Ir ao conteúdo
  • Cadastre-se
Allina

Lentidão absoluta

Recommended Posts

bom dia

preciso muito de ajuda

emprestei meu computador para a filha do meu primo que estava de passagem na minha casa

ela baixou o chrome que não tinha baixado porque não uso este navegador

depois disso meu computador ficou super lento, não responde, demora muito (completamente fora do normal) para abrir qualquer arquivo de word, navegador, foto, qualquer coisa, trava, enfim, não é o normal, então acho que está contaminado

:confused:

por favor se puder me orientar agradeço imensamente

:huh:

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Allina

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito.
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!
# Etapa nº 1 #

 

Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

bom dia (vejo a luz no fim do túnel rs)

segue abaixo conforme orientação:

 

# Etapa nº 1 # ADWCleaner

desculpe foram gerados dois blocos de notas como não sei se são os dois que é para colar ou se é um só qual deles seguem os dois abaixo, na ordem cronológica que foram criados (dois minutos de diferença):

 

A)

# AdwCleaner v5.201 - Relatório criado 07/07/2016 às 08:45:18
# Atualizado 30/06/2016 por ToolsLib
# Banco de dados : 2016-07-06.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X86)
# Usuário : Alina - ALLINA
# Executando de : C:\Users\Alina\Desktop\adwcleaner_5.201.exe
# Opção : Verificar
# Apoio : https://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****

Pasta Encontrado : C:\ProgramData\WindowsMangerProtect
Pasta Encontrado : C:\ProgramData\Application Data\WindowsMangerProtect
Pasta Encontrado : C:\Program Files\AllDaySavings
Pasta Encontrado : C:\Program Files\Iminent
Pasta Encontrado : C:\Program Files\SiteLookup
Pasta Encontrado : C:\Program Files\Common Files\IMGUpdater
Pasta Encontrado : C:\Users\Alina\AppData\Local\Temp\AirInstaller
Pasta Encontrado : C:\Users\Alina\AppData\Local\Temp\Iminent
Pasta Encontrado : C:\Windows\system32\config\systemprofile\AppData\LocalLow\AskToolbar
Pasta Encontrado : C:\Users\Alina\AppData\Roaming\DigitalSites
Pasta Encontrado : C:\Users\Alina\AppData\Roaming\SimilarAddon
Pasta Encontrado : C:\Users\Alina\AppData\Roaming\0V1L2Z2Z1T1I1L1T
Pasta Encontrado : C:\Users\Alina\AppData\Roaming\digitalsites
Pasta Encontrado : C:\Users\Default User\AppData\Local\AskToolbar
Pasta Encontrado : C:\Users\Default\AppData\Local\AskToolbar

***** [ Arquivos ] *****

Arquivo Encontrado : C:\ProgramData\FileSplitUpLoad.dll
Arquivo Encontrado : C:\ProgramData\Application Data\FileSplitUpLoad.dll
Arquivo Encontrado : C:\Program Files\Mozilla Firefox\browser\searchplugins\StartWeb.xml
Arquivo Encontrado : C:\Users\Alina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\v9.lnk
Arquivo Encontrado : C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\searchplugins\Search Provided by Bing.xml
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Arquivo Encontrado : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****

Tarefa Encontrada : Dealply
Tarefa Encontrada : Desk 365 RunAsStdUser
Tarefa Encontrada : Digital Sites
Tarefa Encontrada : DealPly

***** [ Registro ] *****

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Chave Encontrada : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
Chave Encontrada : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
Chave Encontrada : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
Chave Encontrada : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
Chave Encontrada : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{528B5866-2BA6-42CE-8F74-39FB23B49767}
Chave Encontrada : HKCU\Software\Classes\TypeLib\{006AD7B2-968A-11DE-88C9-5BDE55D89593}
Chave Encontrada : HKCU\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{929801A8-4AEF-4D12-BE31-D85BF666452B}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{929801A8-4AEF-4D12-BE31-D85BF666452B}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Chave Encontrada : HKCU\Software\APN PIP
Chave Encontrada : HKCU\Software\Download4windows
Chave Encontrada : HKCU\Software\dsiteproducts
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKCU\Software\SweetIM
Chave Encontrada : HKCU\Software\YahooPartnerToolbar
Chave Encontrada : HKCU\Software\AppDataLow\Software\Search Settings
Chave Encontrada : HKLM\SOFTWARE\hdcode
Chave Encontrada : HKLM\SOFTWARE\PIP
Chave Encontrada : HKLM\SOFTWARE\SweetIM
Chave Encontrada : HKLM\SOFTWARE\Trymedia Systems
Chave Encontrada : HKLM\SOFTWARE\V9Software
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chave Encontrada : HKU\.DEFAULT\Software\APN
Chave Encontrada : HKU\.DEFAULT\Software\Ask.com
Chave Encontrada : HKU\.DEFAULT\Software\AskToolbar
Chave Encontrada : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
Chave Encontrada : HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\APN PIP
Chave Encontrada : HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\Download4windows
Chave Encontrada : HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\dsiteproducts
Chave Encontrada : HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\InstallCore
Chave Encontrada : HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\Softonic
Chave Encontrada : HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\SweetIM
Chave Encontrada : HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\YahooPartnerToolbar
Chave Encontrada : HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\AppDataLow\Software\Search Settings
Chave Encontrada : HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3109449630-653368967-3778037145-1000\Software\BabylonToolbar
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3109449630-653368967-3778037145-1000\Software\facemoods.com
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3109449630-653368967-3778037145-1000\Software\SBConvert
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3109449630-653368967-3778037145-1000\Software\SpeedBit
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3109449630-653368967-3778037145-1000\Software\SweetIM
Chave Encontrada : HKU\S-1-5-18\Software\APN
Chave Encontrada : HKU\S-1-5-18\Software\Ask.com
Chave Encontrada : HKU\S-1-5-18\Software\AskToolbar
Chave Encontrada : HKU\S-1-5-18\Software\AppDataLow\Software\AskToolbar
Chave Encontrada : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Chave Encontrada : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Chave Encontrada : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Chave Encontrada : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bobrowser.com
Chave Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\desksvc
Chave Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\eSafeSvc

***** [ Navegadores ] *****

[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.defaulttab.active.affiliate", 4003);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.defaulttab.active.overridechromesearch", false);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.defaulttab.browserID", "1A9C79A7151993BD9E58C374947C04BD");
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.defaulttab.firstrun", false);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.defaulttab.installedVersion", "1.4.4");
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.lastGuardTime", 1623263458);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.numGuards", 1);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013022219");
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm022^YY^br");
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "38C3C98E-CB94-4793-8C47-3F267EDEFD11");
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1367171824182");
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "videodownloadconverter@mindspark.com");
[C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Encontrada : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
[C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : br.ask.com
[C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : br.yhs4.search.yahoo.com
[C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : ask.com
[C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : mysearchresults.com
[C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : trovi.search
[C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Encontrada : hxxp://www.trovi.com/?gd=&ctid=CT3320216&octid=EB_ORIGINAL_CTID&ISID=MDF65153A-4404-424B-A1EF-5E93122ECB00&SearchSource=55&CUI=&UM=6&UP=SP0DBEF6EC-5319-436B-B063-BB7A38E76393&SSPV=
[C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Encontrada : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320216&octid=EB_ORIGINAL_CTID&ISID=MDF65153A-4404-424B-A1EF-5E93122ECB00&SearchSource=58&CUI=&UM=6&UP=SP0DBEF6EC-5319-436B-B063-BB7A38E76393&q={searchTerms}&SSPV=
[C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Encontrada : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Encontrada : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Encontrada : nbljechdpodpbchbmjcoamidppmpnmlc
[C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Encontrada : hxxp://www.trovi.com/?gd=&ctid=CT3320216&octid=EB_ORIGINAL_CTID&ISID=MDF65153A-4404-424B-A1EF-5E93122ECB00&SearchSource=55&CUI=&UM=6&UP=SP0DBEF6EC-5319-436B-B063-BB7A38E76393&SSPV=

