Remoção de vírus

Rafael Turbo · 10/10/2015

Olá ascwb. Seu computador está com algum problema atualmente ou é só uma verificação de rotina?

Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

Tutorial do antivirus Nod32 Online

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

Na sua próxima resposta poste este log do Nod32 Online.

ascwb · 10/10/2015

Rafael Turbo disse:
Olá ascwb. Seu computador está com algum problema atualmente ou é só uma verificação de rotina?

Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

Tutorial do antivirus Nod32 Online

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

Na sua próxima resposta poste este log do Nod32 Online.

O problema foi o seguinte,
Eu entrei na minha steam a tarde como todos os dias, aí apareceu que uma pessoa com um determinado IP diferente do meu tinha entrado e jogado algumas partidas competitivas de CS:GO na minha conta. Então eu pedi pra um amigo logar na minha steam, mudar o e-mail, senha e pergunta secreta e não me falar os dados da minha steam até que eu possa me livrar desse suposto vírus.

LOG:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=016378cc1262ad40991e4af48941f4db
# end=init
# utc_time=2015-10-10 02:26:07
# local_time=2015-10-10 11:26:07 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 26174
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=016378cc1262ad40991e4af48941f4db
# end=updated
# utc_time=2015-10-10 02:32:20
# local_time=2015-10-10 11:32:20 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=016378cc1262ad40991e4af48941f4db
# engine=26174
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-10 03:12:24
# local_time=2015-10-10 12:12:24 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 153236090 196036993 0 0
# scanned=117203
# found=1
# cleaned=1
# scan_time=2402
sh=663733032C04386F3781C077791489E21B032B72 ft=1 fh=60cfcd37ac4caf8c vn="a variant of Win32/OpenCandy.C potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Admin\AppData\Roaming\Skype\My Skype Received Files\CheatEngine64.exe"

Achou um arquivo malicioso.
https://gyazo.com/f55f0220dfc91b21752fabeb54ccc7ba
-
https://gyazo.com/504d693cdf5401c04d374f4e4d0a90ac

PS: Não vou mentir, eu usava o cheat engine em um jogo que 95% dos jogadores usavam. Acabei de deletar esse instalador dele. Oque mais eu devo fazer?

Rafael Turbo · 10/10/2015

Tudo indica que seu PC está limpo, sem vírus. Mas vamos dar mais uma pesquisada para ver se tem algo de errado:

- Abra o Malwarebytes que você tem instalado em seu PC > Clique em Verificar > clique em Personalizar verificação > Clique em Configurar verificação:

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas todas estas opções:

Verificar objetos na memória
Verificar inicialização e as configurações de registro
Verificar arquivos
Procurar rootkits

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Verificar Agora como mostra a imagem abaixo:

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

Assim que a verificação terminar, aparecerá a frase Personalizar verificação completada com sucesso. Caso seu PC esteja seguro e sem ameaças, uma mensagem parecida com esta abaixo aparecerá informando que "Ameaças Identificadas: 0" (Ou seja: Nenhum ítem malicioso foi detectado). Neste caso tudo está certo, seu computador está normal e você clicará no botão Terminar:

Caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows com a frase Verificação Terminada - Malware Detectado na qual você clicará nela:

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Para remover a infecção, deixe todas as caixinhas marcadas em todos os itens que queira remover e clique no botão Remover Selecionadas, como mostra esta imagem:

Surgirá então uma outra tela parecida com esta abaixo informando que as ameaças foram enviadas à quarentena, na qual você clicará no botão Terminar:

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, aceite esta reinicialização pelo Malwarebytes.

Depois disto é só postar o novo Registro de Verificação que o Malwarebytes irá criar em sua próxima resposta:

ascwb · 10/10/2015

Rafael Turbo disse:
Tudo indica que seu PC está limpo, sem vírus. Mas vamos dar mais uma pesquisada para ver se tem algo de errado:

- Abra o Malwarebytes que você tem instalado em seu PC > Clique em Verificar > clique em Personalizar verificação > Clique em Configurar verificação:

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas todas estas opções:

Verificar objetos na memória
Verificar inicialização e as configurações de registro
Verificar arquivos
Procurar rootkits

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Verificar Agora como mostra a imagem abaixo:

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

Assim que a verificação terminar, aparecerá a frase Personalizar verificação completada com sucesso. Caso seu PC esteja seguro e sem ameaças, uma mensagem parecida com esta abaixo aparecerá informando que "Ameaças Identificadas: 0" (Ou seja: Nenhum ítem malicioso foi detectado). Neste caso tudo está certo, seu computador está normal e você clicará no botão Terminar:

Caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows com a frase Verificação Terminada - Malware Detectado na qual você clicará nela:

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Para remover a infecção, deixe todas as caixinhas marcadas em todos os itens que queira remover e clique no botão Remover Selecionadas, como mostra esta imagem:

Surgirá então uma outra tela parecida com esta abaixo informando que as ameaças foram enviadas à quarentena, na qual você clicará no botão Terminar:

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, aceite esta reinicialização pelo Malwarebytes.

Depois disto é só postar o novo Registro de Verificação que o Malwarebytes irá criar em sua próxima resposta:

Fiz esse procedimento mas não encontrou nenhuma ameaça. Isso quer dizer que eu posso voltar a usar minha steam normalmente?

Rafael Turbo · 10/10/2015

Como nenhuma das duas ferramentas achou nada de perigoso e também como os seus relatórios não estão apontando nada de perigoso, creio que seja seguro usar ela normalmente. Só é bom trocar suas de tempos em tempos por motivos de segurança.

blb91 · 23/10/2015

Rafael Turbo disse:
Como nenhuma das duas ferramentas achou nada de perigoso e também como os seus relatórios não estão apontando nada de perigoso, creio que seja seguro usar ela normalmente. Só é bom trocar suas de tempos em tempos por motivos de segurança.

Migrei o meu sistema do HD para o SSD e apareceu a msg do WAT, fui procurar um remove wat para tirar a tal msg. Acabei que fiz o download de um Remove WAT que encheu meu pc de vírus e programas. dllhost.exe, 'bb brownser' (algo assim), YTdownloader. Já tentei de tudo pra remove-los, inclusive o Malware bits e nada. Pode me ajudar?

J. Augusto F · 03/11/2015

Poderiam me ajudar novamente, agora em outro note? Está lento demais:

OTL logfile created on: 02/11/2015 18:11:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patricia\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18059)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,61 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 42,38% Memory free
7,21 Gb Paging File | 4,80 Gb Available in Paging File | 66,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,32 Gb Total Space | 205,50 Gb Free Space | 71,27% Space Free | Partition Type: NTFS

Computer Name: PATRICIA-PC | User Name: Patricia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/11/02 18:04:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patricia\Desktop\OTL.exe
PRC - [2015/10/20 12:08:28 | 000,811,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/08/12 19:25:54 | 000,587,576 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2012/04/23 10:28:34 | 001,208,320 | ---- | M] (Positivo Informática S.A) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe
PRC - [2012/03/20 18:59:48 | 000,045,056 | ---- | M] (Positivo Informática S.A) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
PRC - [2012/01/27 08:06:00 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/08/25 15:00:46 | 003,080,192 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
PRC - [2011/02/15 17:16:46 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

========== Modules (No Company Name) ==========

MOD - [2015/10/20 12:08:24 | 001,532,744 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
MOD - [2015/10/20 12:08:22 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
MOD - [2015/09/26 01:20:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c00840ee7b4eb45e78557fc3c8785733\System.ServiceProcess.ni.dll
MOD - [2015/09/26 01:17:40 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09e9b52418dba5729ace249cf0487675\System.Windows.Forms.ni.dll
MOD - [2015/09/26 01:16:45 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\82ecf48db57ddf66f74fca17b0f99453\System.Drawing.ni.dll
MOD - [2014/10/26 22:25:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MOD - [2014/10/17 23:09:25 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/14 15:00:15 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\0483c93466914f3fbd5b44454b0c8a98\Accessibility.ni.dll
MOD - [2014/09/14 14:58:40 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2011/08/25 15:00:46 | 003,080,192 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
MOD - [2009/06/06 14:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll

========== Services (SafeList) ==========

SRV:64bit: - [2015/09/16 02:08:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/07/22 22:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2012/01/27 08:01:44 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/01/26 22:07:14 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2015/10/28 14:11:46 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/08/12 19:25:54 | 000,587,576 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2015/06/24 22:57:18 | 000,858,424 | ---- | M] (GAS Tecnologia LTDA) [Auto | Running] -- C:\Arquivos de Programas\Diebold\Warsaw\core.exe -- (Warsaw Technology)
SRV - [2015/04/30 02:53:40 | 000,366,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2015/04/30 02:53:40 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 20:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012/03/20 18:59:48 | 000,045,056 | ---- | M] (Positivo Informática S.A) [Auto | Running] -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe -- (BatteryManagerSrv)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/02/15 17:16:46 | 000,033,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/11/02 17:45:06 | 000,028,888 | ---- | M] (GAS Tecnologia) [File_System | System | Running] -- C:\Windows\SysNative\drivers\gbpddfac64.sys -- (gbpddfac)
DRV:64bit: - [2015/03/04 20:34:52 | 000,124,568 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/10/02 00:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/01/07 19:58:41 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/01/07 19:58:40 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/01/07 19:58:40 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/28 18:51:50 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/03/06 10:27:02 | 000,069,520 | ---- | M] (Positivo Informática S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pad.sys -- (PositivoAudioDriverWdm)
DRV:64bit: - [2012/01/26 22:41:34 | 010,721,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/01/26 21:06:00 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/12/22 00:04:10 | 000,876,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/12/05 04:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/28 09:41:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/10/28 09:41:26 | 000,080,512 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/07/06 19:37:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/06 19:37:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/23 01:26:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/01/14 19:24:56 | 000,132,624 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010/11/21 01:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 01:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/10 17:32:00 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015/08/26 15:35:32 | 000,029,912 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys -- (GBPRCM)
DRV - [2015/08/26 15:35:32 | 000,028,888 | ---- | M] (GAS Tecnologia) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\gbpddfac64.sys -- (gbpddfac)
DRV - [2015/04/01 19:23:46 | 000,038,104 | ---- | M] (Basil) [Kernel | Disabled | Running] -- C:\Arquivos de Programas\Diebold\Warsaw\WinDivert64.sys -- (WinDivert1.1)
DRV - [2014/10/31 19:55:02 | 000,024,792 | ---- | M] (GAS Tecnologia LTDA) [Kernel | On_Demand | Running] -- C:\PROGRA~2\GbPlugin\wsftprp64.sys -- (Warsaw_PP)
DRV - [2013/05/08 10:52:48 | 000,049,536 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6E9BF101-C31E-4C84-811E-B6B087A7BD33}
IE:64bit: - HKLM\..\SearchScopes\{6E9BF101-C31E-4C84-811E-B6B087A7BD33}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MANMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6E9BF101-C31E-4C84-811E-B6B087A7BD33}
IE - HKLM\..\SearchScopes\{6E9BF101-C31E-4C84-811E-B6B087A7BD33}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MANMJS

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oem.msn.com
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.mundopositivo.com.br/?u [Binary data over 200 bytes]
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..\SearchScopes,DefaultScope = {6E9BF101-C31E-4C84-811E-B6B087A7BD33}
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..\SearchScopes\{C5E77E80-162D-477D-8D54-4400BE887840}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=335B6C91-207B-4A9E-A6B9-844167919A24
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..\SearchScopes\{D4A7713C-8FD5-43B4-9BE8-48F0F1C27D6C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb64: C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/uni: C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2015/02/23 01:00:04 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll (Banco Itaú Unibanco)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Diebold - Warsaw] C:\Arquivos de Programas\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: bb.com.br ([seg] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: bb.com.br ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: itau.com.br ([bankline] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: itau.com.br ([clickbanking] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: itau.com.br ([guardiao] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: itau.com.br ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: itau.com.br ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: itaupersonnalite.com.br ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: bb.com.br ([seg] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: bb.com.br ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: itau.com.br ([bankline] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: itau.com.br ([clickbanking] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: itau.com.br ([guardiao] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: itau.com.br ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: itau.com.br ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: itaupersonnalite.com.br ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: bb.com.br ([seg] https in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: bb.com.br ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: itau.com.br ([]* in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: itau.com.br ([bankline] * in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: itau.com.br ([bankline] https in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: itau.com.br ([clickbanking] * in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: itau.com.br ([clickbanking] https in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: itau.com.br ([guardiao] * in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: itau.com.br ([guardiao] https in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: itau.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: itau.com.br ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: itau.com.br ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-225334934-1356361207-3847351400-1001\..Trusted Domains: itaupersonnalite.com.br ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.17 201.6.2.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67F5889B-7210-4918-B79A-EE531F2974B2}: DhcpNameServer = 201.6.2.17 201.6.2.157
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files (x86)\GbPlugin\gbiehUni.dll) - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll (Banco Itaú Unibanco)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/11/02 18:03:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Patricia\Desktop\OTL.exe
[2015/11/02 17:15:30 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icaapi.dll
[2015/10/28 14:12:53 | 001,291,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/10/28 14:12:53 | 000,700,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/10/28 14:12:53 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/10/28 14:12:52 | 001,163,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/10/28 14:12:52 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/10/28 14:12:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015/10/28 14:12:52 | 000,025,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2015/10/13 22:53:38 | 001,866,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2015/10/13 22:53:33 | 001,498,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2015/10/13 22:53:19 | 003,168,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/10/13 22:53:19 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/10/13 22:53:19 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/10/13 22:53:18 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/10/13 22:53:18 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/10/13 22:53:18 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/10/13 22:53:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/10/13 22:53:17 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/10/13 22:53:17 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/10/13 22:53:17 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/10/13 22:53:17 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/10/13 22:53:17 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/10/13 22:53:17 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/10/13 22:53:17 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/10/13 22:53:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/10/13 22:52:55 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/10/13 22:52:54 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/10/13 22:52:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/10/13 22:52:53 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/10/13 22:52:52 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/10/13 22:52:51 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/10/13 22:52:51 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2015/10/13 22:52:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/10/13 22:52:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/10/13 22:52:48 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/10/13 22:52:42 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/10/13 22:52:42 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2015/10/13 22:52:42 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/10/13 22:52:41 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/10/13 22:52:39 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/10/13 22:52:39 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/10/13 22:52:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/10/13 22:52:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/10/13 22:52:37 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/10/13 22:52:36 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/10/13 22:52:36 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/10/13 22:52:36 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/10/13 22:52:33 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/10/13 22:52:32 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/10/13 22:52:30 | 002,126,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/10/13 22:52:27 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/10/13 22:52:27 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/10/13 22:52:26 | 000,585,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/10/13 22:52:23 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/10/13 22:52:22 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/10/13 22:52:18 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/10/13 22:52:16 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/10/13 22:52:12 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/10/13 22:52:11 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/10/13 22:52:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/10/13 22:52:08 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/10/13 22:52:07 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/10/13 22:52:06 | 005,990,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/10/13 22:52:02 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/10/13 22:52:00 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/10/13 22:51:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/10/13 22:48:43 | 005,569,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/10/13 22:48:39 | 003,936,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/10/13 22:48:37 | 003,990,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/10/13 22:48:34 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2015/10/13 22:48:32 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/10/13 22:48:30 | 001,730,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015/10/13 22:48:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2015/10/13 22:48:26 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2015/10/13 22:48:25 | 001,216,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2015/10/13 22:48:25 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/10/13 22:48:25 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2015/10/13 22:48:24 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/10/13 22:48:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2015/10/13 22:48:21 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/10/13 22:48:20 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/10/13 22:48:19 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2015/10/13 22:48:18 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/10/13 22:48:18 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/10/13 22:48:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2015/10/13 22:48:16 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/10/13 22:48:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2015/10/13 22:48:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2015/10/13 22:48:15 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/10/13 22:48:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2015/10/13 22:48:14 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2015/10/13 22:48:14 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/10/13 22:48:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2015/10/13 22:48:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2015/10/13 22:48:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2015/10/13 22:48:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2015/10/13 22:48:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2015/10/13 22:48:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2015/10/13 22:48:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2015/10/13 22:48:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2015/10/13 22:48:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2015/10/13 22:48:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2015/10/13 22:48:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/13 22:48:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2015/10/13 22:48:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2015/10/13 22:48:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2015/10/13 22:48:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2015/10/13 22:48:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2015/10/13 22:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2015/10/13 22:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2015/10/13 22:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015/10/13 22:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2015/10/13 22:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2015/10/13 22:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2015/10/13 22:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2015/10/13 22:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2015/10/13 22:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2015/10/13 22:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015/10/13 22:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2015/10/13 22:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2015/10/13 22:48:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2015/10/13 22:48:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2015/10/13 22:48:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2015/10/13 22:48:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/10/13 22:48:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2015/10/13 22:48:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2015/10/13 22:48:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2015/10/13 22:48:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2015/10/13 22:48:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2015/10/13 22:48:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2015/10/13 22:48:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2015/10/13 22:48:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2015/10/13 22:48:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2015/10/13 22:48:08 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2015/10/13 22:48:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2015/10/13 22:48:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2015/10/13 22:48:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2015/10/13 22:48:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2015/10/13 22:48:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2015/10/13 22:48:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2015/10/13 22:48:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2015/10/13 22:48:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2015/10/13 22:48:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2015/10/13 22:48:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2015/10/13 22:48:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2015/10/13 22:48:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2015/10/13 22:48:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2015/10/13 22:48:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2015/10/13 22:48:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2015/10/13 22:48:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2015/10/13 22:48:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2015/10/13 22:48:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2015/10/13 22:48:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2015/10/13 22:48:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2015/10/13 22:48:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2015/10/13 22:48:02 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/10/13 22:48:02 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/10/13 22:48:02 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/10/13 22:48:02 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/10/13 22:48:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/10/13 22:48:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/10/13 22:46:08 | 000,616,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2015/10/13 22:46:07 | 000,692,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2015/10/13 22:46:01 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2015/10/13 22:46:01 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2015/10/13 22:46:01 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2015/10/13 22:46:01 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2015/10/13 22:46:00 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2015/10/13 22:43:06 | 000,984,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2015/10/13 22:43:05 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
[2015/10/13 22:43:05 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-2-0.dll
[2015/10/13 22:43:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-eventing-provider-l1-1-0.dll
[2015/10/13 22:43:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-eventing-provider-l1-1-0.dll
[2015/10/13 22:43:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
[2015/10/13 22:43:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll
[2015/10/13 22:43:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
[2015/10/13 22:43:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll
[2015/10/13 22:43:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
[2015/10/13 22:43:05 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
[2015/10/13 22:43:04 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-math-l1-1-0.dll
[2015/10/13 22:43:04 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-time-l1-1-0.dll
[2015/10/13 22:43:04 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
[2015/10/13 22:43:04 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll
[2015/10/13 22:43:04 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
[2015/10/13 22:43:04 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
[2015/10/13 22:43:04 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
[2015/10/13 22:43:04 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll
[2015/10/13 22:43:03 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
[2015/10/13 22:43:03 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
[2015/10/13 22:43:03 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll
[2015/10/13 22:43:03 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll
[2015/10/13 22:43:03 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll
[2015/10/13 22:43:03 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
[2015/10/13 22:43:03 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-process-l1-1-0.dll
[2015/10/13 22:43:03 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll
[2015/10/13 22:43:03 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
[2015/10/13 22:43:03 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-2-0.dll
[2015/10/13 22:43:02 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
[2015/10/13 22:43:02 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-string-l1-1-0.dll
[2015/10/13 22:43:02 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
[2015/10/13 22:43:02 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
[2015/10/13 22:43:02 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
[2015/10/13 22:43:02 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll
[2015/10/13 22:43:02 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll
[2015/10/13 22:43:02 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
[2015/10/13 22:43:02 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
[2015/10/13 22:43:02 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll
[2015/10/13 22:43:02 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l2-1-0.dll
[2015/10/13 22:43:01 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-private-l1-1-0.dll
[2015/10/13 22:43:01 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll
[2015/10/13 22:43:01 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
[2015/10/13 22:43:01 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
[2015/10/13 22:43:01 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll
[2015/10/13 22:43:01 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-2-0.dll
[2015/10/13 22:43:00 | 000,901,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2015/10/13 22:43:00 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\Patricia\Desktop\*.tmp files -> C:\Users\Patricia\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/11/02 21:34:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/11/02 21:10:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/11/02 18:12:04 | 000,025,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/11/02 18:12:04 | 000,025,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/11/02 18:04:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Patricia\Desktop\OTL.exe
[2015/11/02 17:55:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/11/02 17:45:08 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/11/02 17:45:06 | 000,028,888 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\gbpddfac64.sys
[2015/11/02 17:42:59 | 2903,502,848 | -HS- | M] () -- C:\hiberfil.sys
[2015/11/02 17:35:58 | 000,461,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/11/02 17:19:46 | 001,601,100 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/11/02 17:19:46 | 000,706,008 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2015/11/02 17:19:46 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/11/02 17:19:46 | 000,147,848 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2015/11/02 17:19:46 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/11/02 17:19:26 | 001,601,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/10/28 14:11:44 | 000,780,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/10/28 14:11:43 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/10/11 10:20:12 | 000,347,517 | ---- | M] () -- C:\Users\Patricia\Documents\CNI15-001 (1).pdf
[2015/10/11 10:19:14 | 000,347,517 | ---- | M] () -- C:\Users\Patricia\Documents\CNI15-001.pdf
[2015/10/05 00:17:21 | 000,000,218 | -H-- | M] () -- C:\Users\Patricia\Documents\.picasa.ini
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\Patricia\Desktop\*.tmp files -> C:\Users\Patricia\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/10/11 10:20:11 | 000,347,517 | ---- | C] () -- C:\Users\Patricia\Documents\CNI15-001 (1).pdf
[2015/10/11 10:19:11 | 000,347,517 | ---- | C] () -- C:\Users\Patricia\Documents\CNI15-001.pdf
[2015/10/05 00:13:47 | 000,000,218 | -H-- | C] () -- C:\Users\Patricia\Documents\.picasa.ini
[2015/06/19 00:15:05 | 000,815,826 | ---- | C] () -- C:\Users\Patricia\AppData\Roaming\unins000.exe
[2015/06/19 00:15:05 | 000,016,996 | ---- | C] () -- C:\Users\Patricia\AppData\Roaming\unins000.dat
[2014/07/10 22:48:24 | 000,720,082 | ---- | C] () -- C:\Users\Patricia\AppData\Roaming\unins001.exe
[2014/07/10 22:48:24 | 000,015,676 | ---- | C] () -- C:\Users\Patricia\AppData\Roaming\unins001.dat
[2014/06/25 13:23:03 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini

========== ZeroAccess Check ==========

[2009/07/14 02:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 16:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 15:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 01:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/12 16:38:31 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Foxit Software
[2014/04/22 17:15:14 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Positivo
[2014/04/22 15:13:17 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Positivo Backup
[2012/02/06 10:52:51 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Positivo Mosaico

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt

< End of report >

caedurodrigues · 04/11/2015

Bom dia NascarBR, eu vou estar analisando o seu caso.

