3 - Atalho.lnk
2015-10-14 13:15 - 2015-10-14 13:15 - 01956352 _____ C:\Users\Gustavo\Downloads\ZHPDiag3.exe
2015-10-13 16:35 - 2015-10-13 16:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-10-13 14:57 - 2015-10-15 13:14 - 00000001 _____ C:\WINDOWS\SysWOW64\br.html
2015-10-12 11:35 - 2015-10-15 13:55 - 00000000 ____D C:\Users\Gustavo\Downloads\FRST-OlderVersion
2015-10-12 01:03 - 2015-10-12 01:04 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\TSv
2015-10-09 22:12 - 2015-10-15 13:59 - 00000000 ____D C:\FRST
2015-10-09 22:12 - 2015-10-15 13:55 - 02196992 _____ (Farbar) C:\Users\Gustavo\Downloads\FRST64.exe
2015-10-08 12:48 - 2015-10-08 12:48 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2015-10-07 17:41 - 2015-10-07 17:41 - 00000000 ____D C:\Users\Gustavo\Tracing
2015-10-07 17:26 - 2015-10-07 17:26 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Skype
2015-10-07 17:25 - 2015-10-15 13:56 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\Skype
2015-10-07 17:25 - 2015-10-14 13:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-07 17:25 - 2015-10-07 17:25 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-07 17:25 - 2015-10-07 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-10-07 17:25 - 2015-10-07 17:25 - 00000000 ____D C:\ProgramData\Skype
2015-10-07 17:25 - 2015-10-07 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-07 17:23 - 2015-10-07 17:23 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Gustavo\Downloads\SkypeSetup.exe
2015-10-07 15:07 - 2015-10-07 15:14 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Lenovo
2015-10-07 15:06 - 2015-10-07 15:14 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-10-07 15:06 - 2015-10-07 15:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-10-07 15:06 - 2015-10-07 15:06 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-10-07 15:04 - 2015-10-07 15:04 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Baidu
2015-10-07 15:01 - 2015-10-07 15:00 - 01349943 _____ C:\Users\Gustavo\Downloads\skype-voice-changer-32-bits.zip
2015-10-07 14:58 - 2015-10-07 14:59 - 01093439 _____ C:\Users\Gustavo\Downloads\installer.zip
2015-10-06 16:26 - 2015-10-06 16:26 - 00000900 _____ C:\Users\Gustavo\Desktop\LUCAS iNDENIZAÇÃO - Atalho.lnk
2015-10-06 12:58 - 2015-10-06 12:58 - 00016999 _____ C:\Users\Gustavo\Downloads\EDITAL VERTICALIZADO - TJDFT Constitucional.xlsx
2015-10-05 18:52 - 2015-10-05 18:52 - 01081058 _____ C:\Users\Gustavo\Downloads\051020151718425320 (2).zip
2015-10-05 18:52 - 2015-10-05 18:52 - 01081058 _____ C:\Users\Gustavo\Downloads\051020151718425320 (1).zip
2015-10-05 18:51 - 2015-10-05 18:52 - 01081058 _____ C:\Users\Gustavo\Downloads\051020151718425320.zip
2015-10-05 13:42 - 2015-10-05 13:42 - 00677384 _____ C:\Users\Gustavo\Downloads\29092014162703150 (1).rar
2015-10-05 13:41 - 2015-10-05 13:41 - 00677384 _____ C:\Users\Gustavo\Downloads\29092014162703150.rar
2015-10-03 14:44 - 2015-10-03 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-01 15:18 - 2015-10-01 15:18 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Crsoft
2015-10-01 14:59 - 2015-10-01 15:26 - 00000000 ____D C:\Users\Gustavo\Desktop\LUCAS iNDENIZAÇÃO
2015-09-24 16:50 - 2015-09-24 16:50 - 00000000 ____D C:\Users\Gustavo\AppData\Local\A.E.T. Europe B.V
2015-09-24 16:42 - 2015-09-24 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeSign Standard
2015-09-24 16:42 - 2015-09-24 16:42 - 00000000 ____D C:\Program Files (x86)\A.E.T. Europe B.V
2015-09-24 16:41 - 2015-09-24 16:41 - 00000000 ____D C:\Users\Todos os Usuários\SZCCID
2015-09-24 16:41 - 2015-09-24 16:41 - 00000000 ____D C:\ProgramData\SZCCID
2015-09-24 16:41 - 2015-09-24 16:41 - 00000000 ____D C:\Program Files (x86)\G&D
2015-09-24 16:40 - 2015-09-24 16:41 - 00000000 ____D C:\Program Files (x86)\VALID
2015-09-24 16:19 - 2015-09-24 16:30 - 83961755 _____ C:\Users\Gustavo\Downloads\NovaCAA_instalador.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 14:00 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-15 13:51 - 2014-07-18 15:14 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\ZHP