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [18357 bytes] - [07/07/2016 08:45:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [18431 bytes] ##########

 

 

 

B)

# AdwCleaner v5.201 - Relatório criado 07/07/2016 às 08:48:44
# Atualizado 30/06/2016 por ToolsLib
# Banco de dados : 2016-07-06.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X86)
# Usuário : Alina - ALLINA
# Executando de : C:\Users\Alina\Desktop\adwcleaner_5.201.exe
# Opção : Limpar
# Apoio : https://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****

[-] Pasta Excluído : C:\ProgramData\WindowsMangerProtect
[#] Pasta Excluído : C:\ProgramData\Application Data\WindowsMangerProtect
[-] Pasta Excluído : C:\Program Files\AllDaySavings
[-] Pasta Excluído : C:\Program Files\Iminent
[-] Pasta Excluído : C:\Program Files\SiteLookup
[-] Pasta Excluído : C:\Program Files\Common Files\IMGUpdater
[-] Pasta Excluído : C:\Users\Alina\AppData\Local\Temp\AirInstaller
[-] Pasta Excluído : C:\Users\Alina\AppData\Local\Temp\Iminent
[-] Pasta Excluído : C:\Windows\system32\config\systemprofile\AppData\LocalLow\AskToolbar
[-] Pasta Excluído : C:\Users\Alina\AppData\Roaming\DigitalSites
[-] Pasta Excluído : C:\Users\Alina\AppData\Roaming\SimilarAddon
[-] Pasta Excluído : C:\Users\Alina\AppData\Roaming\0V1L2Z2Z1T1I1L1T
[#] Pasta Excluído : C:\Users\Alina\AppData\Roaming\digitalsites
[-] Pasta Excluído : C:\Users\Default User\AppData\Local\AskToolbar
[#] Pasta Excluído : C:\Users\Default\AppData\Local\AskToolbar

***** [ Arquivos ] *****

[-] Arquivo Excluído : C:\ProgramData\FileSplitUpLoad.dll
[#] Arquivo Excluído : C:\ProgramData\Application Data\FileSplitUpLoad.dll
[-] Arquivo Excluído : C:\Program Files\Mozilla Firefox\browser\searchplugins\StartWeb.xml
[-] Arquivo Excluído : C:\Users\Alina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\v9.lnk
[-] Arquivo Excluído : C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\searchplugins\Search Provided by Bing.xml
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage-journal
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
[-] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage-journal
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
[#] Arquivo Excluído : C:\Users\Alina\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****

[-] Tarefa Excluída : Dealply
[-] Tarefa Excluída : Desk 365 RunAsStdUser
[-] Tarefa Excluída : Digital Sites
[-] Tarefa Excluída : DealPly

***** [ Registro ] *****

[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{528B5866-2BA6-42CE-8F74-39FB23B49767}
[-] Chave Excluída : HKCU\Software\Classes\TypeLib\{006AD7B2-968A-11DE-88C9-5BDE55D89593}
[-] Chave Excluída : HKCU\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{929801A8-4AEF-4D12-BE31-D85BF666452B}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{929801A8-4AEF-4D12-BE31-D85BF666452B}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
[-] Chave Excluída : HKCU\Software\APN PIP
[-] Chave Excluída : HKCU\Software\Download4windows
[-] Chave Excluída : HKCU\Software\dsiteproducts
[-] Chave Excluída : HKCU\Software\InstallCore
[-] Chave Excluída : HKCU\Software\Softonic
[-] Chave Excluída : HKCU\Software\SweetIM
[-] Chave Excluída : HKCU\Software\YahooPartnerToolbar
[-] Chave Excluída : HKCU\Software\AppDataLow\Software\Search Settings
[-] Chave Excluída : HKLM\SOFTWARE\hdcode
[-] Chave Excluída : HKLM\SOFTWARE\PIP
[-] Chave Excluída : HKLM\SOFTWARE\SweetIM
[-] Chave Excluída : HKLM\SOFTWARE\Trymedia Systems
[-] Chave Excluída : HKLM\SOFTWARE\V9Software
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
[-] Chave Excluída : HKU\.DEFAULT\Software\APN
[-] Chave Excluída : HKU\.DEFAULT\Software\Ask.com
[-] Chave Excluída : HKU\.DEFAULT\Software\AskToolbar
[-] Chave Excluída : HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3109449630-653368967-3778037145-1000\Software\BabylonToolbar
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3109449630-653368967-3778037145-1000\Software\facemoods.com
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3109449630-653368967-3778037145-1000\Software\SBConvert
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3109449630-653368967-3778037145-1000\Software\SpeedBit
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3109449630-653368967-3778037145-1000\Software\SweetIM
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bobrowser.com
[-] Chave Excluída : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\desksvc
[-] Chave Excluída : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\eSafeSvc

***** [ Navegadores ] *****

[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.defaulttab.active.affiliate", 4003);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.defaulttab.active.overridechromesearch", false);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.defaulttab.browserID", "1A9C79A7151993BD9E58C374947C04BD");
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.defaulttab.firstrun", false);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.defaulttab.installedVersion", "1.4.4");
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.lastGuardTime", 1623263458);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.numGuards", 1);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013022219");
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm022^YY^br");
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "38C3C98E-CB94-4793-8C47-3F267EDEFD11");
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1367171824182");
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "videodownloadconverter@mindspark.com");
[-] [C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\prefs.js] Excluída : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
[-] [C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.ask.com
[-] [C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.yhs4.search.yahoo.com
[-] [C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : ask.com
[-] [C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : mysearchresults.com
[-] [C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : trovi.search
[-] [C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Excluído : hxxp://www.trovi.com/?gd=&ctid=CT3320216&octid=EB_ORIGINAL_CTID&ISID=MDF65153A-4404-424B-A1EF-5E93122ECB00&SearchSource=55&CUI=&UM=6&UP=SP0DBEF6EC-5319-436B-B063-BB7A38E76393&SSPV=
[-] [C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Excluído : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320216&octid=EB_ORIGINAL_CTID&ISID=MDF65153A-4404-424B-A1EF-5E93122ECB00&SearchSource=58&CUI=&UM=6&UP=SP0DBEF6EC-5319-436B-B063-BB7A38E76393&q={searchTerms}&SSPV=
[-] [C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : nbljechdpodpbchbmjcoamidppmpnmlc
[-] [C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Excluído : hxxp://www.trovi.com/?gd=&ctid=CT3320216&octid=EB_ORIGINAL_CTID&ISID=MDF65153A-4404-424B-A1EF-5E93122ECB00&SearchSource=55&CUI=&UM=6&UP=SP0DBEF6EC-5319-436B-B063-BB7A38E76393&SSPV=

*************************

:: Políticas do IE excluídas
:: Políticas do Chrome excluídas

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [17665 bytes] - [07/07/2016 08:48:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [18511 bytes] - [07/07/2016 08:45:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [17813 bytes] ##########

 

 

 

 

 

# Etapa nº 2 # JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x86
Ran by Alina (Administrator) on 07/07/2016 at  9:03:58,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 28