Baixe: <ZHPDiag3 ><

> ( ...Nicolas Coolman)
Na página, clique
Salve-a no Desktop (Área de trabalho)
Dê um duplo clique para executar

.
Para Windows 7, 8 clique direito e depois em
Clique "Eu"
Clique em Scanner
Após a Conclusão
Clique em Relatório
Obs: O relatório por ser extenso deve ser postado em um desses sites:
Acesse: <>
Ou acesse:<>
Ou utilize o Spoiler
Maiores informações:<Link> << Hospedagem !

starlordd · 04/11/2015

Boa noite, ultimamente recebi 2 avisos de alguns emails que estão sendo acessados por deconhecidos, compro bastante na internet e nunca percebi nada de errado nos cartões que utilizo, sempre usei o bitdefender + malwarebytes e nunca acusou nada, até o ultimo teste que fiz está limpo. Passei o adwcleaner achou alguns adwares porém esqueci de salvar o log

, estou preocupado desconfiando que meu PC pode estar infectado, queria uma dica dos amigos, que são mais entendidos no assunto de como proceder.

J. Augusto F · 05/11/2015

caedurodrigues disse:
Bom dia NascarBR, eu vou estar analisando o seu caso.

Baixe: <ZHPDiag3 ><

> ( ...Nicolas Coolman)

Na página, clique

Salve-a no Desktop (Área de trabalho)

Dê um duplo clique para executar

.

Para Windows 7, 8 clique direito e depois em

Clique "Eu"

Clique em Scanner

Após a Conclusão

Clique em Relatório

Obs: O relatório por ser extenso deve ser postado em um desses sites:

Acesse: <>

Ou acesse:<>

Ou utilize o Spoiler

Maiores informações:<Link> << Hospedagem !

Segue relatório:

caedurodrigues disse:
Bom dia NascarBR, eu vou estar analisando o seu caso.

Baixe: <ZHPDiag3 ><

> ( ...Nicolas Coolman)

Na página, clique

Salve-a no Desktop (Área de trabalho)

Dê um duplo clique para executar

.

Para Windows 7, 8 clique direito e depois em

Clique "Eu"

Clique em Scanner

Após a Conclusão

Clique em Relatório

Obs: O relatório por ser extenso deve ser postado em um desses sites:

Acesse: <>

Ou acesse:<>

Ou utilize o Spoiler

Maiores informações:<Link> << Hospedagem !

Obrigado pela ajuda, Segue o relatório:

~ ZHPDiag v2015.11.4.161 Por Nicolas Coolman (2015/11/04)
~ iniciado por Patricia (Administrator) (2015/11/05 09:10:08)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Status da versão: Version OK
~ Modo: Scanner
~ Relatório: C:\Users\Patricia\Desktop\ZHPDiag.txt
~ Relatório: C:\Users\Patricia\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Deactivate
~ Inicialização do sistema: Normal (Normal boot)
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)

---\\ Navegadores Internet (2) - 0s
GCIE: Google Chrome v46.0.2490.80
MSIE: Internet Explorer v11.0.9600.18059

---\\ Informações sobre os produtos Windows (4) - 4s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : KO

---\\ Softwares de proteçao do sistema (3) - 19s
Microsoft Security Client v4.8.0204.0
Microsoft Security Essentials v4.8.204.0
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema (1) - 27s
CCleaner v4.12

---\\ Monitoramento dos softwares (1) - 28s
Adobe Flash Player 19 ActiveX

---\\ Informações sobre o sistema (6) - 1s
~ Operating System: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 3780.604 MB (39% free)
~ System Restore: Activé (Enable)
~ System drive C: has 210 GB free of 295 GB

---\\ Modo de conexão ao sistema (3) - 0s
~ Computer Name: PATRICIA-PC
~ User Name: Patricia
~ Logged in as Administrator

---\\ Enumeração das unidades dos discos (1) - 0s
~ Drive C: has 210 GB free of 295 GB (System)

---\\ Estado do Centro de Segurança do Windows (11) - 1s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

---\\ Pesquisa particular de ficheiros genéricos (24) - 9s
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - 06/07/2011 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2871808] ©
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 13/07/2009 - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) -- C:\Windows\System32\rundll32.exe [45568] ©
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 13/07/2009 - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) -- C:\Windows\System32\Wininit.exe [129024] ©
[MD5.BD06D875FB79E92DAF724C91DE743AFA] - 16/09/2015 - (.Microsoft Corporation - Internet Extensions para Win32.) -- C:\Windows\System32\wininet.dll [2487808] ©
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - 17/07/2014 - (.Microsoft Corporation - Aplicativo de Logon do Windows.) -- C:\Windows\System32\Winlogon.exe [455168] ©
[MD5.067FA52BFB59A56110A12312EF9AF243] - 21/11/2010 - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) -- C:\Windows\System32\sppcomapi.dll [232448] ©
[MD5.492D07D79E7024CA310867B526D9636D] - 06/07/2011 - (.Microsoft Corporation - DLL da API de cliente DNS.) -- C:\Windows\System32\dnsapi.dll [357888] ©
[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 06/07/2011 - (.Microsoft Corporation - DLL da API de cliente DNS.) -- C:\Windows\Syswow64\dnsapi.dll [270336] ©
[MD5.FA886682CFC5D36718D3E436AACF10B9] - 30/05/2014 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [497152] ©
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 13/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [24128] ©
[MD5.B8BD2BB284668C84865658C77574381A] - 13/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [92160] ©
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [147456] ©
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 21/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [102400] ©
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [122368] ©
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 13/07/2009 - (.Microsoft Corporation - Driver de porta i8042.) -- C:\Windows\System32\drivers\i8042prt.sys [105472] ©
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 13/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [116224] ©
[MD5.ACB6782973BD93760D597FC7BB37E692] - 28/09/2015 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [159232] ©
[MD5.09594D1089C523423B32A4229263F068] - 21/11/2010 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [261632] ©
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - 24/01/2014 - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) -- C:\Windows\System32\drivers\ntfs.sys [1684928] ©
[MD5.0086431C29C35BE1DBC43F52CC273887] - 13/07/2009 - (.Microsoft Corporation - Driver de porta paralela.) -- C:\Windows\System32\drivers\Parport.sys [97280] ©
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 21/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] ©
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 13/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [93184] ©
[MD5.70988118145F5F10EF24720B97F35F65] - 10/11/2014 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [119296] ©
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - 21/11/2010 - (.Microsoft Corporation - Driver de cópia de sombra de volume.) -- C:\Windows\System32\drivers\volsnap.sys [295808] ©

---\\ Processos lançados (23) - 7s
[MD5.78CC42364F47A889CBC4E66E8BA4DB9D] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576] [PID.768]
[MD5.F30666EEC7AABA4ABA3D826648A04E91] - (.AMD - AMD External Events Service Module.) -- C:\Windows\System32\atiesrxx.exe [235520] [PID.960] ©
[MD5.9990EA2B66C310E71C781C829FA62D1D] - (.AMD - AMD External Events Client Module.) -- C:\Windows\System32\atieclxx.exe [494080] [PID.1236] ©
[MD5.3C27497C8B22124A830CA6FF9D281A8A] - (.Advanced Micro Devices, Inc. - AMD Fuel Service.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984] [PID.1796] ©
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1836] ©
[MD5.02D4B89754302FC728FF8549ED259B84] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520] [PID.1384] ©
[MD5.6D3242D8E7476F6A976084611A1594C1] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.664]
[MD5.70E5B82A503CEEA75D20C87F2E1C7E16] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392] [PID.2132] ©
[MD5.842DCC07124924D945D8F17C7768074B] - (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe [858424] [PID.2300]
[MD5.F92177B3AD8F8D0737641A6BE85D3153] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [121128] [PID.2372] ©
[MD5.38B4BF3371F6AA49845C720A1C6175B2] - (.Copyright © 2008 - HotKey.) -- C:\Program Files (x86)\Hotkey\Hotkey.exe [3080192] [PID.2408]
[MD5.C861851A0BBD9903E324487011AA3705] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [299008] [PID.2608] ©
[MD5.969D428C21F71E552CEF1DDD486455DC] - (.Copyright (C) 2008 - PowerBiosServer.) -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33792] [PID.2644]
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848] [PID.2752] ©
[MD5.D28C5A1411BB0B47E05E0D6AAF896690] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [299008] [PID.2904] ©
[MD5.842DCC07124924D945D8F17C7768074B] - (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe [858424] [PID.2988]
[MD5.2BACD71123F42CEA603F4E205E1AE337] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096] [PID.1136] ©
[MD5.2A46FFE841EC43001D5A293A54DB34DE] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [223104] [PID.2276] ©
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848] [PID.3348] ©
[MD5.78CC42364F47A889CBC4E66E8BA4DB9D] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576] [PID.3400]
[MD5.B752FC4AB1F3D5048A17E1D993028998] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [1208320] [PID.3424]
[MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848] [PID.4224] ©
[MD5.6F4483F9955DF6158FE08F2E86B62660] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Patricia\Desktop\ZHPDiag3.exe [1964544] [PID.4808] ©

---\\ Google Chrome, Arranque,Pesquisa,Extensões (1) - 0s
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] [] Google Chrome manifest =>.Google Inc.

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (5) - 19s
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia.) -- C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb64] - (.GAS Tecnologia.) -- C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia.) -- C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Apple Inc..) -- C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ©
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll ©

---\\ Internet Explorer, Arranque, Pesquisa, Phishing (21) - 5s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oem.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.mundopositivo.com.br/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer

---\\ Internet Explorer, Gestão do Proxy (5) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

---\\ Análise das linhas, Carregamento Automático de programas (3) - 0s
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) ©
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) ©
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) ©

---\\ Redireção do ficheiro Hosts (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (20)

---\\ Browser Helper Objects do navegador (1) - 0s
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll ©

---\\ Aplicações iniciadas por registo & pastas (9) - 2s
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ©
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe ©
O4 - HKLM\..\Run: [Diebold - Warsaw] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ©
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ©
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ©

---\\ Alteração Dominio/Clientes DNS (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.17 201.6.2.157
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.17 201.6.2.157
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

---\\ Protocolo adicional (24) - 10s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\SysWOW64\MSVidCtl.dll ©
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll ©
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll ©
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll ©
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll ©
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll ©
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll ©
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\SysWOW64\MSVidCtl.dll ©
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ©
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ©
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ©
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL ©

---\\ Serviços NT não Microsoft e não desativados (8) - 5s
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe ©
O23 - Service: AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc. - AMD Fuel Service.) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe ©
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe ©
O23 - Service: Battery Manager Service (BatteryManagerSrv) . (.Positivo Informática S.A - Battery Power Service.) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ©
O23 - Service: (PowerBiosServer) . (.Copyright (C) 2008 - PowerBiosServer.) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) - C:\Program Files\Diebold\Warsaw\core.exe

---\\ Listagem dos dados do BootExecute (1) - 0s
O34 - HKLM BootExecute: (sdnclean64.exe)

---\\ Tarefas planificadas automaticamente (12) - 3s
[MD5.8C194A201698B4B4F77D974549819D1F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269000] ©
[MD5.DB1654ADB276501C44DB0FE5E8A0841D] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [4613912] ©
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] ©
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] ©
[MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [Apple\AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984] ©
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902] ©
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1066] ©
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1070] ©
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3840] ©
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2778] ©
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3814] ©
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [4066] ©

---\\ Software instalados (52) - 31s
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner ©
O42 - Logiciel: Software para Impressoras EPSON - (...) [HKLM][64Bits] -- EPSON Printer and Utilities
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Security Client ©
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey ©
O42 - Logiciel: Warsaw 1.7.0.10188 64 bits - (.GAS Tecnologia.) [HKLM][64Bits] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C} ©
O42 - Logiciel: AMD APP SDK Runtime - (.Advanced Micro Devices Inc..) [HKLM][64Bits] -- {503F672D-6C84-448A-8F8F-4BC35AC83441} ©
O42 - Logiciel: AMD Catalyst Install Manager - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {622AAD48-8809-A67D-68F2-776DDEA64D27} ©
O42 - Logiciel: AMD Media Foundation Decoders - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {781340EA-2696-75E5-ACD8-45BCBE3E582B} ©
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} ©
O42 - Logiciel: Positivo Áudio - (.Positivo Informática S.A..) [HKLM][64Bits] -- {D00FA097-5115-400D-84AD-4ADEF3EBDB5E}_is1
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM][64Bits] -- {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} ©
O42 - Logiciel: Gerenciador de Inicialização Positivo - (.Positivo Informática S.A..) [HKLM][64Bits] -- {E365D4D7-BD51-4A7F-8ECA-0B6C0C42D3CF}_is1
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {F73A118B-8271-47E2-8790-0C636B2539C5} ©
O42 - Logiciel: Adobe Flash Player 19 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX ©
O42 - Logiciel: Chuzzle Deluxe (remove only) - (...) [HKLM][64Bits] -- Chuzzle Deluxe
O42 - Logiciel: Delicious - Emily's Childhood Memories Premium Edition (remove only) - (...) [HKLM][64Bits] -- Delicious - Emily's Childhood Memories Premium Edition
O42 - Logiciel: Dia (remover apenas) - (...) [HKLM][64Bits] -- Dia
O42 - Logiciel: EPSON Scan - (...) [HKLM][64Bits] -- EPSON Scanner
O42 - Logiciel: Foxit Reader - (.Foxit Corporation.) [HKLM][64Bits] -- Foxit Reader_is1 ©
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome ©
O42 - Logiciel: Hotkey 3.3043 - (.NoteBook.) [HKLM][64Bits] -- InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A} ©
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM][64Bits] -- Picasa 3 ©
O42 - Logiciel: VLC media player 2.0.2 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player ©
O42 - Logiciel: Hotkey 3.3043 - (.NoteBook.) [HKLM][64Bits] -- {164714B6-46BC-4649-9A30-A6ED32F03B5A} ©
O42 - Logiciel: Warsaw 1.3.1 - (.GAS Tecnologia.) [HKLM][64Bits] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
O42 - Logiciel: JMicron Flash Media Controller Driver - (.JMicron Technology Corp..) [HKLM][64Bits] -- {26604C7E-A313-4D12-867F-7C6E7820BE4C} ©
O42 - Logiciel: Java 8 Update 31 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83218031F0} ©
O42 - Logiciel: Microsoft XNA Framework Redistributable 4.0 - (.Microsoft Corporation.) [HKLM][64Bits] -- {2BFC7AA0-544C-4E3A-8796-67F3BE655BE9} ©
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Suporte para Aplicativos Apple - (.Apple Inc..) [HKLM][64Bits] -- {46F044A5-CE8B-4196-984E-5BD6525E361D} ©
O42 - Logiciel: Software de Cadastro Positivo 6.0 - (.Positivo Informática.) [HKLM][64Bits] -- {4A33ECF3-6AC6-4A9B-932C-4E81625423C7}_is1
O42 - Logiciel: Positivo Conecta - (.Positivo Informática S.A..) [HKLM][64Bits] -- {4F23361B-2B38-46E2-BA1A-D920F270D5FB}_is1
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {51C7AD07-C3F6-4635-8E8A-231306D810FE} ©
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ©
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} ©
O42 - Logiciel: Positivo Sincronize - (.Positivo Informática S.A..) [HKLM][64Bits] -- {6DA3261A-DCEB-401A-ABE0-A367C252B86C}_is1
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} ©
O42 - Logiciel: Catalyst Control Center - Branding - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {796FF8E0-B679-4A70-8D95-F86D3E19E4FD} ©
O42 - Logiciel: Positivo Monitora - (.Positivo Informática S.A..) [HKLM][64Bits] -- {8aaef6d0-68e7-4f99-b98d-e5ae19edbc99}_is1
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} ©
O42 - Logiciel: JMicron Ethernet Adapter NDIS Driver - (.JMicron Technology Corp..) [HKLM][64Bits] -- {96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F} ©
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {9D3D8C60-A55F-4123-B2B9-173F09590E16} ©
O42 - Logiciel: Google+ Auto Backup - (.Google.) [HKLM][64Bits] -- {A50DE037-B5C0-4C8A-8049-B0C576B313D1} ©
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ©
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} ©
O42 - Logiciel: Positivo WebCam - (.Positivo Informática S.A..) [HKLM][64Bits] -- {E11C7438-7550-4676-92CE-846CC5DA3548}_is1
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {ED5776D5-59B4-46B7-AF81-5F2D94D7C640} ©
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} ©
O42 - Logiciel: Positivo Roteador - (.Positivo Informática S.A..) [HKLM][64Bits] -- {f1cb797f-bf34-495c-bda9-efe098837651}_is1
O42 - Logiciel: Positivo Bateria - (.Positivo Informática S.A..) [HKLM][64Bits] -- {FD6F6859-2863-4ABB-87D0-A263F3E9FF45}_is1

---\\ Ponto de restauro do sistema (61) - 31s
HKLM\SOFTWARE\Wow6432Node\Adobe
HKLM\SOFTWARE\Wow6432Node\Alawar
HKLM\SOFTWARE\Wow6432Node\AMD
HKLM\SOFTWARE\Wow6432Node\Apple Computer, Inc.
HKLM\SOFTWARE\Wow6432Node\Apple Inc.
HKLM\SOFTWARE\Wow6432Node\ATI
HKLM\SOFTWARE\Wow6432Node\ATI Technologies
HKLM\SOFTWARE\Wow6432Node\AutoHelpDesk
HKLM\SOFTWARE\Wow6432Node\Dia
HKLM\SOFTWARE\Wow6432Node\DivXNetworks
HKLM\SOFTWARE\Wow6432Node\EPSON
HKLM\SOFTWARE\Wow6432Node\Foxit Software
HKLM\SOFTWARE\Wow6432Node\Google
HKLM\SOFTWARE\Wow6432Node\Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos
HKLM\SOFTWARE\Wow6432Node\Macromedia
HKLM\SOFTWARE\Wow6432Node\Mozilla
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\ODBC
HKLM\SOFTWARE\Wow6432Node\OldTimer Tools
HKLM\SOFTWARE\Wow6432Node\Positivo Informatica
HKLM\SOFTWARE\Wow6432Node\Realtek
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited
HKLM\SOFTWARE\Wow6432Node\Trymedia Systems =>PUP.Optional.Trymedia
HKLM\SOFTWARE\Wow6432Node\VideoLAN
HKLM\SOFTWARE\Wow6432Node\Wow6432Node
HKLM\SOFTWARE\Wow6432Node\Zylom Games
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc.
HKCU\SOFTWARE\ATI
HKCU\SOFTWARE\AutoHelpDesk
HKCU\SOFTWARE\EPSON
HKCU\SOFTWARE\Foxit Software
HKCU\SOFTWARE\GbAs
HKCU\SOFTWARE\GbPlugin
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\hotkey
HKCU\SOFTWARE\JavaSoft
HKCU\SOFTWARE\kde.org
HKCU\SOFTWARE\Local AppWizard-Generated Applications
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Piriform
HKCU\SOFTWARE\Positivo
HKCU\SOFTWARE\Positivo Informatica
HKCU\SOFTWARE\Positivo Informática
HKCU\SOFTWARE\Realtek
HKCU\SOFTWARE\Safer Networking Limited
HKCU\SOFTWARE\Synaptics
HKCU\SOFTWARE\Trolltech
HKCU\SOFTWARE\Wow6432Node
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft

---\\ Conteúdo das pastas Programs (154) - 32s
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\AMD APP
O43 - CFD: 26/09/2013 - [] D -- C:\Program Files (x86)\Apple Software Update
O43 - CFD: 22/04/2014 - [] D -- C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.AskBar
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Cisco
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Common Files
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Dia
O43 - CFD: 20/09/2014 - [] D -- C:\Program Files (x86)\Diebold
O43 - CFD: 21/02/2013 - [] D -- C:\Program Files (x86)\epson
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Foxit Software
O43 - CFD: 20/09/2014 - [] HD -- C:\Program Files (x86)\GAS Tecnologia
O43 - CFD: 05/11/2015 - [] AD -- C:\Program Files (x86)\GbPlugin
O43 - CFD: 06/12/2013 - [] D -- C:\Program Files (x86)\Google
O43 - CFD: 26/09/2015 - [] D -- C:\Program Files (x86)\GUMBB52.tmp
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Hotkey
O43 - CFD: 19/01/2013 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 15/10/2015 - [] D -- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 26/09/2013 - [] D -- C:\Program Files (x86)\iTunes
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Java
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\JMicron
O43 - CFD: 22/04/2014 - [0] D -- C:\Program Files (x86)\Malwarebytes Anti-Malware
O43 - CFD: 03/11/2015 - [0] D -- C:\Program Files (x86)\Microsoft
O43 - CFD: 18/02/2013 - [] D -- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 15/05/2015 - [] D -- C:\Program Files (x86)\Microsoft Security Client
O43 - CFD: 25/08/2015 - [] D -- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 06/02/2013 - [] D -- C:\Program Files (x86)\Microsoft Works
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Microsoft XNA
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\MSBuild
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Positivo Informática
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Realtek
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 25/06/2014 - [] D -- C:\Program Files (x86)\Spybot - Search & Destroy 2
O43 - CFD: 19/01/2013 - [0] HD -- C:\Program Files (x86)\Temp
O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\VideoLAN
O43 - CFD: 12/07/2013 - [] D -- C:\Program Files (x86)\Windows Defender
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Windows Live
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Mail
O43 - CFD: 14/06/2015 - [] D -- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Windows NT
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 22/04/2014 - [] D -- C:\Program Files (x86)\Zylom Games
O43 - CFD: 19/01/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
O43 - CFD: 22/04/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia
O43 - CFD: 21/02/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
O43 - CFD: 21/02/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
O43 - CFD: 06/02/2012 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 06/02/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
O43 - CFD: 12/12/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 25/08/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
O43 - CFD: 06/12/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
O43 - CFD: 03/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Informática
O43 - CFD: 22/04/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Jogos
O43 - CFD: 25/06/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\Adobe
O43 - CFD: 19/01/2013 - [0] D -- C:\ProgramData\AlawarWrapper
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\AMD
O43 - CFD: 22/04/2014 - [] D -- C:\ProgramData\APN =>Toolbar.Ask
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\Apple
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 25/02/2013 - [] D -- C:\ProgramData\Ask
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\ATI
O43 - CFD: 19/01/2013 - [0] D -- C:\ProgramData\Audio
O43 - CFD: 05/02/2012 - [0] D -- C:\ProgramData\Audio Power
O43 - CFD: 13/05/2015 - [] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Dados de aplicativos
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Favoritos
O43 - CFD: 13/04/2015 - [] D -- C:\ProgramData\GAS Tecnologia
O43 - CFD: 02/11/2015 - [] D -- C:\ProgramData\GbPlugin
O43 - CFD: 22/04/2014 - [] D -- C:\ProgramData\Malwarebytes
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\McAfee
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Menu Iniciar
O43 - CFD: 03/11/2015 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 14/10/2015 - [] D -- C:\ProgramData\Microsoft Help
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Modelos
O43 - CFD: 12/12/2014 - [] D -- C:\ProgramData\Oracle
O43 - CFD: 13/05/2015 - [] D -- C:\ProgramData\Package Cache
O43 - CFD: 21/02/2013 - [] D -- C:\ProgramData\Positivo Informática
O43 - CFD: 23/04/2014 - [] D -- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 08/02/2013 - [] D -- C:\ProgramData\Sun
O43 - CFD: 19/06/2015 - [] D -- C:\ProgramData\Temp
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 26/09/2013 - [] D -- C:\Program Files (x86)\Common Files\Apple
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Common Files\ATI Technologies
O43 - CFD: 17/05/2014 - [] D -- C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Common Files\Java
O43 - CFD: 06/02/2013 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\Services
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 06/02/2013 - [] D -- C:\Program Files (x86)\Common Files\System
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Adobe
O43 - CFD: 26/09/2013 - [] D -- C:\Users\Patricia\AppData\Roaming\Apple Computer
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\ATI
O43 - CFD: 11/11/2014 - [] D -- C:\Users\Patricia\AppData\Roaming\dvdcss
O43 - CFD: 12/02/2013 - [] D -- C:\Users\Patricia\AppData\Roaming\Foxit Software
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Identities
O43 - CFD: 21/02/2013 - [] D -- C:\Users\Patricia\AppData\Roaming\InstallShield
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Macromedia
O43 - CFD: 14/06/2015 - [] SD -- C:\Users\Patricia\AppData\Roaming\Microsoft
O43 - CFD: 22/04/2014 - [0] D -- C:\Users\Patricia\AppData\Roaming\Positivo
O43 - CFD: 22/04/2014 - [0] D -- C:\Users\Patricia\AppData\Roaming\Positivo Backup
O43 - CFD: 06/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Positivo Mosaico
O43 - CFD: 11/11/2014 - [] D -- C:\Users\Patricia\AppData\Roaming\vlc
O43 - CFD: 05/11/2015 - [] D -- C:\Users\Patricia\AppData\Roaming\ZHP
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Local\AMD
O43 - CFD: 26/09/2013 - [] D -- C:\Users\Patricia\AppData\Local\Apple
O43 - CFD: 26/09/2013 - [] D -- C:\Users\Patricia\AppData\Local\Apple Computer
O43 - CFD: 06/02/2012 - [] D -- C:\Users\Patricia\AppData\Local\Apps
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Local\ATI
O43 - CFD: 05/02/2012 - [0] SHD -- C:\Users\Patricia\AppData\Local\Dados de aplicativos
O43 - CFD: 06/02/2013 - [0] D -- C:\Users\Patricia\AppData\Local\Deployment
O43 - CFD: 26/09/2013 - [0] D -- C:\Users\Patricia\AppData\Local\ElevatedDiagnostics
O43 - CFD: 26/08/2015 - [0] SHD -- C:\Users\Patricia\AppData\Local\EmieBrowserModeList
O43 - CFD: 26/08/2015 - [0] SHD -- C:\Users\Patricia\AppData\Local\EmieSiteList
O43 - CFD: 26/08/2015 - [0] SHD -- C:\Users\Patricia\AppData\Local\EmieUserList
O43 - CFD: 19/07/2013 - [] D -- C:\Users\Patricia\AppData\Local\GAS Tecnologia
O43 - CFD: 26/09/2015 - [] D -- C:\Users\Patricia\AppData\Local\Google
O43 - CFD: 10/07/2015 - [] D -- C:\Users\Patricia\AppData\Local\GWX
O43 - CFD: 05/02/2012 - [0] SHD -- C:\Users\Patricia\AppData\Local\Histórico
O43 - CFD: 14/06/2015 - [] D -- C:\Users\Patricia\AppData\Local\Microsoft
O43 - CFD: 06/02/2012 - [0] D -- C:\Users\Patricia\AppData\Local\Microsoft Help
O43 - CFD: 21/02/2013 - [] D -- C:\Users\Patricia\AppData\Local\Positivo
O43 - CFD: 23/01/2014 - [] D -- C:\Users\Patricia\AppData\Local\Programs
O43 - CFD: 05/11/2015 - [] D -- C:\Users\Patricia\AppData\Local\Temp
O43 - CFD: 05/02/2012 - [0] SHD -- C:\Users\Patricia\AppData\Local\Temporary Internet Files
O43 - CFD: 05/02/2012 - [0] D -- C:\Users\Patricia\AppData\Local\VirtualStore
O43 - CFD: 14/07/2009 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 15/10/2015 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
O43 - CFD: 23/01/2014 - [] D -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 14/07/2009 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 15/10/2015 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

---\\ Softwares de proteçao do sistema (Supérfluo) (2) - 0s
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - DLL de Extensão do Shell do Armazenamento A.) -- C:\Windows\System32\EhStorShell.dll ©
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Extensões do Shell para compartilhamento.) -- C:\Windows\System32\ntshrui.dll ©

---\\ Enumeração das chaves StartupReg (4) - 8s
O53 - SMSR:HKLM\...\startupreg\APSDaemon [Key] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe ©
O53 - SMSR:HKLM\...\startupreg\Diebold - Warsaw [Key] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files (x86)\Diebold\Warsaw\core.exe
O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe ©
O53 - SMSR:HKLM\...\startupreg\StartUpManagerPositivo [Key] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe

---\\ Lista dos drivers do sistema (58) - 6s
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440] ©
O58 - SDL:2010/02/18 09:18:24 A . (.Advanced Micro Devices - AMD IO Driver.) -- C:\Windows\System32\drivers\amdiox64.sys [46136] ©
O58 - SDL:2011/07/06 19:37:46 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904] ©
O58 - SDL:2009/07/13 23:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128] ©
O58 - SDL:2011/07/06 19:37:46 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008] ©
O58 - SDL:2011/10/28 09:41:26 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amd_sata.sys [80512] ©
O58 - SDL:2011/10/28 09:41:28 A . (.Advanced Micro Devices - Stor Filter Driver.) -- C:\Windows\System32\drivers\amd_xata.sys [42624] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856] ©
O58 - SDL:2011/12/05 04:47:30 A . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\Windows\System32\drivers\AtihdW76.sys [95248] ©
O58 - SDL:2012/01/26 22:41:34 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\System32\drivers\atikmdag.sys [10721280] ©
O58 - SDL:2012/01/26 21:06:00 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\System32\drivers\atikmpag.sys [327168] ©
O58 - SDL:2009/06/10 18:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848] ©
O58 - SDL:2009/06/10 18:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432] ©
O58 - SDL:2009/06/10 18:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704] ©
O58 - SDL:2009/07/13 23:19:07 A . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720] ©
O58 - SDL:2009/06/10 18:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104] ©
O58 - SDL:2009/06/10 18:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976] ©
O58 - SDL:2009/06/10 18:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720] ©
O58 - SDL:2009/06/10 18:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480] ©
O58 - SDL:2009/07/13 23:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488] ©
O58 - SDL:2009/07/13 23:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496] ©
O58 - SDL:2009/06/10 18:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016] ©
O58 - SDL:2015/11/05 08:58:49 A . (.GAS Tecnologia - GAS Tecnologia - FAC.) -- C:\Windows\System32\drivers\gbpddfac64.sys [28888]
O58 - SDL:2012/08/21 14:01:20 A . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys [33240] ©
O58 - SDL:2009/06/10 18:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232] ©
O58 - SDL:2010/11/21 01:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720] ©
O58 - SDL:2011/07/06 19:37:46 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496] ©
O58 - SDL:2009/07/13 23:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112] ©
O58 - SDL:2011/06/23 01:26:28 A . (.JMicron Technology Corporation - JMicron PCIe Flash Media Controller Driver.) -- C:\Windows\System32\drivers\jmcr.sys [174680] ©
O58 - SDL:2011/01/14 19:24:56 A . (.JMicron Technology Corp. - JMicron NDIS6.20 Driver.) -- C:\Windows\System32\drivers\JME.sys [132624] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776] ©
O58 - SDL:2014/04/22 15:08:35 A . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736] ©
O58 - SDL:2009/07/13 23:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264] ©
O58 - SDL:2011/07/06 19:37:46 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352] ©
O58 - SDL:2011/07/06 19:37:46 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272] ©
O58 - SDL:2012/03/06 10:27:02 A . (.Positivo Informática S.A. - Kernel-mode WDM driver.) -- C:\Windows\System32\drivers\pad.sys [69520]
O58 - SDL:2009/07/13 23:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816] ©
O58 - SDL:2009/07/13 23:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592] ©
O58 - SDL:2011/01/05 01:51:16 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RTKVHD64.sys [2697448] ©
O58 - SDL:2011/12/22 00:04:10 A . (.Realtek Semiconductor Corporation - Realtek RTL81892CE NDIS Driverr.) -- C:\Windows\System32\drivers\rtl8192ce.sys [876136] ©
O58 - SDL:2009/06/10 18:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] ©
O58 - SDL:2009/07/13 23:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584] ©
O58 - SDL:2009/07/13 23:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464] ©
O58 - SDL:2009/07/13 23:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656] ©
O58 - SDL:2010/02/10 17:32:00 A . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\Windows\System32\drivers\SynTP.sys [316464] ©
O58 - SDL:2012/12/13 15:50:36 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\drivers\usbaapl64.sys [54784] ©
O58 - SDL:2009/07/13 23:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488] ©
O58 - SDL:2009/07/13 23:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872] ©
O58 - SDL:2015/06/19 00:30:49 A . (.Basil - WinDivert (web: http://reqrypt.org/windiver.) -- C:\Windows\System32\WinDivert64.sys [38104]

---\\ Últimos ficheiros alterados ou criados (Utilizador) (2) - 20s
O61 - LFC: 2015/11/05 09:00:15 A . (..) -- C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [674082]
O61 - LFC: 2015/11/05 08:58:40 A . (..) -- C:\Users\Patricia\AppData\Local\ATI\ACE\Manifest.Bin [30466]

---\\ Associações Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe ©
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos.) -- C:\Windows\System32\eventvwr.exe ©
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ©
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe ©
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe ©
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Menu de inicialização Internet (8) - 1s
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ©
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe ©
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe ©
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe ©

---\\ Pesquisa de infeção nos navegadores da Internet (3) - 1s
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com/
O69 - SBI: SearchScopes [HKCU] {C5E77E80-162D-477D-8D54-4400BE887840} - (Ask Search) - http://websearch.ask.com/ =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {D4A7713C-8FD5-43B4-9BE8-48F0F1C27D6C} - (Google) - http://www.google.com/

---\\ Listagem dos serviços iniciados pelo Svchost (32) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [72192] ©
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [80384] ©
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [80384] ©
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236032] ©
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [777728] ©
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\IKEEXT.DLL [859648] ©
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\audiosrv.dll [680960] ©
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acess.) -- C:\Windows\System32\rasauto.dll [99328] ©
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [344064] ©
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [97792] ©
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistem.) -- C:\Windows\System32\Sens.dll [64512] ©
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [359424] ©
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windo.) -- C:\Windows\System32\tapisrv.dll [316928] ©
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor.) -- C:\Windows\System32\termsrv.dll [683520] ©
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2607104] ©
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de pla.) -- C:\Windows\System32\qmgr.dll [849920] ©
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [370688] ©
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em u.) -- C:\Windows\System32\iphlpsvc.dll [569344] ©
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\System32\seclogon.dll [30720] ©
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [70656] ©
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672] ©
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [67584] ©
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688] ©
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho.) -- C:\Windows\System32\SessEnv.dll [121856] ©
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [136704] ©
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [111104] ©
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [1110016] ©
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\KMSVC.DLL [90624] ©
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [84480] ©
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [210432] ©
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [44544] ©
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [100864] ©

---\\ Lista das exceções do FireWall (FirewallRules) (1) - 10s
O87 - FAEL: "{099C39BC-9B03-432F-88EC-795A11988F01}" [In-None-P17-TRUE] .(.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files (x86)\Diebold\Warsaw\core.exe

---\\ Serviços não Microsoft (SR=Executados, SS=Parados) (13) - 66s

SS - Demand [28/10/2015] [ 269000] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ©
SR - Auto [26/01/2012] [ 235520] (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe ©
SR - Auto [27/01/2012] [ 361984] AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe ©
SR - Auto [07/09/2013] [ 55624] Apple Mobile Device (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe ©
SR - Auto [20/03/2012] [ 45056] Battery Manager Service (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - Auto [12/08/2015] [ 587576] Gbp Service (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SS - Auto [01/09/2015] [ 144200] Serviço do Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ©
SS - Demand [01/09/2015] [ 144200] Serviço do Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ©
SS - Demand [09/05/2011] [ 136120] Google Updater Service (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe ©
SS - Demand [18/09/2013] [ 641352] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe ©
SR - Auto [15/02/2011] [ 33792] (PowerBiosServer) . (.Copyright (C) 2008.) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
SR - Auto [24/06/2015] [ 858424] Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA.) - C:\Program Files\Diebold\Warsaw\core.exe

---\\ Scâner Aditional (3) - 0s
HKLM\SOFTWARE\Wow6432Node\Trymedia Systems =>PUP.Optional.Trymedia
C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.AskBar
C:\ProgramData\APN =>Toolbar.Ask

---\\ Informações complémentaires do módulos (3) - 0s
http://www.nicolascoolman.fr/adware-trymedia/ =>PUP.Optional.Trymedia
http://www.nicolascoolman.fr/blog =>Toolbar.AskBar
http://www.nicolascoolman.fr/toolbar-ask/ =>Toolbar.Ask

~ End of the scan, 31179 items in 381 seconds (618)(0)

caedurodrigues · 05/11/2015

Bom dia NascarBR,
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe:<> (...by Nicolas Coolman)
Na página, clique
Salve-a na Desktop (Área de trabalho)
Execute ZHPCleaner.exe.
Clique "Eu"
Clique Scanner.
Ao concluir,clique Reparar.
Aguarde a Conclusão !
Clique Relatório.
Poste o Relatório.

Baixe: <> (...par Xplode)
Ou aqui >>AdwCleaner<<
Salve-a na sua Desktop (área de trabalho).
Feche todos os programas e navegadores de internet abertos.
Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
Clique em Examinar, para iniciar o escaneamento!
Ao término, clique em limpar
Copie o log ou clique "Relatório".
Poste: >>C:\AdwCleaner\AdwCleaner [C1].txt<<

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Mantenha desativados seus programas de proteção para não causar conflitos.

J. Augusto F · 05/11/2015

caedurodrigues disse:
Bom dia NascarBR,
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe:<> (...by Nicolas Coolman)

Na página, clique

Salve-a na Desktop (Área de trabalho)

Execute ZHPCleaner.exe.

Clique "Eu"

Clique Scanner.

Ao concluir,clique Reparar.

Aguarde a Conclusão !

Clique Relatório.

Poste o Relatório.

Baixe: <> (...par Xplode)

Ou aqui >>AdwCleaner<<

Salve-a na sua Desktop (área de trabalho).

Feche todos os programas e navegadores de internet abertos.

Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:

Clique em Examinar, para iniciar o escaneamento!

Ao término, clique em limpar

Copie o log ou clique "Relatório".

Poste: >>C:\AdwCleaner\AdwCleaner [C1].txt<<

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Mantenha desativados seus programas de proteção para não causar conflitos.

Relatório ZHPCleaner:

~ ZHPCleaner v2015.11.4.373 by Nicolas Coolman (2015/11/04)
~ Run by Patricia (Administrator) (05/11/2015 10:52:04)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Patricia\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Patricia\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)

---\\ Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Arquivo hosts (1)
~ O arquivo hosts é legítimo (20)

---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Explorer ( Arquivos, Pastas) (4)
MOVIDO pasta: C:\Users\Patricia\AppData\Roaming\unins000.exe [ - Setup/Uninstall] =>PUP.Optional.Pirrit
MOVIDO pasta: C:\Users\Patricia\AppData\Roaming\unins001.exe [ - Setup/Uninstall] =>PUP.Optional.Pirrit
MOVIDO arquivo: C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.AskBar
MOVIDO arquivo: C:\ProgramData\APN =>Toolbar.Ask

---\\ Registro ( Chaves, Valores, Dados ) (18)
SUPRIMIDO chave*: HKLM\SOFTWARE\Wow6432Node\Policies\Google\Update [] =>PUM.Security.Hijack
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Trymedia Systems [] =>PUP.Optional.Trymedia
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS [] =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32 [] =>PUP.Optional.Generic
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS [] =>PUP.Optional.Generic

---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Mozilla Firefox)
~ Este navegador está faltando ! (Opera Software)

---\\ Estatísticas
~ Items scan : 238
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 22

~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-05112015-10_52_36.txt
ZHPCleaner-~~-05112015-10_48_38.txt~~

Relatório ADWCleaner:

# AdwCleaner v5.018 - Relatório criado 05/11/2015 às 11:02:06
# Atualizado 05/11/2015 por Xplode
# Banco de dados : 2015-11-03.2 [Servidor]
# Sistema operacional : Windows 7 Home Basic Service Pack 1 (x64)
# Usuário : Patricia - PATRICIA-PC
# Executando de : C:\Users\Patricia\Desktop\AdwCleaner.exe
# Opção : Limpar
# Apoio : http://toolslib.net/forum

***** [ Serviços ] *****

***** [ Pastas ] *****

[-] Pasta Excluído : C:\ProgramData\Ask

***** [ Arquivos ] *****

[-] Arquivo Excluído : C:\Windows\SysNative\WinDivert64.sys

***** [ DLLs ] *****

***** [ Atalhos ] *****

***** [ Tarefas agendadas ] *****

***** [ Registro ] *****

[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C5E77E80-162D-477D-8D54-4400BE887840}

***** [ Navegadores ] *****

[-] [C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : ask.com
[-] [C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.ask.com

*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1161 bytes] ##########

caedurodrigues · 05/11/2015

Boa tarde NascarBR,

Baixe:<> (...by Malwarebytes)
Dê um duplo-clique no mbam-setup.exe para instalar o programa.
Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"
Clique "Concluir".
Se houver atualizações a serem feitas, serão baixadas e instaladas !
Escolha Configurações >> Detecção e proteção >> Marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados), selecione Tratar detecções como malware.
Clique em Verificar. Em seguida Verificar Ameaça e por fim em Iniciar Verificação.
Começara então o escaneamento. Aguarde pois pode demorar.
Ps: Para determinadas infecções,o programa pedirá reboot. << Confirme!
Ao concluir, se houver ítens encontrados, clique no botão Remover Selecionados
O log é automaticamente salvo pelo MBAM, e para vê-lo clique na aba Histórico >> Logs de aplicativos na janela principal do programa.
Dê um duplo-clique em Scan Log. Depois clique no botão Exportar. Utilize o formato .txt para exportar o log e salve-o na área de trabalho.
NÃO UTILIZAR O FORMATO .XML PARA EXPORTAR O LOG.
O log de Proteção e desnecessário para uma Análise, exporte sempre o log Correto.