2015-10-15 13:47 - 2015-07-29 16:42 - 00001038 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-15 13:33 - 2013-02-28 17:48 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2311927973-3537350689-1432087344-1002
2015-10-15 13:30 - 2014-12-03 23:04 - 01207162 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-15 13:29 - 2015-06-10 11:35 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-15 13:28 - 2015-01-29 23:39 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-15 13:27 - 2015-05-25 13:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-15 13:22 - 2014-09-24 11:04 - 01797166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-15 13:22 - 2014-09-24 10:19 - 00774900 _____ C:\WINDOWS\system32\prfh0416.dat
2015-10-15 13:22 - 2014-09-24 10:19 - 00158494 _____ C:\WINDOWS\system32\prfc0416.dat
2015-10-15 13:20 - 2012-10-09 04:25 - 00000000 ____D C:\Users\Todos os Usuários\WinClon
2015-10-15 13:20 - 2012-10-09 04:25 - 00000000 ____D C:\ProgramData\WinClon
2015-10-15 13:19 - 2014-12-10 23:10 - 00053194 _____ C:\WINDOWS\setupact.log
2015-10-15 13:17 - 2014-12-23 21:50 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-15 13:16 - 2015-07-29 16:53 - 00000000 ___RD C:\Users\Gustavo\Dropbox
2015-10-15 13:16 - 2015-07-29 16:42 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Dropbox
2015-10-15 13:14 - 2015-07-29 16:42 - 00001034 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-15 13:14 - 2014-12-04 07:40 - 00000000 __RDO C:\Users\Gustavo\OneDrive
2015-10-15 13:14 - 2014-12-03 22:35 - 00000000 ____D C:\Users\Gustavo
2015-10-15 13:13 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-14 17:28 - 2014-07-14 14:34 - 00000000 ____D C:\AdwCleaner
2015-10-14 16:31 - 2014-12-10 23:04 - 00159460 _____ C:\WINDOWS\PFRO.log
2015-10-14 15:30 - 2012-10-09 04:31 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2015-10-14 15:30 - 2012-10-09 04:31 - 00000000 ____D C:\ProgramData\Temp
2015-10-14 14:19 - 2014-12-23 21:50 - 00003790 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-14 13:22 - 2012-07-26 05:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-14 13:21 - 2013-08-22 10:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-10-13 13:02 - 2014-05-17 16:43 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-10-12 11:45 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-12 11:36 - 2014-06-30 10:48 - 00000000 ____D C:\Users\Gustavo\AppData\LocalLow\Temp
2015-10-12 11:36 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-12 01:04 - 2015-04-21 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-09 16:21 - 2014-12-04 09:30 - 00003722 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-10-09 16:21 - 2014-12-04 09:30 - 00003476 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-10-09 14:59 - 2014-07-19 12:23 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 13:07 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-07 15:03 - 2015-06-10 11:38 - 00001580 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-07 15:03 - 2015-06-10 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-07 15:03 - 2015-02-18 12:23 - 00001375 _____ C:\Users\Gustavo\Desktop\Mozilla Firefox.lnk
2015-10-07 13:14 - 2015-04-11 11:48 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-05 15:00 - 2012-07-26 04:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-05 14:58 - 2015-04-11 11:48 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-03 14:44 - 2015-07-29 16:42 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-01 23:46 - 2013-03-02 00:44 - 00000000 ____D C:\Users\Gustavo\AppData\Local\CrashDumps
2015-09-29 00:08 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-25 13:39 - 2013-05-02 22:11 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-24 16:41 - 2012-10-09 03:36 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2015-09-18 13:24 - 2015-06-10 11:35 - 00004064 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-18 13:24 - 2015-06-10 11:35 - 00003828 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-18 13:24 - 2015-06-10 11:35 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-15 13:14 - 2013-09-16 19:34 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Google