Failed to delete: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIYQTQI7 (Temporary Internet Files Folder)
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5H77A3 (Temporary Internet Files Folder)
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2KZB5A4 (Temporary Internet Files Folder)
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVL8ZOE8 (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\user.js (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files\GUT64E3.tmp (File)
Successfully deleted: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\382V80CR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8M99B1P5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SN7Z907 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5U1N7ZH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK5H77A3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D032ZWXX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIWTXRLL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTT8E2YZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2KZB5A4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBH17EMF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVL8ZOE8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\382V80CR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8M99B1P5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9SN7Z907 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5U1N7ZH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D032ZWXX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIWTXRLL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTT8E2YZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIYQTQI7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBH17EMF (Temporary Internet Files Folder)

Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_D78A5C6BF273F294CD778CB57BD1F938 (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7bbe586-f42a-454b-9794-776b57483a40} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/07/2016 at  9:11:03,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

# Etapa nº 3 # ZHP Cleaner

~ ZHPCleaner v2016.7.5.82 by Nicolas Coolman (2016/07/05)
~ Run by Alina (Administrator)  (07/07/2016 10:33:49)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Alina\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Alina\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (1)
SUPRIMIDO dados: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\MigrateProxy [Bad : 0]  =>Hijacker.Proxy


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (1)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (9)
MOVIDO pasta: C:\Users\Alina\AppData\Roaming\Setup31899.exe    =>PUP.Optional.Pirrit
MOVIDO pasta: C:\Users\Alina\AppData\Local\temp\nscF1D2.exe [Client Connect LTD - SP Usage Sender]  =>PUP.Optional.SearchProtect
MOVIDO pasta: C:\Users\Alina\AppData\Local\temp\epom1_nationzoom_20131128171859.exe    =>PUP.Optional.NationZoom
MOVIDO pasta: C:\Users\Alina\AppData\Local\temp\etilqs_erQAGr6S1HQtDql    =>PUP.Optional.Shopperz
MOVIDO pasta: C:\Users\Alina\AppData\Local\temp\exthelper.exe [Copyright 2014 - Extension Helper Module]  =>PUP.Optional.Dealio
MOVIDO pasta: C:\Users\Alina\AppData\Local\temp\MgpvRyQt.exe.part [AirInstaller - HD Player]  =>PUP.Optional.AirInstaller
MOVIDO pasta: C:\Windows\Installer\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}\ARPPRODUCTICON.exe    =>PUP.Optional.SweetIM
MOVIDO pasta*: C:\Windows\Installer\{08ED8855-4C2E-429B-A878-F129E1F624FA}\ARPPRODUCTICON.exe    =>PUP.Optional.SweetIM
MOVIDO arquivo: C:\Program Files\QuickTime  =>Riskware.QuickTime


---\\  Registro ( Chaves, Valores, Dados ) (34)
SUPRIMIDO chave*: HKLM\Software\Classes\Installer\Products\2AC2CC6A977201F488FB3A9CBE78C442 [SweetIM Toolbar for Internet Explorer 3.9]  =>PUP.Optional.SweetIM
SUPRIMIDO chave*: HKLM\Software\Classes\Installer\Products\5588DE80E2C4B9248A871F921E6F42AF [SweetIM for Messenger 3.2]  =>PUP.Optional.SweetIM
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3} [Groove WebBrowserView2]  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\ApnStub_RASAPI32 []  =>Toolbar.Ask
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\ApnStub_RASMANCS []  =>Toolbar.Ask
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 []  =>Toolbar.Ask
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS []  =>Toolbar.Ask
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32 []  =>Toolbar.AskBar
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS []  =>Toolbar.AskBar
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 []  =>Toolbar.AskBar
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS []  =>Toolbar.AskBar
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\deskSvc_RASAPI32 []  =>PUP.Optional.22Find
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\deskSvc_RASMANCS []  =>PUP.Optional.22Find
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\FileConverter_1_RASAPI32 []  =>Toolbar.Agent
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\FileConverter_1_RASMANCS []  =>Toolbar.Agent
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SecondOffer1_RASAPI32 []  =>PUP.Optional.Linkular
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SecondOffer1_RASMANCS []  =>PUP.Optional.Linkular
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader47650_RASAPI32 []  =>.Superfluous.Softonic
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader47650_RASMANCS []  =>.Superfluous.Softonic
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader69164_RASAPI32 []  =>.Superfluous.Softonic
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader69164_RASMANCS []  =>.Superfluous.Softonic
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_kaspersky-virus-removal-tool_RASAPI32 []  =>.Superfluous.Softonic
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_kaspersky-virus-removal-tool_RASMANCS []  =>.Superfluous.Softonic
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_speedbit-video-downloader_RASAPI32 []  =>.Superfluous.Softonic
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_speedbit-video-downloader_RASMANCS []  =>.Superfluous.Softonic
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASAPI32 []  =>PUP.Optional.SweetIM
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASMANCS []  =>PUP.Optional.SweetIM
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32 []  =>PUP.Optional.UpdateTask
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS []  =>PUP.Optional.UpdateTask
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect
SUPRIMIDO chave*: HKLM\Software\Classes\Installer\Features\2AC2CC6A977201F488FB3A9CBE78C442 []  =>PUP.Optional.SweetIM
SUPRIMIDO chave*: HKLM\Software\Classes\Installer\Features\5588DE80E2C4B9248A871F921E6F42AF []  =>PUP.Optional.SweetIM
SUPRIMIDO chave: HKLM\SOFTWARE\Classes\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}\InprocServer32 [C:\Program Files\Microsoft Office\Office12\GrooveWebBrowserTool2.dll]  =>PUP.Optional.CrossRider
SUPRIMIDO valor: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task ["C:\Program Files\QuickTime\QTTask.exe" -atboottime]  =>Riskware.QuickTime


---\\  Resumo dos elementos encontrados na sua estação de trabalho (18)
https://www.nicolascoolman.info/2016/06/09/pirate-de-serveur-proxy-hijacker-proxy/ =>Hijacker.Proxy
http://www.nicolascoolman.fr/?p=914 =>PUP.Optional.Pirrit
http://www.nicolascoolman.fr/?p=1633 =>PUP.Optional.SearchProtect
http://www.nicolascoolman.fr/?p=137 =>PUP.Optional.NationZoom
https://www.nicolascoolman.info/2016/04/21/pup-optional-shopperz/ =>PUP.Optional.Shopperz
http://www.nicolascoolman.fr/?p=299 =>PUP.Optional.Dealio
http://www.nicolascoolman.fr/pup-optional-airinstaller =>PUP.Optional.AirInstaller
http://www.nicolascoolman.fr/?p=332 =>PUP.Optional.SweetIM
https://www.nicolascoolman.info/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime
https://www.nicolascoolman.info/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/?p=235 =>Toolbar.Ask
http://www.nicolascoolman.fr/?p=5143 =>Toolbar.AskBar
http://www.nicolascoolman.fr/?p=629 =>PUP.Optional.22Find
http://www.nicolascoolman.fr/?p=5143 =>Toolbar.Agent
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Linkular
http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.Softonic
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.UpdateTask
https://www.nicolascoolman.info/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect


---\\  Dodatkowe oczyszczenie. (191)
~ Chave de registro Tracing Supprimido (191)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 937
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 44


~ End of clean in 00h01mn52s
~====================
ZHPCleaner-[R]-07072016-10_35_41.txt
ZHPCleaner--07072016-10_29_52.txt

 

 

muito grata pela ajuda

 

 

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)


Clique duas vezes para executar a ferramenta.