Poste um novo relatório da ZHPDiag. Um grande abraço.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez).
Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

J. Augusto F · 05/11/2015

caedurodrigues disse:
Boa tarde NascarBR,

Baixe:<> (...by Malwarebytes)

Dê um duplo-clique no mbam-setup.exe para instalar o programa.

Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"

Clique "Concluir".

Se houver atualizações a serem feitas, serão baixadas e instaladas !

Escolha Configurações >> Detecção e proteção >> Marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados), selecione Tratar detecções como malware.

Clique em Verificar. Em seguida Verificar Ameaça e por fim em Iniciar Verificação.

Começara então o escaneamento. Aguarde pois pode demorar.

Ps: Para determinadas infecções,o programa pedirá reboot. << Confirme!

Ao concluir, se houver ítens encontrados, clique no botão Remover Selecionados

O log é automaticamente salvo pelo MBAM, e para vê-lo clique na aba Histórico >> Logs de aplicativos na janela principal do programa.

Dê um duplo-clique em Scan Log. Depois clique no botão Exportar. Utilize o formato .txt para exportar o log e salve-o na área de trabalho.

NÃO UTILIZAR O FORMATO .XML PARA EXPORTAR O LOG.

O log de Proteção e desnecessário para uma Análise, exporte sempre o log Correto.

Poste um novo relatório da ZHPDiag. Um grande abraço.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez).
Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Segue o log do ZHPDiag:

~ ZHPDiag v2015.11.4.161 Por Nicolas Coolman (2015/11/04)
~ iniciado por Patricia (Administrator) (2015/11/05 17:01:22)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Status da versão: Version OK
~ Modo: Scanner
~ Relatório: C:\Users\Patricia\Desktop\ZHPDiag.txt
~ Relatório: C:\Users\Patricia\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Deactivate
~ Inicialização do sistema: Normal (Normal boot)
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)

---\\ Navegadores Internet (2) - 0s
GCIE: Google Chrome v46.0.2490.80
MSIE: Internet Explorer v11.0.9600.18059

---\\ Informações sobre os produtos Windows (4) - 0s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : KO

---\\ Softwares de proteçao do sistema (4) - 6s
Malwarebytes Anti-Malware versão 2.2.0.1024
Microsoft Security Client v4.8.0204.0
Microsoft Security Essentials v4.8.204.0
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema (1) - 8s
CCleaner v4.12

---\\ Monitoramento dos softwares (1) - 8s
Adobe Flash Player 19 ActiveX

---\\ Informações sobre o sistema (6) - 0s
~ Operating System: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 3780.604 MB (69% free)
~ System Restore: Activé (Enable)
~ System drive C: has 210 GB free of 295 GB

---\\ Modo de conexão ao sistema (3) - 0s
~ Computer Name: PATRICIA-PC
~ User Name: Patricia
~ Logged in as Administrator

---\\ Enumeração das unidades dos discos (1) - 0s
~ Drive C: has 210 GB free of 295 GB (System)

---\\ Estado do Centro de Segurança do Windows (11) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

---\\ Pesquisa particular de ficheiros genéricos (24) - 3s
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - 06/07/2011 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2871808] ©
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 13/07/2009 - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) -- C:\Windows\System32\rundll32.exe [45568] ©
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 13/07/2009 - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) -- C:\Windows\System32\Wininit.exe [129024] ©
[MD5.BD06D875FB79E92DAF724C91DE743AFA] - 16/09/2015 - (.Microsoft Corporation - Internet Extensions para Win32.) -- C:\Windows\System32\wininet.dll [2487808] ©
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - 17/07/2014 - (.Microsoft Corporation - Aplicativo de Logon do Windows.) -- C:\Windows\System32\Winlogon.exe [455168] ©
[MD5.067FA52BFB59A56110A12312EF9AF243] - 21/11/2010 - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) -- C:\Windows\System32\sppcomapi.dll [232448] ©
[MD5.492D07D79E7024CA310867B526D9636D] - 06/07/2011 - (.Microsoft Corporation - DLL da API de cliente DNS.) -- C:\Windows\System32\dnsapi.dll [357888] ©
[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 06/07/2011 - (.Microsoft Corporation - DLL da API de cliente DNS.) -- C:\Windows\Syswow64\dnsapi.dll [270336] ©
[MD5.FA886682CFC5D36718D3E436AACF10B9] - 30/05/2014 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [497152] ©
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 13/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [24128] ©
[MD5.B8BD2BB284668C84865658C77574381A] - 13/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [92160] ©
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [147456] ©
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 21/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [102400] ©
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [122368] ©
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 13/07/2009 - (.Microsoft Corporation - Driver de porta i8042.) -- C:\Windows\System32\drivers\i8042prt.sys [105472] ©
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 13/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [116224] ©
[MD5.ACB6782973BD93760D597FC7BB37E692] - 28/09/2015 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [159232] ©
[MD5.09594D1089C523423B32A4229263F068] - 21/11/2010 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [261632] ©
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - 24/01/2014 - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) -- C:\Windows\System32\drivers\ntfs.sys [1684928] ©
[MD5.0086431C29C35BE1DBC43F52CC273887] - 13/07/2009 - (.Microsoft Corporation - Driver de porta paralela.) -- C:\Windows\System32\drivers\Parport.sys [97280] ©
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 21/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] ©
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 13/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [93184] ©
[MD5.70988118145F5F10EF24720B97F35F65] - 10/11/2014 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [119296] ©
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - 21/11/2010 - (.Microsoft Corporation - Driver de cópia de sombra de volume.) -- C:\Windows\System32\drivers\volsnap.sys [295808] ©

---\\ Processos lançados (20) - 4s
[MD5.78CC42364F47A889CBC4E66E8BA4DB9D] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576] [PID.796]
[MD5.F30666EEC7AABA4ABA3D826648A04E91] - (.AMD - AMD External Events Service Module.) -- C:\Windows\System32\atiesrxx.exe [235520] [PID.984] ©
[MD5.9990EA2B66C310E71C781C829FA62D1D] - (.AMD - AMD External Events Client Module.) -- C:\Windows\System32\atieclxx.exe [494080] [PID.1168] ©
[MD5.02D4B89754302FC728FF8549ED259B84] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520] [PID.1840] ©
[MD5.70E5B82A503CEEA75D20C87F2E1C7E16] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392] [PID.1848] ©
[MD5.38B4BF3371F6AA49845C720A1C6175B2] - (.Copyright © 2008 - HotKey.) -- C:\Program Files (x86)\Hotkey\Hotkey.exe [3080192] [PID.1908]
[MD5.F92177B3AD8F8D0737641A6BE85D3153] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [121128] [PID.388] ©
[MD5.3C27497C8B22124A830CA6FF9D281A8A] - (.Advanced Micro Devices, Inc. - AMD Fuel Service.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984] [PID.1272] ©
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1520] ©
[MD5.6D3242D8E7476F6A976084611A1594C1] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.1380]
[MD5.C861851A0BBD9903E324487011AA3705] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [299008] [PID.2064] ©
[MD5.969D428C21F71E552CEF1DDD486455DC] - (.Copyright (C) 2008 - PowerBiosServer.) -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33792] [PID.2300]
[MD5.D28C5A1411BB0B47E05E0D6AAF896690] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [299008] [PID.2440] ©
[MD5.2BACD71123F42CEA603F4E205E1AE337] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096] [PID.2576] ©
[MD5.2A46FFE841EC43001D5A293A54DB34DE] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [223104] [PID.2756] ©
[MD5.78CC42364F47A889CBC4E66E8BA4DB9D] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576] [PID.2964]
[MD5.B752FC4AB1F3D5048A17E1D993028998] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [1208320] [PID.3760]
[MD5.842DCC07124924D945D8F17C7768074B] - (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe [858424] [PID.1820]
[MD5.842DCC07124924D945D8F17C7768074B] - (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe [858424] [PID.4164]
[MD5.6F4483F9955DF6158FE08F2E86B62660] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Patricia\Desktop\ZHPDiag3.exe [1964544] [PID.4700] ©

---\\ Google Chrome, Arranque,Pesquisa,Extensões (11) - 1s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://adrenaline.uol.com.br
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ajax.googleapis.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.googleapis.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://partner.googleadservices.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://tm.jsuol.com.br
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.com.br
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] [] Google Chrome manifest =>.Google Inc.

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (5) - 8s
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia.) -- C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb64] - (.GAS Tecnologia.) -- C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia.) -- C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Apple Inc..) -- C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ©
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll ©

---\\ Internet Explorer, Arranque, Pesquisa, Phishing (21) - 1s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oem.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.mundopositivo.com.br/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer

---\\ Internet Explorer, Gestão do Proxy (5) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

---\\ Análise das linhas, Carregamento Automático de programas (3) - 1s
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) ©
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) ©
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) ©

---\\ Redireção do ficheiro Hosts (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (20)

---\\ Browser Helper Objects do navegador (1) - 0s
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll ©

---\\ Aplicações iniciadas por registo & pastas (9) - 1s
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ©
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe ©
O4 - HKLM\..\Run: [Diebold - Warsaw] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ©
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ©
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ©

---\\ Alteração Dominio/Clientes DNS (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.17 201.6.2.157
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.17 201.6.2.157
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.17 201.6.2.157

---\\ Protocolo adicional (24) - 2s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\SysWOW64\MSVidCtl.dll ©
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll ©
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll ©
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll ©
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll ©
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll ©
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll ©
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\SysWOW64\MSVidCtl.dll ©
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ©
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ©
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ©
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL ©

---\\ Serviços NT não Microsoft e não desativados (9) - 2s
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe ©
O23 - Service: AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc. - AMD Fuel Service.) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe ©
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe ©
O23 - Service: Battery Manager Service (BatteryManagerSrv) . (.Positivo Informática S.A - Battery Power Service.) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ©
O23 - Service: (MBAMService) . (.Malwarebytes - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe ©
O23 - Service: (PowerBiosServer) . (.Copyright (C) 2008 - PowerBiosServer.) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) - C:\Program Files\Diebold\Warsaw\core.exe

---\\ Listagem dos dados do BootExecute (1) - 0s
O34 - HKLM BootExecute: (sdnclean64.exe)

---\\ Tarefas planificadas automaticamente (12) - 4s
[MD5.8C194A201698B4B4F77D974549819D1F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269000] ©
[MD5.DB1654ADB276501C44DB0FE5E8A0841D] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [4613912] ©
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] ©
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] ©
[MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [Apple\AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984] ©
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902] ©
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1066] ©
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1070] ©
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3840] ©
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2778] ©
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3814] ©
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [4066] ©

---\\ Software instalados (53) - 31s
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner ©
O42 - Logiciel: Software para Impressoras EPSON - (...) [HKLM][64Bits] -- EPSON Printer and Utilities
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Security Client ©
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey ©
O42 - Logiciel: Warsaw 1.7.0.10188 64 bits - (.GAS Tecnologia.) [HKLM][64Bits] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C} ©
O42 - Logiciel: AMD APP SDK Runtime - (.Advanced Micro Devices Inc..) [HKLM][64Bits] -- {503F672D-6C84-448A-8F8F-4BC35AC83441} ©
O42 - Logiciel: AMD Catalyst Install Manager - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {622AAD48-8809-A67D-68F2-776DDEA64D27} ©
O42 - Logiciel: AMD Media Foundation Decoders - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {781340EA-2696-75E5-ACD8-45BCBE3E582B} ©
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} ©
O42 - Logiciel: Positivo Áudio - (.Positivo Informática S.A..) [HKLM][64Bits] -- {D00FA097-5115-400D-84AD-4ADEF3EBDB5E}_is1
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM][64Bits] -- {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} ©
O42 - Logiciel: Gerenciador de Inicialização Positivo - (.Positivo Informática S.A..) [HKLM][64Bits] -- {E365D4D7-BD51-4A7F-8ECA-0B6C0C42D3CF}_is1
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {F73A118B-8271-47E2-8790-0C636B2539C5} ©
O42 - Logiciel: Adobe Flash Player 19 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX ©
O42 - Logiciel: Chuzzle Deluxe (remove only) - (...) [HKLM][64Bits] -- Chuzzle Deluxe
O42 - Logiciel: Delicious - Emily's Childhood Memories Premium Edition (remove only) - (...) [HKLM][64Bits] -- Delicious - Emily's Childhood Memories Premium Edition
O42 - Logiciel: Dia (remover apenas) - (...) [HKLM][64Bits] -- Dia
O42 - Logiciel: EPSON Scan - (...) [HKLM][64Bits] -- EPSON Scanner
O42 - Logiciel: Foxit Reader - (.Foxit Corporation.) [HKLM][64Bits] -- Foxit Reader_is1 ©
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome ©
O42 - Logiciel: Hotkey 3.3043 - (.NoteBook.) [HKLM][64Bits] -- InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A} ©
O42 - Logiciel: Malwarebytes Anti-Malware versão 2.2.0.1024 - (.Malwarebytes.) [HKLM][64Bits] -- Malwarebytes Anti-Malware_is1 ©
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM][64Bits] -- Picasa 3 ©
O42 - Logiciel: VLC media player 2.0.2 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player ©
O42 - Logiciel: Hotkey 3.3043 - (.NoteBook.) [HKLM][64Bits] -- {164714B6-46BC-4649-9A30-A6ED32F03B5A} ©
O42 - Logiciel: Warsaw 1.3.1 - (.GAS Tecnologia.) [HKLM][64Bits] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
O42 - Logiciel: JMicron Flash Media Controller Driver - (.JMicron Technology Corp..) [HKLM][64Bits] -- {26604C7E-A313-4D12-867F-7C6E7820BE4C} ©
O42 - Logiciel: Java 8 Update 31 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83218031F0} ©
O42 - Logiciel: Microsoft XNA Framework Redistributable 4.0 - (.Microsoft Corporation.) [HKLM][64Bits] -- {2BFC7AA0-544C-4E3A-8796-67F3BE655BE9} ©
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Suporte para Aplicativos Apple - (.Apple Inc..) [HKLM][64Bits] -- {46F044A5-CE8B-4196-984E-5BD6525E361D} ©
O42 - Logiciel: Software de Cadastro Positivo 6.0 - (.Positivo Informática.) [HKLM][64Bits] -- {4A33ECF3-6AC6-4A9B-932C-4E81625423C7}_is1
O42 - Logiciel: Positivo Conecta - (.Positivo Informática S.A..) [HKLM][64Bits] -- {4F23361B-2B38-46E2-BA1A-D920F270D5FB}_is1
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {51C7AD07-C3F6-4635-8E8A-231306D810FE} ©
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ©
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} ©
O42 - Logiciel: Positivo Sincronize - (.Positivo Informática S.A..) [HKLM][64Bits] -- {6DA3261A-DCEB-401A-ABE0-A367C252B86C}_is1
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} ©
O42 - Logiciel: Catalyst Control Center - Branding - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {796FF8E0-B679-4A70-8D95-F86D3E19E4FD} ©
O42 - Logiciel: Positivo Monitora - (.Positivo Informática S.A..) [HKLM][64Bits] -- {8aaef6d0-68e7-4f99-b98d-e5ae19edbc99}_is1
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} ©
O42 - Logiciel: JMicron Ethernet Adapter NDIS Driver - (.JMicron Technology Corp..) [HKLM][64Bits] -- {96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F} ©
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {9D3D8C60-A55F-4123-B2B9-173F09590E16} ©
O42 - Logiciel: Google+ Auto Backup - (.Google.) [HKLM][64Bits] -- {A50DE037-B5C0-4C8A-8049-B0C576B313D1} ©
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ©
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} ©
O42 - Logiciel: Positivo WebCam - (.Positivo Informática S.A..) [HKLM][64Bits] -- {E11C7438-7550-4676-92CE-846CC5DA3548}_is1
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {ED5776D5-59B4-46B7-AF81-5F2D94D7C640} ©
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} ©
O42 - Logiciel: Positivo Roteador - (.Positivo Informática S.A..) [HKLM][64Bits] -- {f1cb797f-bf34-495c-bda9-efe098837651}_is1
O42 - Logiciel: Positivo Bateria - (.Positivo Informática S.A..) [HKLM][64Bits] -- {FD6F6859-2863-4ABB-87D0-A263F3E9FF45}_is1

---\\ Ponto de restauro do sistema (63) - 31s
HKLM\SOFTWARE\Wow6432Node\Adobe
HKLM\SOFTWARE\Wow6432Node\AdwCleaner
HKLM\SOFTWARE\Wow6432Node\Alawar
HKLM\SOFTWARE\Wow6432Node\AMD
HKLM\SOFTWARE\Wow6432Node\Apple Computer, Inc.
HKLM\SOFTWARE\Wow6432Node\Apple Inc.
HKLM\SOFTWARE\Wow6432Node\ATI
HKLM\SOFTWARE\Wow6432Node\ATI Technologies
HKLM\SOFTWARE\Wow6432Node\AutoHelpDesk
HKLM\SOFTWARE\Wow6432Node\Dia
HKLM\SOFTWARE\Wow6432Node\DivXNetworks
HKLM\SOFTWARE\Wow6432Node\EPSON
HKLM\SOFTWARE\Wow6432Node\Foxit Software
HKLM\SOFTWARE\Wow6432Node\Google
HKLM\SOFTWARE\Wow6432Node\Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos
HKLM\SOFTWARE\Wow6432Node\Macromedia
HKLM\SOFTWARE\Wow6432Node\Mozilla
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\ODBC
HKLM\SOFTWARE\Wow6432Node\OldTimer Tools
HKLM\SOFTWARE\Wow6432Node\Positivo Informatica
HKLM\SOFTWARE\Wow6432Node\Realtek
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited
HKLM\SOFTWARE\Wow6432Node\VideoLAN
HKLM\SOFTWARE\Wow6432Node\Wow6432Node
HKLM\SOFTWARE\Wow6432Node\Zylom Games
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc.
HKCU\SOFTWARE\ATI
HKCU\SOFTWARE\AutoHelpDesk
HKCU\SOFTWARE\EPSON
HKCU\SOFTWARE\Foxit Software
HKCU\SOFTWARE\GbAs
HKCU\SOFTWARE\GbPlugin
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\hotkey
HKCU\SOFTWARE\JavaSoft
HKCU\SOFTWARE\kde.org
HKCU\SOFTWARE\Local AppWizard-Generated Applications
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Piriform
HKCU\SOFTWARE\Positivo
HKCU\SOFTWARE\Positivo Informatica
HKCU\SOFTWARE\Positivo Informática
HKCU\SOFTWARE\QtProject
HKCU\SOFTWARE\Realtek
HKCU\SOFTWARE\Safer Networking Limited
HKCU\SOFTWARE\Synaptics
HKCU\SOFTWARE\Trolltech
HKCU\SOFTWARE\Wow6432Node
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\MB_temp
HKCU\SOFTWARE\AppDataLow\Software
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft

---\\ Conteúdo das pastas Programs (151) - 31s
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\AMD APP
O43 - CFD: 26/09/2013 - [] D -- C:\Program Files (x86)\Apple Software Update
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Cisco
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Common Files
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Dia
O43 - CFD: 20/09/2014 - [] D -- C:\Program Files (x86)\Diebold
O43 - CFD: 21/02/2013 - [] D -- C:\Program Files (x86)\epson
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Foxit Software
O43 - CFD: 20/09/2014 - [] HD -- C:\Program Files (x86)\GAS Tecnologia
O43 - CFD: 05/11/2015 - [] AD -- C:\Program Files (x86)\GbPlugin
O43 - CFD: 06/12/2013 - [] D -- C:\Program Files (x86)\Google
O43 - CFD: 26/09/2015 - [] D -- C:\Program Files (x86)\GUMBB52.tmp
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Hotkey
O43 - CFD: 19/01/2013 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 15/10/2015 - [] D -- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 26/09/2013 - [] D -- C:\Program Files (x86)\iTunes
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Java
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\JMicron
O43 - CFD: 05/11/2015 - [] D -- C:\Program Files (x86)\Malwarebytes Anti-Malware
O43 - CFD: 03/11/2015 - [0] D -- C:\Program Files (x86)\Microsoft
O43 - CFD: 18/02/2013 - [] D -- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 15/05/2015 - [] D -- C:\Program Files (x86)\Microsoft Security Client
O43 - CFD: 25/08/2015 - [] D -- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 06/02/2013 - [] D -- C:\Program Files (x86)\Microsoft Works
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Microsoft XNA
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\MSBuild
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Positivo Informática
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Realtek
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 25/06/2014 - [] D -- C:\Program Files (x86)\Spybot - Search & Destroy 2
O43 - CFD: 19/01/2013 - [0] HD -- C:\Program Files (x86)\Temp
O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\VideoLAN
O43 - CFD: 12/07/2013 - [] D -- C:\Program Files (x86)\Windows Defender
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Windows Live
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Mail
O43 - CFD: 14/06/2015 - [] D -- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Windows NT
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 22/04/2014 - [] D -- C:\Program Files (x86)\Zylom Games
O43 - CFD: 19/01/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
O43 - CFD: 22/04/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia
O43 - CFD: 21/02/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
O43 - CFD: 21/02/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
O43 - CFD: 06/02/2012 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 06/02/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
O43 - CFD: 12/12/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 25/08/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
O43 - CFD: 06/12/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
O43 - CFD: 03/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Informática
O43 - CFD: 22/04/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Jogos
O43 - CFD: 25/06/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\Adobe
O43 - CFD: 19/01/2013 - [0] D -- C:\ProgramData\AlawarWrapper
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\AMD
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\Apple
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\ATI
O43 - CFD: 19/01/2013 - [0] D -- C:\ProgramData\Audio
O43 - CFD: 05/02/2012 - [0] D -- C:\ProgramData\Audio Power
O43 - CFD: 13/05/2015 - [] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Dados de aplicativos
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Favoritos
O43 - CFD: 13/04/2015 - [] D -- C:\ProgramData\GAS Tecnologia
O43 - CFD: 05/11/2015 - [] D -- C:\ProgramData\GbPlugin
O43 - CFD: 22/04/2014 - [] D -- C:\ProgramData\Malwarebytes
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\McAfee
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Menu Iniciar
O43 - CFD: 03/11/2015 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 14/10/2015 - [] D -- C:\ProgramData\Microsoft Help
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Modelos
O43 - CFD: 12/12/2014 - [] D -- C:\ProgramData\Oracle
O43 - CFD: 13/05/2015 - [] D -- C:\ProgramData\Package Cache
O43 - CFD: 21/02/2013 - [] D -- C:\ProgramData\Positivo Informática
O43 - CFD: 23/04/2014 - [] D -- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 08/02/2013 - [] D -- C:\ProgramData\Sun
O43 - CFD: 19/06/2015 - [] D -- C:\ProgramData\Temp
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 26/09/2013 - [] D -- C:\Program Files (x86)\Common Files\Apple
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Common Files\ATI Technologies
O43 - CFD: 17/05/2014 - [] D -- C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Common Files\Java
O43 - CFD: 06/02/2013 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\Services
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 06/02/2013 - [] D -- C:\Program Files (x86)\Common Files\System
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Adobe
O43 - CFD: 26/09/2013 - [] D -- C:\Users\Patricia\AppData\Roaming\Apple Computer
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\ATI
O43 - CFD: 11/11/2014 - [] D -- C:\Users\Patricia\AppData\Roaming\dvdcss
O43 - CFD: 12/02/2013 - [] D -- C:\Users\Patricia\AppData\Roaming\Foxit Software
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Identities
O43 - CFD: 21/02/2013 - [] D -- C:\Users\Patricia\AppData\Roaming\InstallShield
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Macromedia
O43 - CFD: 14/06/2015 - [] SD -- C:\Users\Patricia\AppData\Roaming\Microsoft
O43 - CFD: 22/04/2014 - [0] D -- C:\Users\Patricia\AppData\Roaming\Positivo
O43 - CFD: 22/04/2014 - [0] D -- C:\Users\Patricia\AppData\Roaming\Positivo Backup
O43 - CFD: 06/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Positivo Mosaico
O43 - CFD: 11/11/2014 - [] D -- C:\Users\Patricia\AppData\Roaming\vlc
O43 - CFD: 05/11/2015 - [] D -- C:\Users\Patricia\AppData\Roaming\ZHP
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Local\AMD
O43 - CFD: 26/09/2013 - [] D -- C:\Users\Patricia\AppData\Local\Apple
O43 - CFD: 26/09/2013 - [] D -- C:\Users\Patricia\AppData\Local\Apple Computer
O43 - CFD: 06/02/2012 - [] D -- C:\Users\Patricia\AppData\Local\Apps
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Local\ATI
O43 - CFD: 05/02/2012 - [0] SHD -- C:\Users\Patricia\AppData\Local\Dados de aplicativos
O43 - CFD: 06/02/2013 - [0] D -- C:\Users\Patricia\AppData\Local\Deployment
O43 - CFD: 26/09/2013 - [0] D -- C:\Users\Patricia\AppData\Local\ElevatedDiagnostics
O43 - CFD: 26/08/2015 - [0] SHD -- C:\Users\Patricia\AppData\Local\EmieBrowserModeList
O43 - CFD: 26/08/2015 - [0] SHD -- C:\Users\Patricia\AppData\Local\EmieSiteList
O43 - CFD: 26/08/2015 - [0] SHD -- C:\Users\Patricia\AppData\Local\EmieUserList
O43 - CFD: 19/07/2013 - [] D -- C:\Users\Patricia\AppData\Local\GAS Tecnologia
O43 - CFD: 26/09/2015 - [] D -- C:\Users\Patricia\AppData\Local\Google
O43 - CFD: 10/07/2015 - [] D -- C:\Users\Patricia\AppData\Local\GWX
O43 - CFD: 05/02/2012 - [0] SHD -- C:\Users\Patricia\AppData\Local\Histórico
O43 - CFD: 14/06/2015 - [] D -- C:\Users\Patricia\AppData\Local\Microsoft
O43 - CFD: 06/02/2012 - [0] D -- C:\Users\Patricia\AppData\Local\Microsoft Help
O43 - CFD: 21/02/2013 - [] D -- C:\Users\Patricia\AppData\Local\Positivo
O43 - CFD: 23/01/2014 - [] D -- C:\Users\Patricia\AppData\Local\Programs
O43 - CFD: 05/11/2015 - [] D -- C:\Users\Patricia\AppData\Local\Temp
O43 - CFD: 05/02/2012 - [0] SHD -- C:\Users\Patricia\AppData\Local\Temporary Internet Files
O43 - CFD: 05/02/2012 - [0] D -- C:\Users\Patricia\AppData\Local\VirtualStore
O43 - CFD: 14/07/2009 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 15/10/2015 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
O43 - CFD: 23/01/2014 - [] D -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 14/07/2009 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 15/10/2015 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

---\\ Softwares de proteçao do sistema (Supérfluo) (2) - 0s
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - DLL de Extensão do Shell do Armazenamento A.) -- C:\Windows\System32\EhStorShell.dll ©
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Extensões do Shell para compartilhamento.) -- C:\Windows\System32\ntshrui.dll ©

---\\ Enumeração das chaves StartupReg (4) - 7s
O53 - SMSR:HKLM\...\startupreg\APSDaemon [Key] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe ©
O53 - SMSR:HKLM\...\startupreg\Diebold - Warsaw [Key] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files (x86)\Diebold\Warsaw\core.exe
O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe ©
O53 - SMSR:HKLM\...\startupreg\StartUpManagerPositivo [Key] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe

---\\ Lista dos drivers do sistema (61) - 10s
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440] ©
O58 - SDL:2010/02/18 09:18:24 A . (.Advanced Micro Devices - AMD IO Driver.) -- C:\Windows\System32\drivers\amdiox64.sys [46136] ©
O58 - SDL:2011/07/06 19:37:46 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904] ©
O58 - SDL:2009/07/13 23:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128] ©
O58 - SDL:2011/07/06 19:37:46 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008] ©
O58 - SDL:2011/10/28 09:41:26 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amd_sata.sys [80512] ©
O58 - SDL:2011/10/28 09:41:28 A . (.Advanced Micro Devices - Stor Filter Driver.) -- C:\Windows\System32\drivers\amd_xata.sys [42624] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856] ©
O58 - SDL:2011/12/05 04:47:30 A . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\Windows\System32\drivers\AtihdW76.sys [95248] ©
O58 - SDL:2012/01/26 22:41:34 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\System32\drivers\atikmdag.sys [10721280] ©
O58 - SDL:2012/01/26 21:06:00 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\System32\drivers\atikmpag.sys [327168] ©
O58 - SDL:2009/06/10 18:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848] ©
O58 - SDL:2009/06/10 18:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432] ©
O58 - SDL:2009/06/10 18:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704] ©
O58 - SDL:2009/07/13 23:19:07 A . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720] ©
O58 - SDL:2009/06/10 18:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104] ©
O58 - SDL:2009/06/10 18:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976] ©
O58 - SDL:2009/06/10 18:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720] ©
O58 - SDL:2009/06/10 18:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480] ©
O58 - SDL:2009/07/13 23:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488] ©
O58 - SDL:2009/07/13 23:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496] ©
O58 - SDL:2009/06/10 18:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016] ©
O58 - SDL:2015/11/05 17:03:17 A . (.GAS Tecnologia - GAS Tecnologia - FAC.) -- C:\Windows\System32\drivers\gbpddfac64.sys [28888]
O58 - SDL:2012/08/21 14:01:20 A . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys [33240] ©
O58 - SDL:2009/06/10 18:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232] ©
O58 - SDL:2010/11/21 01:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720] ©
O58 - SDL:2011/07/06 19:37:46 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496] ©
O58 - SDL:2009/07/13 23:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112] ©
O58 - SDL:2011/06/23 01:26:28 A . (.JMicron Technology Corporation - JMicron PCIe Flash Media Controller Driver.) -- C:\Windows\System32\drivers\jmcr.sys [174680] ©
O58 - SDL:2011/01/14 19:24:56 A . (.JMicron Technology Corp. - JMicron NDIS6.20 Driver.) -- C:\Windows\System32\drivers\JME.sys [132624] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776] ©
O58 - SDL:2015/10/05 09:50:06 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [25816] ©
O58 - SDL:2015/10/05 09:50:10 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) -- C:\Windows\System32\drivers\mbamchameleon.sys [109272] ©
O58 - SDL:2015/11/05 14:42:31 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736] ©
O58 - SDL:2015/10/05 09:50:18 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) -- C:\Windows\System32\drivers\mwac.sys [63704] ©
O58 - SDL:2009/07/13 23:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264] ©
O58 - SDL:2011/07/06 19:37:46 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352] ©
O58 - SDL:2011/07/06 19:37:46 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272] ©
O58 - SDL:2012/03/06 10:27:02 A . (.Positivo Informática S.A. - Kernel-mode WDM driver.) -- C:\Windows\System32\drivers\pad.sys [69520]
O58 - SDL:2009/07/13 23:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816] ©
O58 - SDL:2009/07/13 23:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592] ©
O58 - SDL:2011/01/05 01:51:16 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RTKVHD64.sys [2697448] ©
O58 - SDL:2011/12/22 00:04:10 A . (.Realtek Semiconductor Corporation - Realtek RTL81892CE NDIS Driverr.) -- C:\Windows\System32\drivers\rtl8192ce.sys [876136] ©
O58 - SDL:2009/06/10 18:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] ©
O58 - SDL:2009/07/13 23:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584] ©
O58 - SDL:2009/07/13 23:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464] ©
O58 - SDL:2009/07/13 23:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656] ©
O58 - SDL:2010/02/10 17:32:00 A . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\Windows\System32\drivers\SynTP.sys [316464] ©
O58 - SDL:2012/12/13 15:50:36 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\drivers\usbaapl64.sys [54784] ©
O58 - SDL:2009/07/13 23:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488] ©
O58 - SDL:2009/07/13 23:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872] ©
O58 - SDL:2015/11/05 13:44:03 A . (.Basil - WinDivert (web: http://reqrypt.org/windiver.) -- C:\Windows\System32\WinDivert64.sys [38104]

---\\ Últimos ficheiros alterados ou criados (Utilizador) (2) - 28s
O61 - LFC: 2015/11/05 12:44:16 A . (..) -- C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [674082]
O61 - LFC: 2015/11/05 11:03:54 A . (..) -- C:\Users\Patricia\AppData\Local\ATI\ACE\Manifest.Bin [30466]

---\\ Associações Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe ©
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos.) -- C:\Windows\System32\eventvwr.exe ©
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ©
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe ©
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe ©
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Menu de inicialização Internet (8) - 1s
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ©
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe ©
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe ©
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe ©

---\\ Pesquisa de infeção nos navegadores da Internet (2) - 1s
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com/
O69 - SBI: SearchScopes [HKCU] {D4A7713C-8FD5-43B4-9BE8-48F0F1C27D6C} - (Google) - http://www.google.com/

---\\ Listagem dos serviços iniciados pelo Svchost (32) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [72192] ©
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [80384] ©
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [80384] ©
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236032] ©
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [777728] ©
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\IKEEXT.DLL [859648] ©
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\audiosrv.dll [680960] ©
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acess.) -- C:\Windows\System32\rasauto.dll [99328] ©
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [344064] ©
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [97792] ©
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistem.) -- C:\Windows\System32\Sens.dll [64512] ©
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [359424] ©
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windo.) -- C:\Windows\System32\tapisrv.dll [316928] ©
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor.) -- C:\Windows\System32\termsrv.dll [683520] ©
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2607104] ©
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de pla.) -- C:\Windows\System32\qmgr.dll [849920] ©
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [370688] ©
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em u.) -- C:\Windows\System32\iphlpsvc.dll [569344] ©
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\System32\seclogon.dll [30720] ©
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [70656] ©
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672] ©
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [67584] ©
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688] ©
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho.) -- C:\Windows\System32\SessEnv.dll [121856] ©
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [136704] ©
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [111104] ©
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [1110016] ©
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\KMSVC.DLL [90624] ©
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [84480] ©
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [210432] ©
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [44544] ©
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [100864] ©

---\\ Lista das exceções do FireWall (FirewallRules) (1) - 3s
O87 - FAEL: "{099C39BC-9B03-432F-88EC-795A11988F01}" [In-None-P17-TRUE] .(.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files (x86)\Diebold\Warsaw\core.exe

---\\ Serviços não Microsoft (SR=Executados, SS=Parados) (14) - 53s

SS - Demand [28/10/2015] [ 269000] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ©
SR - Auto [26/01/2012] [ 235520] (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe ©
SR - Auto [27/01/2012] [ 361984] AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe ©
SR - Auto [07/09/2013] [ 55624] Apple Mobile Device (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe ©
SR - Auto [20/03/2012] [ 45056] Battery Manager Service (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - Auto [12/08/2015] [ 587576] Gbp Service (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SS - Auto [01/09/2015] [ 144200] Serviço do Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ©
SS - Demand [01/09/2015] [ 144200] Serviço do Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ©
SS - Demand [09/05/2011] [ 136120] Google Updater Service (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe ©
SS - Demand [18/09/2013] [ 641352] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe ©
SS - Auto [05/10/2015] [ 1135416] (MBAMService) . (.Malwarebytes.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe ©
SR - Auto [15/02/2011] [ 33792] (PowerBiosServer) . (.Copyright (C) 2008.) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
SR - Auto [24/06/2015] [ 858424] Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA.) - C:\Program Files\Diebold\Warsaw\core.exe

---\\ Scâner Aditional (1) - 0s
~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Informações complémentaires do módulos (1) - 0s
~ Nenhum ítem malicioso o desnecessários foi encontrado.

~ End of the scan, 31227 items in 247 seconds (626)(0)

caedurodrigues · 05/11/2015

Boa noite NascarBR, faltou postar o relatório do Malwarebytes

. Um grande abraço.

J. Augusto F · 08/11/2015

caedurodrigues disse:
Boa noite NascarBR, faltou postar o relatório do Malwarebytes . Um grande abraço.

Desculpe a demora, tive um fim de semana muito corrido. Segue o relatório do Malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verificação: 05/11/2015
Hora da verificação: 13:55
Arquivo de registro: Malwarebytes.txt
Administrador: Sim

Versão: 2.2.0.1024
Banco de dados de malware: v2015.11.05.04
Banco de dados de rootkit: v2015.11.04.02
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Patricia

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 321937
Tempo decorrido: 27 min, 57 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 0
(Nenhum item malicioso detectado)

Valores de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 0
(Nenhum item malicioso detectado)

Setores físicos: 0
(Nenhum item malicioso detectado)

(end)

caedurodrigues · 08/11/2015

Boa tarde NascarBR, poste um novo relatório da ZHPDiag.

J. Augusto F · 08/11/2015

caedurodrigues disse:
Boa tarde NascarBR, poste um novo relatório da ZHPDiag.

~ ZHPDiag v2015.11.4.161 Por Nicolas Coolman (2015/11/04)
~ iniciado por Patricia (Administrator) (2015/11/08 17:05:34)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Status da versão: Version OK
~ Modo: Scanner
~ Relatório: C:\Users\Patricia\Desktop\ZHPDiag.txt
~ Relatório: C:\Users\Patricia\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Deactivate
~ Inicialização do sistema: Normal (Normal boot)
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)

---\\ Navegadores Internet (2) - 0s
GCIE: Google Chrome v46.0.2490.80
MSIE: Internet Explorer v11.0.9600.18059

---\\ Informações sobre os produtos Windows (4) - 0s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : KO

---\\ Softwares de proteçao do sistema (4) - 3s
Malwarebytes Anti-Malware versão 2.2.0.1024
Microsoft Security Client v4.8.0204.0
Microsoft Security Essentials v4.8.204.0
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema (1) - 4s
CCleaner v4.12

---\\ Monitoramento dos softwares (1) - 4s
Adobe Flash Player 19 ActiveX

---\\ Informações sobre o sistema (7) - 0s
~ Operating System: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 3780.604 MB (64% free)
~ System Restore: Activé (Enable)
~ System drive C: has 210 GB free of 295 GB
Total RAM: 3780.604 MB (63% free)

---\\ Modo de conexão ao sistema (3) - 0s
~ Computer Name: PATRICIA-PC
~ User Name: Patricia
~ Logged in as Administrator

---\\ Enumeração das unidades dos discos (1) - 0s
~ Drive C: has 210 GB free of 295 GB (System)

---\\ Estado do Centro de Segurança do Windows (11) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

---\\ Pesquisa particular de ficheiros genéricos (24) - 1s
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - 06/07/2011 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2871808] ©
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 13/07/2009 - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) -- C:\Windows\System32\rundll32.exe [45568] ©
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 13/07/2009 - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) -- C:\Windows\System32\Wininit.exe [129024] ©
[MD5.BD06D875FB79E92DAF724C91DE743AFA] - 16/09/2015 - (.Microsoft Corporation - Internet Extensions para Win32.) -- C:\Windows\System32\wininet.dll [2487808] ©
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - 17/07/2014 - (.Microsoft Corporation - Aplicativo de Logon do Windows.) -- C:\Windows\System32\Winlogon.exe [455168] ©
[MD5.067FA52BFB59A56110A12312EF9AF243] - 21/11/2010 - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) -- C:\Windows\System32\sppcomapi.dll [232448] ©
[MD5.492D07D79E7024CA310867B526D9636D] - 06/07/2011 - (.Microsoft Corporation - DLL da API de cliente DNS.) -- C:\Windows\System32\dnsapi.dll [357888] ©
[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 06/07/2011 - (.Microsoft Corporation - DLL da API de cliente DNS.) -- C:\Windows\Syswow64\dnsapi.dll [270336] ©
[MD5.FA886682CFC5D36718D3E436AACF10B9] - 30/05/2014 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [497152] ©
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 13/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [24128] ©
[MD5.B8BD2BB284668C84865658C77574381A] - 13/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [92160] ©
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [147456] ©
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 21/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [102400] ©
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [122368] ©
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 13/07/2009 - (.Microsoft Corporation - Driver de porta i8042.) -- C:\Windows\System32\drivers\i8042prt.sys [105472] ©
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 13/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [116224] ©
[MD5.ACB6782973BD93760D597FC7BB37E692] - 28/09/2015 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [159232] ©
[MD5.09594D1089C523423B32A4229263F068] - 21/11/2010 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [261632] ©
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - 24/01/2014 - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) -- C:\Windows\System32\drivers\ntfs.sys [1684928] ©
[MD5.0086431C29C35BE1DBC43F52CC273887] - 13/07/2009 - (.Microsoft Corporation - Driver de porta paralela.) -- C:\Windows\System32\drivers\Parport.sys [97280] ©
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 21/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] ©
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 13/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [93184] ©
[MD5.70988118145F5F10EF24720B97F35F65] - 10/11/2014 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [119296] ©
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - 21/11/2010 - (.Microsoft Corporation - Driver de cópia de sombra de volume.) -- C:\Windows\System32\drivers\volsnap.sys [295808] ©

---\\ Processos lançados (20) - 3s
[MD5.78CC42364F47A889CBC4E66E8BA4DB9D] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576] [PID.804]
[MD5.F30666EEC7AABA4ABA3D826648A04E91] - (.AMD - AMD External Events Service Module.) -- C:\Windows\System32\atiesrxx.exe [235520] [PID.1012] ©
[MD5.9990EA2B66C310E71C781C829FA62D1D] - (.AMD - AMD External Events Client Module.) -- C:\Windows\System32\atieclxx.exe [494080] [PID.1176] ©
[MD5.3C27497C8B22124A830CA6FF9D281A8A] - (.Advanced Micro Devices, Inc. - AMD Fuel Service.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984] [PID.1952] ©
[MD5.02D4B89754302FC728FF8549ED259B84] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520] [PID.1968] ©
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1072] ©
[MD5.70E5B82A503CEEA75D20C87F2E1C7E16] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392] [PID.1432] ©
[MD5.6D3242D8E7476F6A976084611A1594C1] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.980]
[MD5.842DCC07124924D945D8F17C7768074B] - (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe [858424] [PID.1704]
[MD5.38B4BF3371F6AA49845C720A1C6175B2] - (.Copyright © 2008 - HotKey.) -- C:\Program Files (x86)\Hotkey\Hotkey.exe [3080192] [PID.2084]
[MD5.F92177B3AD8F8D0737641A6BE85D3153] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [121128] [PID.2212] ©
[MD5.C861851A0BBD9903E324487011AA3705] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [299008] [PID.2532] ©
[MD5.969D428C21F71E552CEF1DDD486455DC] - (.Copyright (C) 2008 - PowerBiosServer.) -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33792] [PID.2900]
[MD5.842DCC07124924D945D8F17C7768074B] - (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe [858424] [PID.3028]
[MD5.2BACD71123F42CEA603F4E205E1AE337] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096] [PID.3064] ©
[MD5.2A46FFE841EC43001D5A293A54DB34DE] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [223104] [PID.2076] ©
[MD5.78CC42364F47A889CBC4E66E8BA4DB9D] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576] [PID.3264]
[MD5.B752FC4AB1F3D5048A17E1D993028998] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [1208320] [PID.3396]
[MD5.D28C5A1411BB0B47E05E0D6AAF896690] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [299008] [PID.2204] ©
[MD5.6F4483F9955DF6158FE08F2E86B62660] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Patricia\Desktop\ZHPDiag3.exe [1964544] [PID.716] ©

---\\ Google Chrome, Arranque,Pesquisa,Extensões (1) - 0s
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] [] Google Chrome manifest =>.Google Inc.