==================== Files in the root of some directories =======

2014-08-12 10:18 - 2014-08-13 17:42 - 0000080 _____ () C:\Users\Gustavo\AppData\Local\X-Plane Installer.prf
2014-08-12 10:09 - 2014-08-12 10:09 - 0000042 _____ () C:\Users\Gustavo\AppData\Local\x-plane_install.txt

Files to move or delete:
====================
C:\Users\EasySurvey\EasySurvey.exe


Some files in TEMP:
====================
C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuiwb7o.dll
C:\Users\Gustavo\AppData\Local\Temp\sqlite3.dll
C:\Users\Gustavo\AppData\Local\Temp\VARemove.exe
C:\Users\Gustavo\AppData\Local\Temp\{247FEA36-F0BF-4663-AB43-52FDFC29EE4B}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-14 15:15

==================== End of FRST.txt ============================
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por joram Qui 15 Out 2015, 23:10

/!\ Boa Noite! Gustavorornelas /!\

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )

start
CloseProcesses:
S3 catchme; \??\C:\Users\Gustavo\AppData\Local\Temp\catchme.sys [X]
C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuiwb7o.dll
C:\Users\Gustavo\AppData\Local\Temp\sqlite3.dll
C:\Users\Gustavo\AppData\Local\Temp\VARemove.exe
C:\Users\Gustavo\AppData\Local\Temp\{247FEA36-F0BF-4663-AB43-52FDFC29EE4B}.dll
C:\Users\Gustavo\AppData\Roaming\TSv\TSvr.exe
C:\Users\EasySurvey\EasySurvey.exe
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar
> Poste o relatório! (Fixlog.txt)

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Sex 16 Out 2015, 13:42

Não estou conseguindo.
Aparece que não foi encontrato fixlist.
Devo estar fazendo algo de errado
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por joram Sex 16 Out 2015, 22:58

Gustavorornelas escreveu:Não estou conseguindo.
Aparece que não foi encontrato fixlist.
Devo estar fazendo algo de errado
/!\ Olá! Gustavorornelas /!\

> O texto fixlist está no mesmo diretório que FRST.exe? Pois isto é fundamental,para o funcionamento do script. Não funciona com o atalho de FRST.exe,mesmo estando em mesma pasta que fixlist.txt.

Abs!
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Gustavorornelas Seg 19 Out 2015, 13:27

consegui!!
Fix result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by Gustavo (2015-10-19 12:58:35) Run:2
Running from C:\Users\Gustavo\Desktop
Loaded Profiles: UpdatusUser & Gustavo (Available Profiles: UpdatusUser & Gustavo & Convidado)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
S3 catchme; \??\C:\Users\Gustavo\AppData\Local\Temp\catchme.sys [X]
C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuiwb7o.dll
C:\Users\Gustavo\AppData\Local\Temp\sqlite3.dll
C:\Users\Gustavo\AppData\Local\Temp\VARemove.exe
C:\Users\Gustavo\AppData\Local\Temp\{247FEA36-F0BF-4663-AB43-52FDFC29EE4B}.dll
C:\Users\Gustavo\AppData\Roaming\TSv\TSvr.exe
C:\Users\EasySurvey\EasySurvey.exe
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************

Processes closed successfully.
catchme => service removed successfully
"C:\Users\Gustavo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuiwb7o.dll" => not found.
"C:\Users\Gustavo\AppData\Local\Temp\sqlite3.dll" => not found.
"C:\Users\Gustavo\AppData\Local\Temp\VARemove.exe" => not found.
"C:\Users\Gustavo\AppData\Local\Temp\{247FEA36-F0BF-4663-AB43-52FDFC29EE4B}.dll" => not found.
C:\Users\Gustavo\AppData\Roaming\TSv\TSvr.exe => moved successfully
C:\Users\EasySurvey\EasySurvey.exe => moved successfully
Restore point was successfully created.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2311927973-3537350689-1432087344-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 117.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:00:25 ====
Gustavorornelas
Gustavorornelas
Iniciante
Iniciante

Mensagens : 19
Reputação : 0
Data de inscrição : 09/10/2015

Ir para o topo Ir para baixo

muitas propagandas Empty Re: muitas propagandas

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Página 1 de 2 1, 2  Seguinte

Ir para o topo

- Tópicos semelhantes

Fórum PC Brasil :: Segurança da Informação :: Tópicos Arquivados

 
Permissões neste sub-fórum
Não podes responder a tópicos