  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.

Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).

Selecione, copie e cole o conteúdo do log FRST.txt em sua próxima resposta.

Anexe o log Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

oi

;)

 

segue abaixo FRST.txt:

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 02-07-2016
Executado por Alina (administrador) em ALLINA (07-07-2016 22:29:25)
Executando a partir de C:\Users\Alina\Desktop
Perfis Carregados: Alina (Perfis Disponíveis: Alina)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

( ) C:\Program Files\GbPlugin\gbpsv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lightcomm) C:\Program Files\Oi\Oi3G\GSMCliEjector.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [USB Antivirus] => C:\Program Files\USB Disk Security\USBGuard.exe [798720 2008-09-23] (Zbshareware Lab)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink)
HKLM\...\Run: [GSMEjector] => C:\Program Files\Oi\Oi3G\GSMCliEjector.exe [441856 2011-05-20] (Lightcomm)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [151552 2011-04-21] (A.E.T. Europe B.V.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunesII\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\ GbPluginAbn: C:\Program Files\GbPlugin\gbiehAbn.dll [2012-03-29] (Banco Real)
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [98304 2009-01-08] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\...\Run: [ares] => C:\Program Files\Ares\Ares.exe [935936 2013-07-19] (Seekar Ltd)
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehAbn.dll [621808 2012-03-29] (Banco Real)
Startup: C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org.br 1.1.3.lnk [2010-09-16]
ShortcutTarget: OpenOffice.org.br 1.1.3.lnk -> C:\Program Files\OpenOffice.org.br1.1.3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Atualizador de LCRs.lnk [2011-01-20]
ShortcutTarget: Atualizador de LCRs.lnk -> C:\Program Files\BRy Tecnologia\BRy Signer\BRyServicoLCR.exe (BRy Tecnologia S.A)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-07-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Nenhum Arquivo)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyEnable: [S-1-5-21-3109449630-653368967-3778037145-1000] => Proxy está habilitado.
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{53156D5F-1E20-4D9F-B507-16846381D2C7}: [DhcpNameServer] 189.40.224.80 189.40.226.80
Tcpip\..\Interfaces\{AEA1DCE8-5D64-4316-809A-5AE17584F539}: [DhcpNameServer] 189.40.224.80 189.40.226.80
Tcpip\..\Interfaces\{D9D8F630-DB89-4C84-92D7-6E869564BD13}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FB44C61A-FBAE-4433-AAD9-6B8F27038318}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope valor está ausente
SearchScopes: HKU\S-1-5-21-3109449630-653368967-3778037145-1000 -> DefaultScope {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3109449630-653368967-3778037145-1000 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7GGHP_pt-BR
SearchScopes: HKU\S-1-5-21-3109449630-653368967-3778037145-1000 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-14] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2013-12-14] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-14] (Kaspersky Lab ZAO)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> C:\Program Files\GbPlugin\gbiehAbn.dll [2012-03-29] (Banco Real)
BHO: MP3 Rocket Downloader -> {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-04] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-14] (Kaspersky Lab ZAO)
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} hxxp://192.168.1.4:8080/webrec.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_91-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0091-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_91-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_91-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default
FF DefaultSearchEngine: YHS
FF SelectedSearchEngine: YHS
FF Homepage: hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-04] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunesII\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.9.9 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Nenhum Arquivo]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll [2014-06-26] (pdfforge GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-03-16] (Apple Inc.)
FF SearchPlugin: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\59fo59xy.default\searchplugins\yhs.xml [2016-07-07]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-12-14] [não assinado]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-12-14] [não assinado]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-12-14] [não assinado]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-12-14] [não assinado]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-12-14] [não assinado]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => não encontrado (a)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-19]
CHR Extension: (Google Drive) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-19]
CHR Extension: (YouTube) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-19]
CHR Extension: (Google Search) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-19]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-08-09]
CHR Extension: (Safe Money) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-08-09]
CHR Extension: (Teclado virtual) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-08-09]
CHR Extension: (Google Wallet) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-19]
CHR Extension: (Gmail) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-19]
CHR Extension: (Anti-Banner) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-08-09]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM\...\Chrome\Extension: [gjokjdicpfckeiihaniimbbmhadclefc] - \User Data\Default\Extensions\novo_price_comparison.crx [2012-11-22]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-05-16]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-01-08] (Teruten) [Arquivo não assinado]
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [204232 2012-03-29] ( )
S2 GSMEjector; C:\Windows\system32\GSMSrvEjector.exe [620032 2011-05-20] () [Arquivo não assinado]
S2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] (Kaspersky Lab ZAO)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 bmusbser; C:\Windows\System32\DRIVERS\bmusbser.sys [105216 2011-05-20] (BM)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-01-08] () [Arquivo não assinado]
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47816 2012-03-29] (GAS Tecnologia)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-14] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [595552 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-14] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-05-17] (Kaspersky Lab ZAO)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [Arquivo não assinado]
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [83592 2007-05-02] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [15112 2007-05-02] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [109704 2007-05-02] (MCCI Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
S3 BdApiUtil; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [X]
S3 BdCameraProtect; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 catchme; \??\C:\Users\Alina\AppData\Local\Temp\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-05-17] (Kaspersky Lab ZAO)
S3 ONDAusbmdm6k; system32\DRIVERS\ONDAusbmdm6k.sys [X]
S3 ONDAusbnmea; system32\DRIVERS\ONDAusbnmea.sys [X]
S3 ONDAusbser6k; system32\DRIVERS\ONDAusbser6k.sys [X]
S3 ONDAusbvoice; system32\DRIVERS\ONDAusbvoice.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-07-07 22:29 - 2016-07-07 22:30 - 00023348 _____ C:\Users\Alina\Desktop\FRST.txt
2016-07-07 22:29 - 2016-07-07 22:29 - 00000000 ____D C:\FRST
2016-07-07 22:28 - 2016-07-07 22:28 - 01740288 _____ (Farbar) C:\Users\Alina\Desktop\FRST.exe
2016-07-07 10:35 - 2016-07-07 10:35 - 00007796 _____ C:\Users\Alina\Desktop\ZHPCleaner.txt
2016-07-07 09:15 - 2016-07-07 10:35 - 00000000 ____D C:\Users\Alina\AppData\Roaming\ZHP
2016-07-07 09:15 - 2016-07-07 09:15 - 02278400 _____ C:\Users\Alina\Desktop\ZHPCleaner.exe
2016-07-07 09:15 - 2016-07-07 09:15 - 00000828 _____ C:\Users\Alina\Desktop\ZHPCleaner.lnk
2016-07-07 09:11 - 2016-07-07 09:11 - 00005450 _____ C:\Users\Alina\Desktop\JRT.txt
2016-07-07 09:02 - 2016-07-07 09:02 - 01610816 _____ (Malwarebytes) C:\Users\Alina\Desktop\JRT.exe
2016-07-07 08:50 - 2016-07-07 09:50 - 00000000 ____D C:\Users\Alina\AppData\Local\{24751229-00DD-7E91-6D45-5B79492DA7E1}
2016-07-07 08:50 - 2016-07-07 08:50 - 03234836 _____ C:\Users\Alina\AppData\Roaming\sb954.dat
2016-07-07 08:50 - 2016-07-07 08:50 - 00002394 _____ C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-07-07 08:50 - 2016-07-07 08:50 - 00000000 ____D C:\Users\Alina\AppData\Local\Setup1455926
2016-07-07 08:50 - 2016-07-07 08:50 - 00000000 ____D C:\Users\Alina\AppData\Local\sefa
2016-07-07 08:41 - 2016-07-07 08:48 - 00000000 ____D C:\AdwCleaner
2016-07-07 08:38 - 2016-07-07 08:39 - 03712064 _____ C:\Users\Alina\Desktop\adwcleaner_5.201.exe
2016-07-07 08:29 - 2016-07-07 08:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-05 21:42 - 2016-05-12 12:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-05 21:42 - 2016-05-12 12:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-05 21:42 - 2016-05-12 12:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-05 21:42 - 2016-05-12 12:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-05 21:42 - 2016-05-12 11:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-05 21:42 - 2016-05-12 11:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-05 21:42 - 2016-05-12 11:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-05 21:42 - 2016-05-12 11:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-05 21:42 - 2016-05-12 11:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-05 21:42 - 2016-05-12 11:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-05 21:42 - 2016-05-12 11:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-05 21:42 - 2016-05-12 11:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-05 21:42 - 2016-05-12 11:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-05 21:42 - 2016-05-12 11:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-05 21:42 - 2016-05-12 10:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-05 21:42 - 2016-05-12 10:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-04 10:38 - 2016-07-04 10:35 - 00023930 _____ C:\ZA-Scan.txt
2016-07-04 10:13 - 2016-04-06 07:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-07-04 09:44 - 2016-03-09 15:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-07-04 08:55 - 2016-05-12 12:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-04 08:55 - 2016-05-12 12:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-07-04 08:55 - 2016-05-12 12:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-04 08:55 - 2016-05-12 12:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-04 08:55 - 2016-05-12 12:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-04 08:55 - 2016-05-12 12:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-04 08:55 - 2016-05-12 12:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-04 08:55 - 2016-05-12 11:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-07-04 08:55 - 2016-05-12 11:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-07-04 08:41 - 2016-05-12 12:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-07-04 08:41 - 2016-05-12 11:54 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-04 08:34 - 2016-04-09 03:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-07-04 08:34 - 2016-04-09 03:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-04 08:34 - 2016-04-09 03:57 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-04 08:34 - 2016-04-09 03:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-07-04 08:34 - 2016-04-09 03:54 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-07-04 08:34 - 2016-04-09 03:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-07-04 08:34 - 2016-04-09 03:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-07-04 08:34 - 2016-04-09 03:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-07-04 08:34 - 2016-04-09 03:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-04 08:34 - 2016-04-09 03:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-07-04 08:34 - 2016-04-09 02:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-07-04 08:34 - 2016-04-09 02:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-04 08:34 - 2016-04-09 02:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-07-04 08:34 - 2016-04-09 02:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-07-04 08:34 - 2016-04-09 02:40 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-07-04 08:34 - 2016-04-09 02:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-04 08:33 - 2016-06-06 12:26 - 00037096 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-04 08:33 - 2016-06-06 12:23 - 01001472 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-04 08:33 - 2016-06-03 10:04 - 01225216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-04 08:33 - 2016-05-27 10:05 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-04 08:33 - 2016-05-27 10:05 - 00461824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-04 08:33 - 2016-05-27 10:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-04 08:33 - 2016-05-27 10:05 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-04 08:33 - 2016-05-22 10:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-04 08:33 - 2016-05-11 12:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-04 08:33 - 2016-04-09 03:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-04 08:33 - 2016-04-09 03:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-07-04 08:33 - 2016-04-09 02:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-04 08:32 - 2016-04-14 10:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-07-04 08:30 - 2016-05-13 18:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-04 08:30 - 2016-05-13 18:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-04 08:30 - 2016-05-13 18:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-04 08:30 - 2016-05-13 18:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-04 08:30 - 2016-05-13 18:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-04 08:26 - 2016-03-09 15:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-07-04 00:55 - 2016-04-09 01:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-06-30 09:21 - 2016-05-11 12:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-30 09:21 - 2016-05-11 12:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-30 09:21 - 2016-05-11 12:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-30 09:21 - 2016-05-11 12:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-30 09:21 - 2016-05-11 11:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-30 09:21 - 2016-04-09 03:59 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-06-30 09:21 - 2016-04-09 03:59 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-06-30 09:21 - 2016-04-09 03:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-06-30 09:17 - 2016-04-14 12:38 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-30 09:17 - 2016-04-14 12:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-30 09:17 - 2016-04-14 12:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-30 09:17 - 2016-04-14 12:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-30 09:17 - 2016-04-14 12:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-30 09:17 - 2016-04-14 12:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-30 09:17 - 2016-04-14 12:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-30 09:05 - 2016-05-23 19:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-30 09:05 - 2016-05-21 13:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-30 09:05 - 2016-05-20 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-30 09:05 - 2016-05-20 19:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-30 09:05 - 2016-05-20 18:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-30 09:05 - 2016-05-20 18:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-30 09:05 - 2016-05-20 18:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-30 09:05 - 2016-05-20 18:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-30 09:05 - 2016-05-20 18:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-30 09:05 - 2016-05-20 18:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-30 09:05 - 2016-05-20 18:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-30 09:05 - 2016-05-20 18:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-30 09:05 - 2016-05-20 18:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-30 09:05 - 2016-05-20 18:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-30 09:05 - 2016-05-20 18:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-30 09:05 - 2016-05-20 18:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-30 09:05 - 2016-05-20 18:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-30 09:05 - 2016-05-20 18:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-30 09:05 - 2016-05-20 18:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-30 09:05 - 2016-05-20 18:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-30 09:05 - 2016-05-20 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-30 09:05 - 2016-05-20 18:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-30 09:05 - 2016-05-20 18:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-30 09:05 - 2016-05-20 18:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-30 09:05 - 2016-05-20 18:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-30 09:05 - 2016-05-20 18:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-30 09:05 - 2016-05-20 18:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-30 09:05 - 2016-05-20 18:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-30 09:05 - 2016-05-20 18:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-30 09:05 - 2016-05-20 18:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-30 09:05 - 2016-05-20 18:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-30 09:05 - 2016-05-20 18:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-30 09:05 - 2016-05-20 17:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-30 09:05 - 2016-05-20 17:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-30 09:05 - 2016-05-20 17:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-30 08:49 - 2016-05-18 13:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-29 19:51 - 2016-06-29 19:52 - 00002442 _____ C:\Users\Alina\Desktop\FSS.txt
2016-06-29 19:45 - 2016-06-29 19:46 - 00000512 _____ C:\Users\Alina\Desktop\Dump_Hdd0_DR0.mbr
2016-06-29 19:42 - 2016-07-04 11:06 - 00023933 _____ C:\Users\Alina\Desktop\ZA-Scan.txt
2016-06-29 18:59 - 2016-02-02 15:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-06-29 18:31 - 2016-06-29 18:31 - 00899584 _____ (Farbar) C:\Users\Alina\Desktop\FSS.exe
2016-06-29 18:26 - 2016-06-29 18:26 - 00000000 ____D C:\zoek_backup
2016-06-29 18:23 - 2016-06-29 18:23 - 01370112 _____ C:\Users\Alina\Desktop\ZA-Scan.exe
2016-06-29 18:23 - 2016-06-29 18:23 - 00147456 _____ (Eric_71) C:\Users\Alina\Desktop\MbrScan.exe
2016-06-29 18:19 - 2016-06-29 18:22 - 00000000 ____D C:\Users\Alina\Desktop\remoção vírus
2016-06-29 18:19 - 2016-03-16 15:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-06-29 18:19 - 2016-03-16 15:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-06-29 18:17 - 2016-03-17 19:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-29 18:17 - 2016-03-17 19:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-06-29 18:16 - 2016-03-17 19:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-06-29 18:16 - 2016-03-17 19:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 19:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 18:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-06-29 18:16 - 2016-03-17 18:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 18:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 18:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-29 18:16 - 2016-03-17 18:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-29 17:52 - 2016-03-15 20:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-06-29 17:52 - 2016-03-15 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-06-29 17:51 - 2016-01-20 21:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-06-29 17:46 - 2016-03-23 11:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-06-29 17:46 - 2016-03-06 15:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-06-29 17:46 - 2016-03-06 15:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-06-29 17:46 - 2016-02-05 15:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-06-29 17:46 - 2016-02-05 14:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-06-29 17:46 - 2015-06-03 17:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-06-29 09:05 - 2016-06-29 17:55 - 00000000 ____D C:\Users\Alina\.Certisign
2016-06-28 22:42 - 2016-06-28 22:45 - 00013824 ___SH C:\Users\Alina\Thumbs.db
2016-06-03 23:45 - 2016-06-03 23:46 - 00000000 ____D C:\Users\Alina\Desktop\ar condicionado
2016-05-27 14:52 - 2016-06-28 22:41 - 00000000 ____D C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium
2016-05-27 14:51 - 2016-05-27 14:53 - 00000000 ____D C:\Users\Alina\AppData\Local\Chromium
2016-05-27 14:49 - 2016-07-07 22:18 - 00000270 _____ C:\Windows\Tasks\{2C9EBF08-F3C3-FFD5-09E4-65BEE1465635}.job
2016-05-27 14:48 - 2016-05-30 09:14 - 00000000 ____D C:\Users\Alina\AppData\Local\{0F12394E-2BBA-55F6-4622-701E624A8C86}
2016-05-10 19:51 - 2016-05-10 19:51 - 00000000 ____D C:\Users\Alina\Desktop\viagem maringa
2016-05-10 19:51 - 2016-05-10 19:51 - 00000000 ____D C:\Users\Alina\Desktop\viagem concurso foz
2016-05-10 19:51 - 2016-05-10 19:51 - 00000000 ____D C:\Users\Alina\Desktop\pomerode
2016-05-10 19:51 - 2016-05-10 19:51 - 00000000 ____D C:\Users\Alina\Desktop\ostradamos
2016-05-10 19:50 - 2016-05-10 19:50 - 00000000 ____D C:\Users\Alina\Desktop\allina diversas
2016-05-10 19:50 - 2016-05-10 19:50 - 00000000 ____D C:\Users\Alina\Desktop\allina au au
2016-05-10 19:49 - 2016-05-10 19:50 - 00000000 ____D C:\Users\Alina\Desktop\copa do mundo 2014
2016-05-04 03:26 - 2016-05-04 03:26 - 00000000 ____D C:\Program Files\Common Files\Java
2016-05-04 03:25 - 2016-05-04 03:25 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-05-04 03:25 - 2016-05-04 03:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-04 03:11 - 2016-05-04 03:11 - 00738880 _____ (Oracle Corporation) C:\Users\Alina\Downloads\jxpiinstall.exe
2016-05-03 21:39 - 2016-05-04 02:55 - 00000000 ____D C:\Users\Alina\Desktop\emails atraso da empresa janelas
2016-04-27 19:04 - 2016-02-12 15:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-04-27 19:04 - 2016-02-12 15:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-04-27 19:04 - 2016-02-12 15:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-04-27 19:04 - 2016-02-12 15:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-27 19:04 - 2016-02-12 15:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-04-27 19:04 - 2016-02-12 15:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-04-27 19:04 - 2016-02-12 15:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-04-27 19:04 - 2016-02-12 15:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-04-27 19:04 - 2016-02-12 15:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-04-27 19:04 - 2016-02-12 15:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-04-27 19:04 - 2016-02-12 15:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-04-27 08:58 - 2016-02-09 06:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-04-27 08:58 - 2016-02-03 14:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-04-19 23:55 - 2016-02-04 15:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-04-19 23:44 - 2016-02-03 15:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-04-19 23:44 - 2016-02-03 15:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-04-19 23:44 - 2016-02-03 15:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-04-19 23:26 - 2016-04-19 23:26 - 00000000 ____D C:\Users\Alina\AppData\Roaming\Sun
2016-04-19 23:26 - 2016-04-19 23:26 - 00000000 ____D C:\Users\Alina\.oracle_jre_usage
2016-04-19 23:11 - 2015-11-19 11:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-04-19 23:11 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-04-19 22:56 - 2016-04-19 22:56 - 00000000 ____D C:\Users\Alina\AppData\LocalLow\Oracle
2016-04-19 22:53 - 2016-04-19 22:54 - 00738880 _____ (Oracle Corporation) C:\Users\Alina\Desktop\jxpiinstall.exe
2016-04-19 22:51 - 2016-04-19 22:51 - 00010536 _____ C:\Users\Alina\peticao requerimento testemunhas _all.pdf
2016-04-19 22:40 - 2016-04-19 22:40 - 00018266 _____ C:\Users\Alina\PETICA1.P7S
2016-04-19 22:40 - 2016-04-19 22:40 - 00018266 _____ C:\Users\Alina\Desktop\peticao requerimento testemunhas _all.pdf.p7s
2016-04-19 22:11 - 2016-04-19 22:11 - 00010535 _____ C:\Users\Alina\Desktop\peticao requerimento testemunhas JEC.pdf