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (5) - 1s
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia.) -- C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb64] - (.GAS Tecnologia.) -- C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia.) -- C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Apple Inc..) -- C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ©
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll ©

---\\ Internet Explorer, Arranque, Pesquisa, Phishing (21) - 1s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oem.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.mundopositivo.com.br/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer

---\\ Internet Explorer, Gestão do Proxy (5) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

---\\ Análise das linhas, Carregamento Automático de programas (3) - 0s
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) ©
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) ©
F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) ©

---\\ Redireção do ficheiro Hosts (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (20)

---\\ Browser Helper Objects do navegador (1) - 0s
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll ©

---\\ Aplicações iniciadas por registo & pastas (9) - 1s
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ©
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe ©
O4 - HKLM\..\Run: [Diebold - Warsaw] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files\Diebold\Warsaw\core.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ©
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ©
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ©

---\\ Alteração Dominio/Clientes DNS (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.17 201.6.2.157
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.17 201.6.2.157
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.17 201.6.2.157

---\\ Protocolo adicional (24) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\SysWOW64\MSVidCtl.dll ©
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll ©
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll ©
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll ©
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\SysWOW64\urlmon.dll ©
O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll ©
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll ©
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll ©
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\SysWOW64\MSVidCtl.dll ©
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\SysWOW64\mshtml.dll ©
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ©
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ©
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ©
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL ©

---\\ Serviços NT não Microsoft e não desativados (9) - 1s
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe ©
O23 - Service: AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc. - AMD Fuel Service.) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe ©
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe ©
O23 - Service: Battery Manager Service (BatteryManagerSrv) . (.Positivo Informática S.A - Battery Power Service.) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ©
O23 - Service: (MBAMService) . (.Malwarebytes - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe ©
O23 - Service: (PowerBiosServer) . (.Copyright (C) 2008 - PowerBiosServer.) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) - C:\Program Files\Diebold\Warsaw\core.exe

---\\ Listagem dos dados do BootExecute (1) - 0s
O34 - HKLM BootExecute: (sdnclean64.exe)

---\\ Tarefas planificadas automaticamente (12) - 3s
[MD5.8C194A201698B4B4F77D974549819D1F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269000] ©
[MD5.DB1654ADB276501C44DB0FE5E8A0841D] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [4613912] ©
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] ©
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] ©
[MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [Apple\AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984] ©
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902] ©
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1066] ©
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1070] ©
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3840] ©
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2778] ©
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3814] ©
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [4066] ©

---\\ Software instalados (53) - 22s
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner ©
O42 - Logiciel: Software para Impressoras EPSON - (...) [HKLM][64Bits] -- EPSON Printer and Utilities
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM][64Bits] -- Microsoft Security Client ©
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey ©
O42 - Logiciel: Warsaw 1.7.0.10188 64 bits - (.GAS Tecnologia.) [HKLM][64Bits] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C} ©
O42 - Logiciel: AMD APP SDK Runtime - (.Advanced Micro Devices Inc..) [HKLM][64Bits] -- {503F672D-6C84-448A-8F8F-4BC35AC83441} ©
O42 - Logiciel: AMD Catalyst Install Manager - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {622AAD48-8809-A67D-68F2-776DDEA64D27} ©
O42 - Logiciel: AMD Media Foundation Decoders - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {781340EA-2696-75E5-ACD8-45BCBE3E582B} ©
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} ©
O42 - Logiciel: Positivo Áudio - (.Positivo Informática S.A..) [HKLM][64Bits] -- {D00FA097-5115-400D-84AD-4ADEF3EBDB5E}_is1
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM][64Bits] -- {D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6} ©
O42 - Logiciel: Gerenciador de Inicialização Positivo - (.Positivo Informática S.A..) [HKLM][64Bits] -- {E365D4D7-BD51-4A7F-8ECA-0B6C0C42D3CF}_is1
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {F73A118B-8271-47E2-8790-0C636B2539C5} ©
O42 - Logiciel: Adobe Flash Player 19 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX ©
O42 - Logiciel: Chuzzle Deluxe (remove only) - (...) [HKLM][64Bits] -- Chuzzle Deluxe
O42 - Logiciel: Delicious - Emily's Childhood Memories Premium Edition (remove only) - (...) [HKLM][64Bits] -- Delicious - Emily's Childhood Memories Premium Edition
O42 - Logiciel: Dia (remover apenas) - (...) [HKLM][64Bits] -- Dia
O42 - Logiciel: EPSON Scan - (...) [HKLM][64Bits] -- EPSON Scanner
O42 - Logiciel: Foxit Reader - (.Foxit Corporation.) [HKLM][64Bits] -- Foxit Reader_is1 ©
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome ©
O42 - Logiciel: Hotkey 3.3043 - (.NoteBook.) [HKLM][64Bits] -- InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A} ©
O42 - Logiciel: Malwarebytes Anti-Malware versão 2.2.0.1024 - (.Malwarebytes.) [HKLM][64Bits] -- Malwarebytes Anti-Malware_is1 ©
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM][64Bits] -- Picasa 3 ©
O42 - Logiciel: VLC media player 2.0.2 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player ©
O42 - Logiciel: Hotkey 3.3043 - (.NoteBook.) [HKLM][64Bits] -- {164714B6-46BC-4649-9A30-A6ED32F03B5A} ©
O42 - Logiciel: Warsaw 1.3.1 - (.GAS Tecnologia.) [HKLM][64Bits] -- {20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1
O42 - Logiciel: JMicron Flash Media Controller Driver - (.JMicron Technology Corp..) [HKLM][64Bits] -- {26604C7E-A313-4D12-867F-7C6E7820BE4C} ©
O42 - Logiciel: Java 8 Update 31 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83218031F0} ©
O42 - Logiciel: Microsoft XNA Framework Redistributable 4.0 - (.Microsoft Corporation.) [HKLM][64Bits] -- {2BFC7AA0-544C-4E3A-8796-67F3BE655BE9} ©
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Suporte para Aplicativos Apple - (.Apple Inc..) [HKLM][64Bits] -- {46F044A5-CE8B-4196-984E-5BD6525E361D} ©
O42 - Logiciel: Software de Cadastro Positivo 6.0 - (.Positivo Informática.) [HKLM][64Bits] -- {4A33ECF3-6AC6-4A9B-932C-4E81625423C7}_is1
O42 - Logiciel: Positivo Conecta - (.Positivo Informática S.A..) [HKLM][64Bits] -- {4F23361B-2B38-46E2-BA1A-D920F270D5FB}_is1
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {51C7AD07-C3F6-4635-8E8A-231306D810FE} ©
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ©
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} ©
O42 - Logiciel: Positivo Sincronize - (.Positivo Informática S.A..) [HKLM][64Bits] -- {6DA3261A-DCEB-401A-ABE0-A367C252B86C}_is1
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} ©
O42 - Logiciel: Catalyst Control Center - Branding - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {796FF8E0-B679-4A70-8D95-F86D3E19E4FD} ©
O42 - Logiciel: Positivo Monitora - (.Positivo Informática S.A..) [HKLM][64Bits] -- {8aaef6d0-68e7-4f99-b98d-e5ae19edbc99}_is1
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} ©
O42 - Logiciel: JMicron Ethernet Adapter NDIS Driver - (.JMicron Technology Corp..) [HKLM][64Bits] -- {96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F} ©
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {9D3D8C60-A55F-4123-B2B9-173F09590E16} ©
O42 - Logiciel: Google+ Auto Backup - (.Google.) [HKLM][64Bits] -- {A50DE037-B5C0-4C8A-8049-B0C576B313D1} ©
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ©
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} ©
O42 - Logiciel: Positivo WebCam - (.Positivo Informática S.A..) [HKLM][64Bits] -- {E11C7438-7550-4676-92CE-846CC5DA3548}_is1
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {ED5776D5-59B4-46B7-AF81-5F2D94D7C640} ©
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} ©
O42 - Logiciel: Positivo Roteador - (.Positivo Informática S.A..) [HKLM][64Bits] -- {f1cb797f-bf34-495c-bda9-efe098837651}_is1
O42 - Logiciel: Positivo Bateria - (.Positivo Informática S.A..) [HKLM][64Bits] -- {FD6F6859-2863-4ABB-87D0-A263F3E9FF45}_is1

---\\ Ponto de restauro do sistema (62) - 22s
HKLM\SOFTWARE\Wow6432Node\Adobe
HKLM\SOFTWARE\Wow6432Node\AdwCleaner
HKLM\SOFTWARE\Wow6432Node\Alawar
HKLM\SOFTWARE\Wow6432Node\AMD
HKLM\SOFTWARE\Wow6432Node\Apple Computer, Inc.
HKLM\SOFTWARE\Wow6432Node\Apple Inc.
HKLM\SOFTWARE\Wow6432Node\ATI
HKLM\SOFTWARE\Wow6432Node\ATI Technologies
HKLM\SOFTWARE\Wow6432Node\AutoHelpDesk
HKLM\SOFTWARE\Wow6432Node\Dia
HKLM\SOFTWARE\Wow6432Node\DivXNetworks
HKLM\SOFTWARE\Wow6432Node\EPSON
HKLM\SOFTWARE\Wow6432Node\Foxit Software
HKLM\SOFTWARE\Wow6432Node\Google
HKLM\SOFTWARE\Wow6432Node\Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos
HKLM\SOFTWARE\Wow6432Node\Macromedia
HKLM\SOFTWARE\Wow6432Node\Mozilla
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\ODBC
HKLM\SOFTWARE\Wow6432Node\OldTimer Tools
HKLM\SOFTWARE\Wow6432Node\Positivo Informatica
HKLM\SOFTWARE\Wow6432Node\Realtek
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited
HKLM\SOFTWARE\Wow6432Node\VideoLAN
HKLM\SOFTWARE\Wow6432Node\Wow6432Node
HKLM\SOFTWARE\Wow6432Node\Zylom Games
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc.
HKCU\SOFTWARE\ATI
HKCU\SOFTWARE\AutoHelpDesk
HKCU\SOFTWARE\EPSON
HKCU\SOFTWARE\Foxit Software
HKCU\SOFTWARE\GbAs
HKCU\SOFTWARE\GbPlugin
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\hotkey
HKCU\SOFTWARE\JavaSoft
HKCU\SOFTWARE\kde.org
HKCU\SOFTWARE\Local AppWizard-Generated Applications
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Piriform
HKCU\SOFTWARE\Positivo
HKCU\SOFTWARE\Positivo Informatica
HKCU\SOFTWARE\Positivo Informática
HKCU\SOFTWARE\QtProject
HKCU\SOFTWARE\Realtek
HKCU\SOFTWARE\Safer Networking Limited
HKCU\SOFTWARE\Synaptics
HKCU\SOFTWARE\Trolltech
HKCU\SOFTWARE\Wow6432Node
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft

---\\ Conteúdo das pastas Programs (151) - 21s
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\AMD APP
O43 - CFD: 26/09/2013 - [] D -- C:\Program Files (x86)\Apple Software Update
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Cisco
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Common Files
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Dia
O43 - CFD: 20/09/2014 - [] D -- C:\Program Files (x86)\Diebold
O43 - CFD: 21/02/2013 - [] D -- C:\Program Files (x86)\epson
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Foxit Software
O43 - CFD: 20/09/2014 - [] HD -- C:\Program Files (x86)\GAS Tecnologia
O43 - CFD: 08/11/2015 - [] AD -- C:\Program Files (x86)\GbPlugin
O43 - CFD: 06/12/2013 - [] D -- C:\Program Files (x86)\Google
O43 - CFD: 26/09/2015 - [] D -- C:\Program Files (x86)\GUMBB52.tmp
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Hotkey
O43 - CFD: 19/01/2013 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 15/10/2015 - [] D -- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 26/09/2013 - [] D -- C:\Program Files (x86)\iTunes
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Java
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\JMicron
O43 - CFD: 05/11/2015 - [] D -- C:\Program Files (x86)\Malwarebytes Anti-Malware
O43 - CFD: 03/11/2015 - [0] D -- C:\Program Files (x86)\Microsoft
O43 - CFD: 18/02/2013 - [] D -- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 15/05/2015 - [] D -- C:\Program Files (x86)\Microsoft Security Client
O43 - CFD: 25/08/2015 - [] D -- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 06/02/2013 - [] D -- C:\Program Files (x86)\Microsoft Works
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Microsoft XNA
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\MSBuild
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Positivo Informática
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Realtek
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 25/06/2014 - [] D -- C:\Program Files (x86)\Spybot - Search & Destroy 2
O43 - CFD: 19/01/2013 - [0] HD -- C:\Program Files (x86)\Temp
O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\VideoLAN
O43 - CFD: 12/07/2013 - [] D -- C:\Program Files (x86)\Windows Defender
O43 - CFD: 06/02/2012 - [] D -- C:\Program Files (x86)\Windows Live
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Mail
O43 - CFD: 14/06/2015 - [] D -- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Windows NT
O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 22/04/2014 - [] D -- C:\Program Files (x86)\Zylom Games
O43 - CFD: 19/01/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
O43 - CFD: 22/04/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia
O43 - CFD: 21/02/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
O43 - CFD: 21/02/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
O43 - CFD: 06/02/2012 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 06/02/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
O43 - CFD: 12/12/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 25/08/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
O43 - CFD: 06/12/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
O43 - CFD: 03/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Informática
O43 - CFD: 22/04/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Jogos
O43 - CFD: 25/06/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\Adobe
O43 - CFD: 19/01/2013 - [0] D -- C:\ProgramData\AlawarWrapper
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\AMD
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\Apple
O43 - CFD: 26/09/2013 - [] D -- C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 19/01/2013 - [] D -- C:\ProgramData\ATI
O43 - CFD: 19/01/2013 - [0] D -- C:\ProgramData\Audio
O43 - CFD: 05/02/2012 - [0] D -- C:\ProgramData\Audio Power
O43 - CFD: 13/05/2015 - [] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Dados de aplicativos
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Favoritos
O43 - CFD: 13/04/2015 - [] D -- C:\ProgramData\GAS Tecnologia
O43 - CFD: 08/11/2015 - [] D -- C:\ProgramData\GbPlugin
O43 - CFD: 22/04/2014 - [] D -- C:\ProgramData\Malwarebytes
O43 - CFD: 06/02/2012 - [] D -- C:\ProgramData\McAfee
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Menu Iniciar
O43 - CFD: 03/11/2015 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 14/10/2015 - [] D -- C:\ProgramData\Microsoft Help
O43 - CFD: 05/02/2012 - [0] SHD -- C:\ProgramData\Modelos
O43 - CFD: 12/12/2014 - [] D -- C:\ProgramData\Oracle
O43 - CFD: 13/05/2015 - [] D -- C:\ProgramData\Package Cache
O43 - CFD: 21/02/2013 - [] D -- C:\ProgramData\Positivo Informática
O43 - CFD: 23/04/2014 - [] D -- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 08/02/2013 - [] D -- C:\ProgramData\Sun
O43 - CFD: 19/06/2015 - [] D -- C:\ProgramData\Temp
O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 26/09/2013 - [] D -- C:\Program Files (x86)\Common Files\Apple
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Common Files\ATI Technologies
O43 - CFD: 17/05/2014 - [] D -- C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 02/02/2015 - [] D -- C:\Program Files (x86)\Common Files\Java
O43 - CFD: 06/02/2013 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\Services
O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 06/02/2013 - [] D -- C:\Program Files (x86)\Common Files\System
O43 - CFD: 19/01/2013 - [] D -- C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Adobe
O43 - CFD: 26/09/2013 - [] D -- C:\Users\Patricia\AppData\Roaming\Apple Computer
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\ATI
O43 - CFD: 11/11/2014 - [] D -- C:\Users\Patricia\AppData\Roaming\dvdcss
O43 - CFD: 12/02/2013 - [] D -- C:\Users\Patricia\AppData\Roaming\Foxit Software
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Identities
O43 - CFD: 21/02/2013 - [] D -- C:\Users\Patricia\AppData\Roaming\InstallShield
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Macromedia
O43 - CFD: 14/06/2015 - [] SD -- C:\Users\Patricia\AppData\Roaming\Microsoft
O43 - CFD: 22/04/2014 - [0] D -- C:\Users\Patricia\AppData\Roaming\Positivo
O43 - CFD: 22/04/2014 - [0] D -- C:\Users\Patricia\AppData\Roaming\Positivo Backup
O43 - CFD: 06/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Positivo Mosaico
O43 - CFD: 11/11/2014 - [] D -- C:\Users\Patricia\AppData\Roaming\vlc
O43 - CFD: 08/11/2015 - [] D -- C:\Users\Patricia\AppData\Roaming\ZHP
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Local\AMD
O43 - CFD: 26/09/2013 - [] D -- C:\Users\Patricia\AppData\Local\Apple
O43 - CFD: 26/09/2013 - [] D -- C:\Users\Patricia\AppData\Local\Apple Computer
O43 - CFD: 06/02/2012 - [] D -- C:\Users\Patricia\AppData\Local\Apps
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Local\ATI
O43 - CFD: 05/02/2012 - [0] SHD -- C:\Users\Patricia\AppData\Local\Dados de aplicativos
O43 - CFD: 06/02/2013 - [0] D -- C:\Users\Patricia\AppData\Local\Deployment
O43 - CFD: 26/09/2013 - [0] D -- C:\Users\Patricia\AppData\Local\ElevatedDiagnostics
O43 - CFD: 26/08/2015 - [0] SHD -- C:\Users\Patricia\AppData\Local\EmieBrowserModeList
O43 - CFD: 26/08/2015 - [0] SHD -- C:\Users\Patricia\AppData\Local\EmieSiteList
O43 - CFD: 26/08/2015 - [0] SHD -- C:\Users\Patricia\AppData\Local\EmieUserList
O43 - CFD: 19/07/2013 - [] D -- C:\Users\Patricia\AppData\Local\GAS Tecnologia
O43 - CFD: 26/09/2015 - [] D -- C:\Users\Patricia\AppData\Local\Google
O43 - CFD: 10/07/2015 - [] D -- C:\Users\Patricia\AppData\Local\GWX
O43 - CFD: 05/02/2012 - [0] SHD -- C:\Users\Patricia\AppData\Local\Histórico
O43 - CFD: 14/06/2015 - [] D -- C:\Users\Patricia\AppData\Local\Microsoft
O43 - CFD: 06/02/2012 - [0] D -- C:\Users\Patricia\AppData\Local\Microsoft Help
O43 - CFD: 21/02/2013 - [] D -- C:\Users\Patricia\AppData\Local\Positivo
O43 - CFD: 23/01/2014 - [] D -- C:\Users\Patricia\AppData\Local\Programs
O43 - CFD: 08/11/2015 - [] D -- C:\Users\Patricia\AppData\Local\Temp
O43 - CFD: 05/02/2012 - [0] SHD -- C:\Users\Patricia\AppData\Local\Temporary Internet Files
O43 - CFD: 05/02/2012 - [0] D -- C:\Users\Patricia\AppData\Local\VirtualStore
O43 - CFD: 14/07/2009 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 15/10/2015 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 05/02/2012 - [] D -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
O43 - CFD: 23/01/2014 - [] D -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 14/07/2009 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 15/10/2015 - [] RD -- C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