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-07-07 22:26 - 2009-07-14 01:34 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-07 22:26 - 2009-07-14 01:34 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-07 22:25 - 2012-04-27 18:00 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-07 22:18 - 2014-03-14 00:10 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-07 08:59 - 2014-03-14 00:10 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-07 08:55 - 2013-05-02 19:21 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2016-07-07 08:55 - 2013-05-02 19:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-07-07 08:52 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-07 08:51 - 2014-08-22 02:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-07 08:49 - 2014-04-12 09:06 - 00000238 _____ C:\Users\Alina\AppData\Roaming\WB.CFG
2016-07-07 08:49 - 2013-02-21 21:44 - 00000008 __RSH C:\Users\Alina\ntuser.pol
2016-07-07 08:49 - 2010-04-29 21:32 - 00000000 ____D C:\Users\Alina
2016-07-06 14:11 - 2010-04-29 21:38 - 00472846 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-06 14:11 - 2009-08-04 23:58 - 00054506 _____ C:\Windows\system32\prfh0416.dat
2016-07-06 14:11 - 2009-08-04 23:58 - 00027750 _____ C:\Windows\system32\prfc0416.dat
2016-07-06 14:11 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-07-06 14:03 - 2009-07-14 01:33 - 00415832 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-06 13:59 - 2015-04-11 08:21 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-06 13:59 - 2014-12-11 09:09 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-06 13:59 - 2009-07-14 04:50 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-05 20:28 - 2010-04-29 21:50 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-07-05 20:15 - 2011-06-18 18:26 - 00000000 ____D C:\Program Files\Google
2016-07-04 00:27 - 2012-04-27 18:00 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-04 00:27 - 2011-05-22 10:14 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-21 12:13 - 2010-04-30 00:35 - 00400552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Arquivos na raiz de alguns diretórios =======

2014-08-25 22:06 - 2014-08-25 22:06 - 0457048 _____ (pdfforge GbR                                                ) C:\Program Files\PDFCreatorWebSetup.exe
2014-05-11 02:05 - 2014-05-11 02:06 - 4216840 _____ (Microsoft Corporation) C:\Program Files\Common Files\vcredist.exe
2010-04-29 23:20 - 2010-04-29 23:20 - 0007887 _____ () C:\Users\Alina\AppData\Roaming\pcouffin.cat
2010-04-29 23:20 - 2010-04-29 23:20 - 0001144 _____ () C:\Users\Alina\AppData\Roaming\pcouffin.inf
2010-04-29 23:20 - 2010-04-29 23:20 - 0047360 _____ (VSO Software) C:\Users\Alina\AppData\Roaming\pcouffin.sys
2016-07-07 08:50 - 2016-07-07 08:50 - 3234836 _____ () C:\Users\Alina\AppData\Roaming\sb954.dat
2010-04-30 01:41 - 2010-09-16 13:47 - 0000089 _____ () C:\Users\Alina\AppData\Roaming\sversion.ini
2014-04-12 09:06 - 2016-07-07 08:49 - 0000238 _____ () C:\Users\Alina\AppData\Roaming\WB.CFG
2015-02-05 18:36 - 2015-02-05 18:36 - 0000000 _____ () C:\Users\Alina\AppData\Local\{5825A4DA-8330-4C68-892F-14229E1E3EF1}
2013-08-22 11:11 - 2013-08-22 11:11 - 0000057 _____ () C:\ProgramData\Ament.ini

Arquivos para serem movidos ou deletados:
====================
C:\Windows\Tasks\{2C9EBF08-F3C3-FFD5-09E4-65BEE1465635}.job


Alguns arquivos em TEMP:
====================
C:\Users\Alina\AppData\Local\temp\aqbarqcr.exe
C:\Users\Alina\AppData\Local\temp\bdg39B5.exe
C:\Users\Alina\AppData\Local\temp\bdg6112.exe
C:\Users\Alina\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Alina\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Alina\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\Alina\AppData\Local\temp\libeay32.dll
C:\Users\Alina\AppData\Local\temp\MsgPlusUninstall.exe
C:\Users\Alina\AppData\Local\temp\msvcr120.dll
C:\Users\Alina\AppData\Local\temp\sqlite3.dll
C:\Users\Alina\AppData\Local\temp\UNT78E5.exe
C:\Users\Alina\AppData\Local\temp\UNT78E6.exe
C:\Users\Alina\AppData\Local\temp\UNT8997.exe
C:\Users\Alina\AppData\Local\temp\UNT8998.exe
C:\Users\Alina\AppData\Local\temp\UNT8999.exe
C:\Users\Alina\AppData\Local\temp\UNT92AD.exe
C:\Users\Alina\AppData\Local\temp\UNT92AE.exe
C:\Users\Alina\AppData\Local\temp\UNTBC0E.exe
C:\Users\Alina\AppData\Local\temp\{65CDCCF7-83BA-4D7A-8382-35B4ED430028}-43.0.2357.134_chrome_installer.exe
C:\Users\Alina\AppData\Local\temp\{D0166A96-A84C-418A-B516-DD30FE305259}-47.0.2526.80_46.0.2490.86_chrome_updater_3stage.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-07-07 09:58

==================== Fim de FRST.txt ============================

 

 

 

em anexo addition.txt

 

obrigada

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

 

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope valor está ausente
SearchScopes: HKU\S-1-5-21-3109449630-653368967-3778037145-1000 -> DefaultScope {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3109449630-653368967-3778037145-1000 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7GGHP_pt-BR
SearchScopes: HKU\S-1-5-21-3109449630-653368967-3778037145-1000 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
FF Homepage: hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
FF Keyword.URL: user_pref("keyword.URL", true);
S3 BdApiUtil; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [X]
S3 BdCameraProtect; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
Task: C:\Windows\Tasks\{2C9EBF08-F3C3-FFD5-09E4-65BEE1465635}.job => C:\Users\Alina\AppData\Local\{24751~1\UNINST~1.EXE <==== ATENÇÃO
HOSTS:
RemoveProxy:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
EmptyTemp:
  • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
  • Execute novamente o FRST e clique no botão Corrigir;
  • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 09-07-2016
Executado por Alina (2016-07-09 18:12:02) Run:1
Executando a partir de C:\Users\Alina\Desktop
Perfis Carregados: Alina (Perfis Disponíveis: Alina)
Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope valor está ausente
SearchScopes: HKU\S-1-5-21-3109449630-653368967-3778037145-1000 -> DefaultScope {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3109449630-653368967-3778037145-1000 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7GGHP_pt-BR
SearchScopes: HKU\S-1-5-21-3109449630-653368967-3778037145-1000 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
FF Homepage: hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_orgnl_bdr22.3.0&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzutDyCtByDyDyCyDzy0E0AyEtBtDyEtC0CtN0D0Tzu0StCyCyEzytN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtDtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0ByE0EzyyDtDtDtGtAyBzytDtGtD0E0AzytGyC0B0E0DtGtByBtD0AyByEtC0ByC0FtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyCtCtA0FzytG0Ezy0AyDtGyEzztA0CtGzytDtB0AtG0EyDtA0AyB0C0AzytBzy0EyD2QtN0A0LzutB%26cr%3D296070705%26a%3Dhdr_s_16_27_orgnl_bdr22.3.0%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
FF Keyword.URL: user_pref("keyword.URL", true);
S3 BdApiUtil; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [X]
S3 BdCameraProtect; \??\C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
Task: C:\Windows\Tasks\{2C9EBF08-F3C3-FFD5-09E4-65BEE1465635}.job => C:\Users\Alina\AppData\Local\{24751~1\UNINST~1.EXE <==== ATENÇÃO
HOSTS:
RemoveProxy:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
EmptyTemp:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKU\S-1-5-21-3109449630-653368967-3778037145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso.
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
"HKU\S-1-5-21-3109449630-653368967-3778037145-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1b31c9d2-7135-442b-bb93-7c002172adc6}" => chave removido (a) com sucesso.
HKCR\CLSID\{1b31c9d2-7135-442b-bb93-7c002172adc6} => chave não encontrado (a).
"HKU\S-1-5-21-3109449630-653368967-3778037145-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d4fee3d1-1014-4db8-a824-573bf9ab51c7}" => chave removido (a) com sucesso.
HKCR\CLSID\{d4fee3d1-1014-4db8-a824-573bf9ab51c7} => chave não encontrado (a).
Firefox "homepage" removido (a) com sucesso.
Firefox "Keyword.URL" removido (a) com sucesso.
BdApiUtil => serviço removido (a) com sucesso.
BdCameraProtect => serviço removido (a) com sucesso.
Bfilter => serviço removido (a) com sucesso.
Bfmon => serviço removido (a) com sucesso.
Bhbase => serviço removido (a) com sucesso.
Bprotect => serviço removido (a) com sucesso.
C:\Windows\Tasks\{2C9EBF08-F3C3-FFD5-09E4-65BEE1465635}.job => movido com sucesso
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => valor removido (a) com sucesso.
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-3109449630-653368967-3778037145-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


========= Fim de RemoveProxy: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

A opera‡Æo foi conclu¡da com ˆxito.

========= Fim de Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

A opera‡Æo foi conclu¡da com ˆxito.

========= Fim de Reg: =========


=========  netsh advfirewall reset =========

Ok.