---\\ Softwares de proteçao do sistema (Supérfluo) (2) - 0s
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - DLL de Extensão do Shell do Armazenamento A.) -- C:\Windows\System32\EhStorShell.dll ©
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Extensões do Shell para compartilhamento.) -- C:\Windows\System32\ntshrui.dll ©

---\\ Enumeração das chaves StartupReg (4) - 1s
O53 - SMSR:HKLM\...\startupreg\APSDaemon [Key] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe ©
O53 - SMSR:HKLM\...\startupreg\Diebold - Warsaw [Key] . (.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files (x86)\Diebold\Warsaw\core.exe
O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe ©
O53 - SMSR:HKLM\...\startupreg\StartUpManagerPositivo [Key] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe

---\\ Lista dos drivers do sistema (62) - 3s
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440] ©
O58 - SDL:2010/02/18 09:18:24 A . (.Advanced Micro Devices - AMD IO Driver.) -- C:\Windows\System32\drivers\amdiox64.sys [46136] ©
O58 - SDL:2011/07/06 19:37:46 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904] ©
O58 - SDL:2009/07/13 23:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128] ©
O58 - SDL:2011/07/06 19:37:46 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008] ©
O58 - SDL:2011/10/28 09:41:26 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amd_sata.sys [80512] ©
O58 - SDL:2011/10/28 09:41:28 A . (.Advanced Micro Devices - Stor Filter Driver.) -- C:\Windows\System32\drivers\amd_xata.sys [42624] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632] ©
O58 - SDL:2009/07/13 23:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856] ©
O58 - SDL:2011/12/05 04:47:30 A . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\Windows\System32\drivers\AtihdW76.sys [95248] ©
O58 - SDL:2012/01/26 22:41:34 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\System32\drivers\atikmdag.sys [10721280] ©
O58 - SDL:2012/01/26 21:06:00 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\System32\drivers\atikmpag.sys [327168] ©
O58 - SDL:2009/06/10 18:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848] ©
O58 - SDL:2009/06/10 18:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432] ©
O58 - SDL:2009/06/10 18:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704] ©
O58 - SDL:2009/07/13 23:19:07 A . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720] ©
O58 - SDL:2009/06/10 18:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104] ©
O58 - SDL:2009/06/10 18:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976] ©
O58 - SDL:2009/06/10 18:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720] ©
O58 - SDL:2009/06/10 18:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480] ©
O58 - SDL:2009/07/13 23:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488] ©
O58 - SDL:2009/07/13 23:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496] ©
O58 - SDL:2009/06/10 18:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016] ©
O58 - SDL:2015/11/08 17:03:27 A . (.GAS Tecnologia - GAS Tecnologia - FAC.) -- C:\Windows\System32\drivers\gbpddfac64.sys [28888]
O58 - SDL:2012/08/21 14:01:20 A . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys [33240] ©
O58 - SDL:2009/06/10 18:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232] ©
O58 - SDL:2010/11/21 01:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720] ©
O58 - SDL:2011/07/06 19:37:46 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496] ©
O58 - SDL:2009/07/13 23:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112] ©
O58 - SDL:2011/06/23 01:26:28 A . (.JMicron Technology Corporation - JMicron PCIe Flash Media Controller Driver.) -- C:\Windows\System32\drivers\jmcr.sys [174680] ©
O58 - SDL:2011/01/14 19:24:56 A . (.JMicron Technology Corp. - JMicron NDIS6.20 Driver.) -- C:\Windows\System32\drivers\JME.sys [132624] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776] ©
O58 - SDL:2015/10/05 09:50:06 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [25816] ©
O58 - SDL:2015/10/05 09:50:10 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) -- C:\Windows\System32\drivers\mbamchameleon.sys [109272] ©
O58 - SDL:2015/11/05 14:42:31 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392] ©
O58 - SDL:2009/07/13 23:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736] ©
O58 - SDL:2015/10/05 09:50:18 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) -- C:\Windows\System32\drivers\mwac.sys [63704] ©
O58 - SDL:2009/07/13 23:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264] ©
O58 - SDL:2011/07/06 19:37:46 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352] ©
O58 - SDL:2011/07/06 19:37:46 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272] ©
O58 - SDL:2012/03/06 10:27:02 A . (.Positivo Informática S.A. - Kernel-mode WDM driver.) -- C:\Windows\System32\drivers\pad.sys [69520]
O58 - SDL:2009/07/13 23:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816] ©
O58 - SDL:2009/07/13 23:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592] ©
O58 - SDL:2011/01/05 01:51:16 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RTKVHD64.sys [2697448] ©
O58 - SDL:2011/12/22 00:04:10 A . (.Realtek Semiconductor Corporation - Realtek RTL81892CE NDIS Driverr.) -- C:\Windows\System32\drivers\rtl8192ce.sys [876136] ©
O58 - SDL:2009/06/10 18:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] ©
O58 - SDL:2009/07/13 23:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584] ©
O58 - SDL:2009/07/13 23:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464] ©
O58 - SDL:2009/07/13 23:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656] ©
O58 - SDL:2010/02/10 17:32:00 A . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\Windows\System32\drivers\SynTP.sys [316464] ©
O58 - SDL:2012/12/13 15:50:36 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\drivers\usbaapl64.sys [54784] ©
O58 - SDL:2009/07/13 23:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488] ©
O58 - SDL:2009/07/13 23:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872] ©
O58 - SDL:2015/11/05 13:44:03 A . (.Basil - WinDivert (web: http://reqrypt.org/windiver.) -- C:\Windows\System32\WinDivert64.sys [38104]
O58 - SDL:2015/11/08 17:06:47 A . (.GAS Tecnologia - GAS Tecnologia - FAC.) -- C:\Windows\System32\drivers\gbpddfac64.sys [28888]

---\\ Últimos ficheiros alterados ou criados (Utilizador) (2) - 3s
O61 - LFC: 2015/11/08 15:38:33 A . (..) -- C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [674082]
O61 - LFC: 2015/11/08 15:37:13 A . (..) -- C:\Users\Patricia\AppData\Local\ATI\ACE\Manifest.Bin [30466]

---\\ Associações Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe ©
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos.) -- C:\Windows\System32\eventvwr.exe ©
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ©
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe ©
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe ©
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Menu de inicialização Internet (8) - 1s
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ©
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe ©
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe ©
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ©
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe ©

---\\ Pesquisa de infeção nos navegadores da Internet (2) - 0s
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com/
O69 - SBI: SearchScopes [HKCU] {D4A7713C-8FD5-43B4-9BE8-48F0F1C27D6C} - (Google) - http://www.google.com/

---\\ Listagem dos serviços iniciados pelo Svchost (32) - 0s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [72192] ©
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [80384] ©
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [80384] ©
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236032] ©
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [777728] ©
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\IKEEXT.DLL [859648] ©
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\audiosrv.dll [680960] ©
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acess.) -- C:\Windows\System32\rasauto.dll [99328] ©
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [344064] ©
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [97792] ©
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistem.) -- C:\Windows\System32\Sens.dll [64512] ©
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [359424] ©
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windo.) -- C:\Windows\System32\tapisrv.dll [316928] ©
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor.) -- C:\Windows\System32\termsrv.dll [683520] ©
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2607104] ©
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de pla.) -- C:\Windows\System32\qmgr.dll [849920] ©
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [370688] ©
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em u.) -- C:\Windows\System32\iphlpsvc.dll [569344] ©
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\System32\seclogon.dll [30720] ©
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [70656] ©
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672] ©
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [67584] ©
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688] ©
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho.) -- C:\Windows\System32\SessEnv.dll [121856] ©
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [136704] ©
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [111104] ©
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [1110016] ©
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\KMSVC.DLL [90624] ©
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [84480] ©
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [210432] ©
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [44544] ©
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [100864] ©

---\\ Lista das exceções do FireWall (FirewallRules) (1) - 2s
O87 - FAEL: "{099C39BC-9B03-432F-88EC-795A11988F01}" [In-None-P17-TRUE] .(.GAS Tecnologia LTDA - GAS Tecnologia - Core.) -- C:\Program Files (x86)\Diebold\Warsaw\core.exe

---\\ Serviços não Microsoft (SR=Executados, SS=Parados) (14) - 34s

SS - Demand [28/10/2015] [ 269000] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ©
SR - Auto [26/01/2012] [ 235520] (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe ©
SR - Auto [27/01/2012] [ 361984] AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe ©
SR - Auto [07/09/2013] [ 55624] Apple Mobile Device (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe ©
SR - Auto [20/03/2012] [ 45056] Battery Manager Service (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - Auto [12/08/2015] [ 587576] Gbp Service (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SS - Auto [01/09/2015] [ 144200] Serviço do Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ©
SS - Demand [01/09/2015] [ 144200] Serviço do Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ©
SS - Demand [09/05/2011] [ 136120] Google Updater Service (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe ©
SS - Demand [18/09/2013] [ 641352] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe ©
SS - Auto [05/10/2015] [ 1135416] (MBAMService) . (.Malwarebytes.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe ©
SR - Auto [15/02/2011] [ 33792] (PowerBiosServer) . (.Copyright (C) 2008.) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
SR - Auto [24/06/2015] [ 858424] Warsaw Technology (Warsaw Technology) . (.GAS Tecnologia LTDA.) - C:\Program Files\Diebold\Warsaw\core.exe

---\\ Scâner Aditional (1) - 0s
~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Informações complémentaires do módulos (1) - 0s
~ Nenhum ítem malicioso o desnecessários foi encontrado.

~ End of the scan, 68310 items in 132 seconds (617)(0)

caedurodrigues · 08/11/2015

Boa noite Nascar,

Baixe:<> <(...by Farbar)>
Ou aqui:<Farbar Recovery Scan Tool 64-bits>
Salve-a na Área de trabalho !
Execute a ferramenta ! Clique "Yes" >> "Scan".
Verifique se as caixinhas em "Whitelist" estão assinaladas.
Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
Marque também a checkbox 90 Days Files
Será gerado o relatório! (FRST.txt)
Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
Acesse: <>
Ou acesse:<>
Maiores informações:<Link> << Hospedagem !

ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.

J. Augusto F · 09/11/2015

caedurodrigues disse:
Boa noite Nascar,

Baixe:<> <(...by Farbar)>

Ou aqui:<Farbar Recovery Scan Tool 64-bits>

Salve-a na Área de trabalho !

Execute a ferramenta ! Clique "Yes" >> "Scan".

Verifique se as caixinhas em "Whitelist" estão assinaladas.

Em "Optional Scan",deixe marcada a checkbox "Addition.txt".

Marque também a checkbox 90 Days Files

Será gerado o relatório! (FRST.txt)

Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.

Acesse: <>

Ou acesse:<>

Maiores informações:<Link> << Hospedagem !

ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.

Seguem os 2 relatórios:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Patricia (administrator) on PATRICIA-PC (09-11-2015 10:21:52)
Running from C:\Users\Patricia\Desktop
Loaded Profiles: Patricia (Available Profiles: Patricia)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Positivo Informática S.A) C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Positivo Informática S.A) C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-02-10] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-24] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-27] (Advanced Micro Devices, Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1896320 2015-08-19] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2013-01-19]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{67F5889B-7210-4918-B79A-EE531F2974B2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-225334934-1356361207-3847351400-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-225334934-1356361207-3847351400-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem.msn.com
HKU\S-1-5-21-225334934-1356361207-3847351400-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.mundopositivo.com.br/?utm_source=PC&utm_medium=browser&utm_campaign=urldefault
HKU\S-1-5-21-225334934-1356361207-3847351400-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-225334934-1356361207-3847351400-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-225334934-1356361207-3847351400-1001 -> DefaultScope {6E9BF101-C31E-4C84-811E-B6B087A7BD33} URL =
SearchScopes: HKU\S-1-5-21-225334934-1356361207-3847351400-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-225334934-1356361207-3847351400-1001 -> {6E9BF101-C31E-4C84-811E-B6B087A7BD33} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-08-19] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-09-09] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-06-06] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-06-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-225334934-1356361207-3847351400-1001: gastecnologia.com.br/sf/bb -> C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-225334934-1356361207-3847351400-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-225334934-1356361207-3847351400-1001: gastecnologia.com.br/sf/uni -> C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-08-29] (GAS Tecnologia)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Profile: C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-01-27] (Advanced Micro Devices, Inc.) [File not signed]
R2 BatteryManagerSrv; C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056 2012-03-20] (Positivo Informática S.A) [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-12] (GAS Tecnologia)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33792 2011-02-15] () [File not signed]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-24] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2015-11-09] (GAS Tecnologia)
R1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-08-26] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 PositivoAudioDriverWdm; C:\Windows\System32\DRIVERS\pad.sys [69520 2012-03-06] (Positivo Informática S.A.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 10:21 - 2015-11-09 10:22 - 00013537 _____ C:\Users\Patricia\Desktop\FRST.txt
2015-11-09 10:20 - 2015-11-09 10:22 - 00000000 ____D C:\FRST
2015-11-09 10:18 - 2015-11-09 10:18 - 02198528 _____ (Farbar) C:\Users\Patricia\Desktop\FRST64.exe
2015-11-08 17:04 - 2015-11-08 17:07 - 00066375 _____ C:\Users\Patricia\Desktop\ZHPDiag.txt
2015-11-08 16:57 - 2015-11-08 16:57 - 01966592 _____ C:\Users\Patricia\ZHPDiag3.exe
2015-11-05 16:58 - 2015-11-05 16:58 - 00001290 _____ C:\Users\Patricia\Desktop\Malwarebytes.txt
2015-11-05 13:50 - 2015-11-05 13:50 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-05 13:50 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-05 13:50 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-05 13:50 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-05 13:44 - 2015-11-05 13:44 - 00038104 _____ (Basil) C:\Windows\system32\WinDivert64.sys
2015-11-05 13:43 - 2015-11-05 13:47 - 22908888 _____ (Malwarebytes ) C:\Users\Patricia\Documents\mbam-setup-2.2.0.1024.exe
2015-11-05 10:59 - 2015-11-05 11:02 - 00000000 ____D C:\AdwCleaner
2015-11-05 10:58 - 2015-11-05 10:58 - 01713664 _____ C:\Users\Patricia\Desktop\AdwCleaner.exe
2015-11-05 10:52 - 2015-11-05 10:52 - 00004297 _____ C:\Users\Patricia\Desktop\ZHPCleaner.txt
2015-11-05 10:35 - 2015-11-05 10:35 - 01873408 _____ C:\Users\Patricia\Desktop\ZHPCleaner.exe
2015-11-05 10:35 - 2015-11-05 10:35 - 00000795 _____ C:\Users\Patricia\Desktop\ZHPCleaner.lnk
2015-11-05 09:09 - 2015-11-08 17:05 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\ZHP
2015-11-05 09:09 - 2015-11-08 17:01 - 00000785 _____ C:\Users\Patricia\Desktop\ZHPDiag.lnk
2015-11-05 09:05 - 2015-11-05 09:05 - 01964544 _____ C:\Users\Patricia\Desktop\ZHPDiag3.exe
2015-11-02 22:46 - 2015-11-02 22:46 - 00124326 _____ C:\Users\Patricia\Desktop\OTL.Txt
2015-11-02 18:03 - 2015-11-02 18:04 - 00602112 _____ (OldTimer Tools) C:\Users\Patricia\Desktop\OTL.exe
2015-11-02 17:15 - 2015-09-14 17:45 - 03210240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-02 17:15 - 2015-08-05 15:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-11-02 17:15 - 2015-08-05 15:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-10-28 14:12 - 2015-09-18 17:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-28 14:12 - 2015-09-18 17:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-28 14:12 - 2015-09-18 17:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-28 14:12 - 2015-09-18 17:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-28 14:12 - 2015-09-18 17:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-28 14:12 - 2015-09-18 17:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-28 14:12 - 2015-09-18 17:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-13 22:53 - 2015-09-25 16:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 22:53 - 2015-09-25 16:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 22:53 - 2015-09-25 16:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 22:53 - 2015-09-25 16:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 22:53 - 2015-09-25 16:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 22:53 - 2015-09-25 16:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 22:53 - 2015-09-25 16:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 22:53 - 2015-09-25 16:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 22:53 - 2015-09-25 16:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 22:53 - 2015-09-25 16:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 22:53 - 2015-09-25 16:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 22:53 - 2015-09-25 15:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 22:53 - 2015-09-25 15:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 22:53 - 2015-09-25 15:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 22:53 - 2015-09-25 15:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-13 22:53 - 2015-09-25 15:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 22:53 - 2015-08-06 16:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 22:53 - 2015-08-06 16:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 22:53 - 2015-08-06 15:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 22:53 - 2015-08-06 15:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 22:52 - 2015-09-18 17:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 22:52 - 2015-09-18 16:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 22:52 - 2015-09-16 02:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 22:52 - 2015-09-16 02:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 22:52 - 2015-09-16 02:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 22:52 - 2015-09-16 02:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 22:52 - 2015-09-16 02:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 22:52 - 2015-09-16 02:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 22:52 - 2015-09-16 02:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 22:52 - 2015-09-16 02:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 22:52 - 2015-09-16 02:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 22:52 - 2015-09-16 02:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 22:52 - 2015-09-16 02:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 22:52 - 2015-09-16 02:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 22:52 - 2015-09-16 02:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 22:52 - 2015-09-16 02:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 22:52 - 2015-09-16 02:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 22:52 - 2015-09-16 02:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 22:52 - 2015-09-16 02:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 22:52 - 2015-09-16 01:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 22:52 - 2015-09-16 01:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 22:52 - 2015-09-16 01:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 22:52 - 2015-09-16 01:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 22:52 - 2015-09-16 01:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 22:52 - 2015-09-16 01:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 22:52 - 2015-09-16 01:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 22:52 - 2015-09-16 01:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 22:52 - 2015-09-16 01:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 22:52 - 2015-09-16 01:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 22:52 - 2015-09-16 01:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 22:52 - 2015-09-16 01:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 22:52 - 2015-09-16 01:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 22:52 - 2015-09-16 01:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 22:52 - 2015-09-16 01:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 22:52 - 2015-09-16 01:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 22:52 - 2015-09-16 01:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 22:52 - 2015-09-16 01:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 22:52 - 2015-09-16 01:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 22:52 - 2015-09-16 01:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 22:52 - 2015-09-16 01:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 22:52 - 2015-09-16 01:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 22:52 - 2015-09-16 01:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 22:52 - 2015-09-16 01:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 22:52 - 2015-09-16 01:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 22:52 - 2015-09-16 01:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 22:52 - 2015-09-16 01:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 22:52 - 2015-09-16 01:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 22:52 - 2015-09-16 01:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 22:52 - 2015-09-16 01:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 22:52 - 2015-09-16 01:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 22:52 - 2015-09-16 01:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 22:52 - 2015-09-16 01:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 22:52 - 2015-09-16 00:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 22:52 - 2015-09-16 00:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 22:52 - 2015-09-16 00:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 22:52 - 2015-09-16 00:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 22:52 - 2015-09-16 00:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 22:52 - 2015-09-16 00:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 22:52 - 2015-09-16 00:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 22:52 - 2015-09-16 00:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 22:52 - 2015-09-16 00:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 22:52 - 2015-09-16 00:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 22:51 - 2015-09-16 02:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 22:51 - 2015-09-16 01:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 22:48 - 2015-09-29 01:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 22:48 - 2015-09-29 01:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 22:48 - 2015-09-29 01:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 22:48 - 2015-09-29 01:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 22:48 - 2015-09-29 01:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 22:48 - 2015-09-29 01:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 22:48 - 2015-09-29 01:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 22:48 - 2015-09-29 01:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 22:48 - 2015-09-29 01:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 22:48 - 2015-09-29 01:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 22:48 - 2015-09-29 01:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 22:48 - 2015-09-29 01:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 22:48 - 2015-09-29 01:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 22:48 - 2015-09-29 01:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 22:48 - 2015-09-29 01:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 22:48 - 2015-09-29 01:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 22:48 - 2015-09-29 01:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 22:48 - 2015-09-29 01:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 22:48 - 2015-09-29 01:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 22:48 - 2015-09-29 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 22:48 - 2015-09-29 01:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 22:48 - 2015-09-29 01:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 22:48 - 2015-09-29 01:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 22:48 - 2015-09-29 01:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 22:48 - 2015-09-29 01:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 22:48 - 2015-09-29 01:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 22:48 - 2015-09-29 01:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 22:48 - 2015-09-29 01:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 01:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 22:48 - 2015-09-29 00:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 22:48 - 2015-09-29 00:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 22:48 - 2015-09-29 00:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 22:48 - 2015-09-29 00:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 22:48 - 2015-09-29 00:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 22:48 - 2015-09-29 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 22:48 - 2015-09-29 00:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 22:48 - 2015-09-29 00:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 22:48 - 2015-09-29 00:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 22:48 - 2015-09-29 00:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 22:48 - 2015-09-29 00:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 22:48 - 2015-09-29 00:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 22:48 - 2015-09-29 00:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 22:48 - 2015-09-29 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 22:48 - 2015-09-29 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 22:48 - 2015-09-29 00:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 22:48 - 2015-09-28 23:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 22:48 - 2015-09-28 23:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 22:48 - 2015-09-28 23:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 22:48 - 2015-09-28 23:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 22:48 - 2015-09-28 23:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-13 22:48 - 2015-09-28 23:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 22:48 - 2015-09-28 23:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 22:48 - 2015-09-28 23:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 22:48 - 2015-09-28 23:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 22:48 - 2015-09-15 16:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 22:48 - 2015-09-15 16:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 22:48 - 2015-09-15 16:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 22:48 - 2015-09-15 16:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 22:48 - 2015-09-15 16:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 22:48 - 2015-09-15 16:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 22:48 - 2015-09-15 16:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 22:48 - 2015-09-15 16:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 22:48 - 2015-09-15 16:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 22:48 - 2015-09-15 15:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 22:48 - 2015-09-15 15:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 22:48 - 2015-09-15 15:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 22:48 - 2015-09-15 15:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 22:46 - 2015-10-01 16:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 22:46 - 2015-10-01 16:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 22:46 - 2015-10-01 16:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 22:46 - 2015-10-01 16:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 22:46 - 2015-10-01 16:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 22:46 - 2015-10-01 16:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 22:46 - 2015-10-01 16:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 22:46 - 2015-10-01 15:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 22:45 - 2015-10-01 15:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 22:43 - 2015-07-18 11:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 22:43 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-12 05:24 - 2015-10-12 05:24 - 00000000 _____ C:\Users\Patricia\Desktop\ppt71D.tmp
2015-10-11 11:54 - 2015-10-12 05:21 - 00802060 _____ C:\Users\Patricia\Desktop\Trabalho P3.pptx
2015-10-11 11:49 - 2015-10-11 11:49 - 00802217 _____ C:\Users\Patricia\Documents\Reunião.pptx
2015-10-10 22:55 - 2015-10-12 06:20 - 02273784 _____ C:\Users\Patricia\Desktop\Apresentação ao efetivo do 13M NI Atendimento e Registro de Ocorrências.pptx
2015-10-05 00:13 - 2015-10-05 00:17 - 00000218 ____H C:\Users\Patricia\Documents\.picasa.ini
2015-09-26 00:56 - 2015-09-26 00:57 - 00000000 ____D C:\Program Files (x86)\GUMBB52.tmp
2015-09-26 00:56 - 2015-09-26 00:56 - 06420480 _____ C:\Program Files (x86)\GUTBB53.tmp
2015-09-14 11:29 - 2015-09-14 11:29 - 00000000 ____D C:\40d3a1bdaabcd7dfeb
2015-09-08 23:36 - 2015-08-05 15:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 23:36 - 2015-08-05 15:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 23:36 - 2015-08-05 15:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 23:36 - 2015-07-15 01:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-08 23:36 - 2015-07-15 00:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-08 23:35 - 2015-07-09 15:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-08 23:35 - 2015-07-09 15:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-08 23:35 - 2015-07-09 15:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-08 23:35 - 2015-07-09 15:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-08 23:32 - 2015-07-22 22:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 23:32 - 2015-07-22 22:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 23:32 - 2015-07-22 22:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-08 23:32 - 2015-07-22 15:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-08 23:32 - 2015-07-22 15:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-08 23:32 - 2015-07-22 14:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 23:30 - 2015-08-27 16:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 23:30 - 2015-08-27 16:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 23:30 - 2015-08-27 16:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 23:30 - 2015-08-27 16:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 23:30 - 2015-08-27 15:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 23:30 - 2015-08-27 15:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 23:30 - 2015-08-27 15:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-08 23:30 - 2015-08-27 15:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-08 23:30 - 2015-06-25 08:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-08 23:30 - 2015-06-25 08:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 23:30 - 2015-06-25 08:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-08 23:30 - 2015-06-25 07:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 23:29 - 2015-09-02 01:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 23:29 - 2015-09-02 01:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 23:29 - 2015-09-02 01:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 23:29 - 2015-09-02 01:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 23:29 - 2015-09-02 00:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-08 23:29 - 2015-09-02 00:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 23:29 - 2015-09-02 00:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-08 23:29 - 2015-09-02 00:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-08 23:29 - 2015-09-01 23:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 23:29 - 2015-09-01 23:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 22:40 - 2015-11-09 10:24 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2015-09-01 22:59 - 2015-08-26 15:35 - 00028888 _____ (GAS Tecnologia) C:\Windows\SysWOW64\Drivers\gbpddfac64.sys
2015-08-25 23:06 - 2015-08-25 23:06 - 00000000 ____D C:\8a4aa4f9be2e3c12a962ac
2015-08-25 22:45 - 2015-07-30 11:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-25 22:45 - 2015-07-30 11:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-24 00:57 - 2015-08-24 00:57 - 00000000 ____D C:\188b713610d56aa447
2015-08-18 00:58 - 2015-07-16 17:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-18 00:58 - 2015-07-16 17:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-18 00:58 - 2015-07-16 17:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-18 00:58 - 2015-07-16 17:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-18 00:58 - 2015-07-16 17:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-18 00:58 - 2015-07-16 17:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-18 00:58 - 2015-07-11 11:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-18 00:57 - 2015-07-15 16:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-18 00:57 - 2015-07-15 16:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-18 00:57 - 2015-07-15 16:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-18 00:56 - 2015-07-15 01:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-18 00:52 - 2015-07-30 16:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-18 00:52 - 2015-07-30 16:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-18 00:52 - 2015-07-30 16:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-18 00:52 - 2015-07-30 15:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-18 00:52 - 2015-07-30 15:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-18 00:52 - 2015-07-09 15:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-18 00:52 - 2015-07-09 15:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-18 00:52 - 2015-07-09 15:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-18 00:52 - 2015-07-01 18:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-18 00:52 - 2015-07-01 18:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-18 00:52 - 2015-07-01 18:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-18 00:52 - 2015-07-01 18:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 10:20 - 2009-07-14 02:45 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-09 10:20 - 2009-07-14 02:45 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-09 10:15 - 2013-02-06 15:52 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-09 10:14 - 2013-05-28 22:24 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-09 10:14 - 2013-02-06 15:52 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-08 18:52 - 2012-02-06 11:19 - 01554023 _____ C:\Windows\WindowsUpdate.log
2015-11-08 17:48 - 2011-04-12 11:40 - 00706008 _____ C:\Windows\system32\prfh0416.dat
2015-11-08 17:48 - 2011-04-12 11:40 - 00147848 _____ C:\Windows\system32\prfc0416.dat
2015-11-08 17:48 - 2009-07-14 03:13 - 01635826 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-08 16:57 - 2012-02-05 16:14 - 00000000 ____D C:\Users\Patricia
2015-11-08 15:49 - 2013-07-19 10:58 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2015-11-08 15:49 - 2013-07-19 10:58 - 00000000 ____D C:\ProgramData\GbPlugin
2015-11-08 15:35 - 2013-07-19 10:58 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2015-11-08 15:35 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-05 14:42 - 2014-04-22 12:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-05 13:50 - 2014-04-22 15:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-03 15:30 - 2013-01-19 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Informática
2015-11-02 17:35 - 2009-07-14 02:45 - 00461936 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-02 17:19 - 2013-01-19 10:09 - 01601100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-10-29 00:35 - 2015-04-29 09:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-29 00:35 - 2014-05-08 13:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-28 23:15 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
2015-10-28 14:11 - 2013-05-28 22:24 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-28 14:11 - 2013-03-19 00:01 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-28 14:11 - 2013-03-19 00:01 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 00:33 - 2013-08-16 01:04 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 00:33 - 2013-02-06 17:12 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 00:33 - 2012-02-06 13:43 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2015-10-14 00:33 - 2012-02-06 13:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-10 22:31 - 2015-04-06 18:18 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-10 17:05 - 2009-07-14 03:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-10 11:56 - 2015-04-06 18:18 - 00000000 ___SD C:\Windows\SysWOW64\GWX

==================== Files in the root of some directories =======

2015-09-26 00:56 - 2015-09-26 00:56 - 6420480 _____ () C:\Program Files (x86)\GUTBB53.tmp
2015-06-19 00:15 - 2015-06-19 00:15 - 0016996 _____ () C:\Users\Patricia\AppData\Roaming\unins000.dat
2014-07-10 22:48 - 2014-07-10 22:48 - 0015676 _____ () C:\Users\Patricia\AppData\Roaming\unins001.dat

Files to move or delete:
====================
C:\Users\Patricia\ZHPDiag3.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-05 14:34

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Patricia (2015-11-09 10:24:43)
Running from C:\Users\Patricia\Desktop
Windows 7 Home Basic Service Pack 1 (X64) (2012-02-05 18:14:53)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-225334934-1356361207-3847351400-500 - Administrator - Disabled)
Convidado (S-1-5-21-225334934-1356361207-3847351400-501 - Limited - Disabled)
Patricia (S-1-5-21-225334934-1356361207-3847351400-1001 - Administrator - Enabled) => C:\Users\Patricia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{622AAD48-8809-A67D-68F2-776DDEA64D27}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_PROPLUS_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_PROPLUS_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_PROPLUS_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_PROPLUS_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Chuzzle Deluxe (remove only) (HKLM-x32\...\Chuzzle Deluxe) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious - Emily's Childhood Memories Premium Edition (remove only) (HKLM-x32\...\Delicious - Emily's Childhood Memories Premium Edition) (Version: - )
Dia (remover apenas) (HKLM-x32\...\Dia) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.3.1.606 - Foxit Corporation)
Gerenciador de Inicialização Positivo (HKLM\...\{E365D4D7-BD51-4A7F-8ECA-0B6C0C42D3CF}_is1) (Version: 1.0.16.1 - Positivo Informática S.A.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.8.0.1 - )
Hotkey 3.3043 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 3.3043 - NoteBook)
Hotkey 3.3043 (x32 Version: 3.3043 - NoteBook) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.26.6 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.62.0 - JMicron Technology Corp.)
Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Módulo de Segurança - Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.1.2 - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Positivo Áudio (HKLM\...\{D00FA097-5115-400D-84AD-4ADEF3EBDB5E}_is1) (Version: 1.4.1.0 - Positivo Informática S.A.)
Positivo Bateria (HKLM-x32\...\{FD6F6859-2863-4ABB-87D0-A263F3E9FF45}_is1) (Version: 1.4.4.0 - Positivo Informática S.A.)
Positivo Conecta (HKLM-x32\...\{4F23361B-2B38-46E2-BA1A-D920F270D5FB}_is1) (Version: 1.3.18.0 - Positivo Informática S.A.)
Positivo Monitora (HKLM-x32\...\{8aaef6d0-68e7-4f99-b98d-e5ae19edbc99}_is1) (Version: 1.0.4.0 - Positivo Informática S.A.)
Positivo Roteador (HKLM-x32\...\{f1cb797f-bf34-495c-bda9-efe098837651}_is1) (Version: 1.1.0.1 - Positivo Informática S.A.)
Positivo Sincronize (HKLM-x32\...\{6DA3261A-DCEB-401A-ABE0-A367C252B86C}_is1) (Version: 1.5.3.0 - Positivo Informática S.A.)
Positivo WebCam (HKLM-x32\...\{E11C7438-7550-4676-92CE-846CC5DA3548}_is1) (Version: 1.5.2.2 - Positivo Informática S.A.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0174 - REALTEK Semiconductor Corp.)
Software de Cadastro Positivo 6.0 (HKLM-x32\...\{4A33ECF3-6AC6-4A9B-932C-4E81625423C7}_is1) (Version: 6.0.0.0 - Positivo Informática)
Software para Impressoras EPSON (HKLM\...\EPSON Printer and Utilities) (Version: - )
Suporte para Aplicativos Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Warsaw 1.3.1 (HKLM-x32\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)
Warsaw 1.7.0.10188 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.7.0.10188 - GAS Tecnologia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-225334934-1356361207-3847351400-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-225334934-1356361207-3847351400-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-225334934-1356361207-3847351400-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-225334934-1356361207-3847351400-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Patricia\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 00:34 - 2015-02-23 01:00 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C870E49-5063-4EBE-8F54-D6A34B3278A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {4B1D0CF9-D415-4E11-A82E-2D2A9AF57D1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {87502704-9DEA-474F-9B22-278CD0D1094A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C139CCF6-5914-433B-A5C0-390A907F7C52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {CF3EA71F-BE93-4F22-A6E8-94023A163B88} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-01-27 08:02 - 2012-01-27 08:02 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-08-25 15:00 - 2011-08-25 15:00 - 03080192 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2011-02-15 17:16 - 2011-02-15 17:16 - 00033792 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2012-01-27 08:01 - 2012-01-27 08:01 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-01-27 08:11 - 2012-01-27 08:11 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-06-06 14:50 - 2009-06-06 14:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Windows\System32

68F87F3_Bb.gbp
AlternateDataStreams: C:\Windows\System32

68F87F3_Uni.gbp
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\bancobrasil.com.br -> hxxps://www14.bancobrasil.com.br
IE trusted site: HKU\.DEFAULT\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\.DEFAULT\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\.DEFAULT\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
IE trusted site: HKU\S-1-5-21-225334934-1356361207-3847351400-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-225334934-1356361207-3847351400-1001\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\S-1-5-21-225334934-1356361207-3847351400-1001\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-225334934-1356361207-3847351400-1001\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-225334934-1356361207-3847351400-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-225334934-1356361207-3847351400-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Assistente para criação de disco de recuperação.lnk => C:\Windows\pss\Assistente para criação de disco de recuperação.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Diebold - Warsaw => C:\Program Files (x86)\Diebold\Warsaw\core.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: StartUpManagerPositivo => C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B986B7F7-C2FA-4331-A8C9-678B0AED0D4F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{071195BE-3FB3-4712-9D49-95463794C636}] => (Allow) LPort=2869
FirewallRules: [{ED762D0A-2761-4C8B-9B5E-C25EA148568A}] => (Allow) LPort=1900
FirewallRules: [{03F94E01-8E0C-4A1B-991E-869AEF6E77DE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C989A796-8AFD-4D8A-9A8A-C8E1455F8DC6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{93D2664A-DFFD-4379-B298-027BB0431E37}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{099C39BC-9B03-432F-88EC-795A11988F01}] => (Allow) C:\Program Files (x86)\Diebold\Warsaw\core.exe
FirewallRules: [{FAAF9FE5-A412-47DC-818B-947E1CF6A9C7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2015 10:24:47 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x80070422, O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
.

Operação:
Instanciando servidor VSS

Error: (11/09/2015 10:24:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} e nome IVssCoordinatorEx2. [0x80070422, O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
]

Operação:
Instanciando servidor VSS

Error: (11/08/2015 03:49:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\svchost.exe -k netsvcs; Descrição = Windows Update; Erro = 0x80042302).

Error: (11/08/2015 03:49:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x80070422, O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
.

Error: (11/08/2015 03:49:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} e nome Coordinator. [0x80070422, O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
]

Error: (11/08/2015 03:36:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2015 11:04:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2015 10:24:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/05/2015 09:13:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\svchost.exe -k netsvcs; Descrição = Windows Update; Erro = 0x80042302).

Error: (11/05/2015 09:13:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x80070422, O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
.

System errors:
=============
Error: (11/08/2015 03:38:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}

Error: (11/08/2015 03:34:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\Windows\system32\Rtlihvs.dll
Código de Erro: 126

Error: (11/05/2015 12:42:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço Wlansvc.

Error: (11/05/2015 11:05:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}

Error: (11/05/2015 11:03:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORIDADE NT)
Description: Falha na inicialização do Módulo de Extensibilidade de WLAN.

Caminho do Módulo: C:\Windows\system32\Rtlihvs.dll
Código de Erro: 126

Error: (11/05/2015 11:02:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.

Error: (11/05/2015 11:02:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Presentation Foundation Font Cache 3.0.0.0 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

Error: (11/05/2015 11:02:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Live ID Sign-in Assistant foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (11/05/2015 11:02:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Warsaw Technology foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (11/05/2015 11:02:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço PowerBiosServer foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço.

==================== Memory info ===========================

Processor: AMD C-60 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 33%
Total physical RAM: 3692 MB
Available physical RAM: 2463.79 MB
Total Virtual: 7382.2 MB
Available Virtual: 5789.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:205.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 42967AC1)
Partition 1: (Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=288.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

caedurodrigues · 09/11/2015

Boa tarde NascarBR,

Copie estas informações que estão em vermelho,para o Bloco de Notas.
Salve-a com o nome fixlist.txt
Salve-a no mesmo local em que se encontra a FRST

start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-225334934-1356361207-3847351400-1001 -> DefaultScope {6E9BF101-C31E-4C84-811E-B6B087A7BD33} URL =
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
Poste o relatório! (Fixlog.txt)

Um grande abraço.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

J. Augusto F · 09/11/2015

caedurodrigues disse:
Boa tarde NascarBR,

Copie estas informações que estão em vermelho,para o Bloco de Notas.

Salve-a com o nome fixlist.txt

Salve-a no mesmo local em que se encontra a FRST

start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-225334934-1356361207-3847351400-1001 -> DefaultScope {6E9BF101-C31E-4C84-811E-B6B087A7BD33} URL =
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end

Execute FRST/FRST64 >> Clique "Fix". << Aguarde!

Poste o relatório! (Fixlog.txt)

Um grande abraço.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Patricia (2015-11-09 14:41:21) Run:1
Running from C:\Users\Patricia\Desktop
Loaded Profiles: Patricia (Available Profiles: Patricia)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-225334934-1356361207-3847351400-1001 -> DefaultScope {6E9BF101-C31E-4C84-811E-B6B087A7BD33} URL =
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-225334934-1356361207-3847351400-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {6F7B606F-07D5-42D6-A5D7-466EF478DB3F}.
Unable to cancel {D86DF361-BC51-4FA6-BBE0-C2B9DE43F197}.
0 out of 2 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Configurao de IP do Windows

Liberao do Cache do DNS Resolver bem-sucedida.

========= End of CMD: =========

EmptyTemp: => 51.5 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 14:41:34 ====

caedurodrigues · 09/11/2015

Boa tarde Nascar, quero dar uma olha em um serviço do windows. Segundo o fixlog, existe um problema com a restauração do sistema.

Baixe: <> <(...by Farbar)>
Salve-a na Área de trabalho
Para Windows Vista ou 7, execute "FSS.exe" como administrador
Marque as caixas conforme a imagem !
Clique em "Scan" e aguarde o término !
Poste o relatório ! (FSS.txt)

J. Augusto F · 09/11/2015

caedurodrigues disse:
Boa tarde Nascar, quero dar uma olha em um serviço do windows. Segundo o fixlog, existe um problema com a restauração do sistema.

Baixe: <> <(...by Farbar)>

Salve-a na Área de trabalho

Para Windows Vista ou 7, execute "FSS.exe" como administrador

Marque as caixas conforme a imagem !

Clique em "Scan" e aguarde o término !

Poste o relatório ! (FSS.txt)

Farbar Service Scanner Version: 26-07-2015
Ran by Patricia (administrator) on 09-11-2015 at 15:56:52
Running from "C:\Users\Patricia\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is set to Disabled. The default start type is 3.
The ImagePath of VSS service is OK.

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

caedurodrigues · 10/11/2015

Boa noite NascarBR, vamos tentar reparar a restauração de sistema.

Baixe:<

zoek.exe> (...by Smeenk)
Salve na sua Desktop (Área de trabalho) !
Execute o arquivo Zoek.exe.
Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
Selecione a linha em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!

resetwmi;
Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
Clique

, aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
Anexe o zoek-results.txt na sua próxima resposta.

Remoção de vírus

Hungry Member

Member

Hungry Member

Member

Hungry Member

Under the lights we stand tall

Família é tudo!!!

Member

New Member

Família é tudo!!!

Member

Família é tudo!!!

Member

Família é tudo!!!

Member

Família é tudo!!!

Member

Família é tudo!!!

Member

Família é tudo!!!

Member

Família é tudo!!!

Member

Família é tudo!!!

Member

Users who are viewing this thread