========= Fim de CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= Fim de CMD: =========


=========  ipconfig /flushdns =========


Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62225092 B
Java, Flash, Steam htmlcache => 20259 B
Windows/system/drivers => 134477793 B
Edge => 0 B
Chrome => 23381139 B
Firefox => 305888160 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 50421 B
Public => 0 B
ProgramData => 0 B
systemprofile => 98982 B
LocalService => 1845908 B
NetworkService => 200566 B
Alina => 636020409 B

RecycleBin => 805596344 B
EmptyTemp: => 1.8 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 18:15:15 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu Antivírus

 

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Marque: "Enable detection of potentially unwanted applications"
  • Clique em Hide Advanced settings e marque o seguinte:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List of found threats
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Clique em Back.
  • Clique em Finish.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa noite

:)

segue abaixo:

 

C:\AdwCleaner\FileQuarantine\C\Users\Alina\AppData\Roaming\0V1L2Z2Z1T1I1L1T\Codec Pack Packages\uninstaller.exe.vir    a variant of Win32/InstallCore.AEO.gen potentially unwanted application    cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Users\Alina\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe.vir    Win32/DealPly.S potentially unwanted application    cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Users\Default User\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\Windows\system32\config\systemprofile\AppData\LocalLow\AskToolbar\avira.cab.vir    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll    Win32/OpenCandy potentially unsafe application    cleaned by deleting
C:\Programas Allina\GoogleChrome.exe    a variant of Win32/Injected.F trojan    cleaned by deleting
C:\Programas Allina\PDFCreator-2_3_0-Setup.exe    Win32/InstallMonetizer.AQ potentially unwanted application    deleted
C:\Users\Alina\AppData\Local\{0F12394E-2BBA-55F6-4622-701E624A8C86}\uninstall.exe    a variant of Win32/DealPly.DM potentially unwanted application    cleaned by deleting
C:\Users\Alina\AppData\Local\{24751229-00DD-7E91-6D45-5B79492DA7E1}\uninstall.exe    a variant of Win32/DealPly.DF potentially unwanted application    cleaned by deleting
C:\Users\Alina\AppData\LocalLow\Sun\Java\jre1.7.0_65\java_sp.dll    a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application    cleaned by deleting
C:\Users\Alina\AppData\Roaming\ZHP\Quarantine\exthelper.exe    a variant of Win32/Toolbar.Widgi.M potentially unwanted application    cleaned by deleting
C:\Users\Alina\AppData\Roaming\ZHP\Quarantine\MgpvRyQt.exe.part    a variant of Win32/AirAdInstaller.A potentially unwanted application    cleaned by deleting
C:\Users\Alina\AppData\Roaming\ZHP\Quarantine\nscF1D2.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    cleaned by deleting
C:\Users\Alina\AppData\Roaming\ZHP\Quarantine\Setup31899.exe    a variant of Win32/DealPly.DL potentially unwanted application    cleaned by deleting
C:\Users\Alina\Desktop\ccsetup401.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted
C:\Users\Alina\Downloads\avira_free_antivirus_ptbr.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted
C:\Users\Alina\Downloads\Foxit_Reader5.3.1.619_br_Setup.exe    a variant of Win32/ELEX.B potentially unwanted application    deleted
C:\Users\Alina\Downloads\frostwire-5.5.5.windows.exe    Win32/OpenCandy potentially unsafe application    deleted
C:\Windows\Installer\2371c.msi    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted
C:\Windows\Installer\2375d0.msi    a variant of Win32/SweetIM.L potentially unwanted application    deleted
C:\Windows\Installer\2375d6.msi    a variant of Win32/SweetIM.L potentially unwanted application    deleted
D:\FMB\aTube%20Catcher.exe    a variant of Win32/Solimba.C potentially unwanted application    cleaned by deleting
D:\FMB\baixar-musicas-gratis-32-bits.exe    a variant of Win32/InstallCore.ACZ potentially unwanted application    cleaned by deleting
D:\FMB\installer_adobe_flash_player_Portuguese.exe    a variant of Win32/InstallCore.ACZ potentially unwanted application    cleaned by deleting
D:\FMB\PDFCreator-2_1_2-setup.exe    Win32/InstallMonetizer.AQ potentially unwanted application    deleted

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Allina

 

Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Aguarde enquanto a ferramenta faz o exame.
  • Ao final abrirá um log: SecurityCheck.txt.
  • Este log é salvo em C: (Disco local) na pasta SecurityCheck que foi criada.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

 bom dia

 

SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 11.07.2016 08:51:59
Path starting: C:\Users\Alina\AppData\Local\temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Alina
VersionXML: 3.20is-08.07.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x86) Ultimate Lang: Portuguese(0416)
Installation date OS: 30.04.2010 00:32:49
LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [78.3 Gb] Used: [76.8 Gb] Free: [1.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18349
Automatic download and scheduled installation
Date install updates: 2016-07-09 21:31:49
Windows Update (wuauserv) - The service is running
Central de Segurança (wscsvc) - The service is running
Registro remoto (RemoteRegistry) - The service has stopped
Descoberta SSDP (SSDPSRV) - The service is running
Serviços de Área de Trabalho Remota (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6612.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Kaspersky Internet Security (disabled and out of date)
---------------------------- [ Firewall_WMI ] -----------------------------
Kaspersky Internet Security (disabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Kaspersky Internet Security (disabled and up to date)
Windows Defender (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Online Scanner v3
Kaspersky Security Scan v.12.0.1.117
Kaspersky Internet Security 2013 v.13.0.1.4190
McAfee Security Scan Plus v.3.0.285.6
--------------------------- [ OtherUtilities ] ----------------------------
Arquivo do WinRAR
OpenOffice.org.br 1.1.3 v.1.1.3 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.0 v.7.0.102 Warning! Download Update
^Optional update.^
--------------------------------- [ P2P ] ---------------------------------
eMule Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 91 v.8.0.910.14 Warning! Download Update
Uninstall old version and install new one (jre-8u92-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
QuickTime 7 v.7.75.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
iTunes v.12.3.2.35 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour v.3.1.0.1
Serviço do Bonjour (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 22 ActiveX v.22.0.0.192
Adobe Flash Player 22 NPAPI v.22.0.0.192
Adobe Reader XI (11.0.13) - Português v.11.0.13 Warning! Download Update
^Please run Adobe Reader XI and go Help - Check for updates...^
------------------------------- [ Browser ] -------------------------------
Google Chrome v.51.0.2704.103 Warning! Download Update
Mozilla Firefox 47.0.1 (x86 pt-BR) v.47.0.1
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Mozilla Firefox\firefox.exe v.47.0.1.6018
------------------ [ AntivirusFirewallProcessServices ] -------------------
Kaspersky Anti-Virus Service (AVP) - The service is running
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe v.13.0.1.4359
McAfee Security Scan Component Host Service (McComponentHostService) - The service has stopped
Windows Defender (WinDefend) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Hao123-Client v.1.0.0.1106 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by ToolsLib). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

Para finalizar:

 

# Etapa nº 1 #

 

Baixe o Delfix by Xplode e salve na sua área de trabalho.

 

Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

 

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

 

2mez6ld.png

 

Clique no botão Executar.

 

Ao final será gerado um log, mas não é necessário postar.
 
# Etapa nº 2 #
 
imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.
 
Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).
 
Basta clicar no Download Update de cada aviso, que irá para o site do desenvolvedor.

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Auxílio fantástico

muita gratidão a todos vocês do fórum pela paciência, boa vontade e eficiência.

obrigada obrigada obrigada

:wiggle::tw_heart:

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×