Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
RenataDV

Google Chrome redireciona sites para página do BB

Recommended Posts

Olá!

Uso o navegador Google Chrome e nos últimos dias quando acesso algumas páginas, o navegador redireciona para a página do BB (se é que é a página do BB mesmo né). Hoje aconteceu quando acessei o GoogleMaps, por exemplo.

Tenho uma licença do Kaspersky Internet Security 2012 e já rodei várias vezes a verificação completa no PC (tenho o HD compartimentado, dados no (E:) e programas e resto no (C:)), e não acusa problema algum.

Desde que isso começou evito acessar o BB (acho que acesse uma vez, e sempre acesso o BB pelo Internet Explorer, o qual uso quase que exclusivamente pra isso, então não notei se o problema está acontecendo nesse navegador tb).

Tb não estou usando mídias, como pen drives ou HD externo, pois tenho medo de "disseminar" o vírus, se for esse o caso.

O que faço??

Abaixo o resultado da rodagem do DDS, Attach e do Gmer.

OBRIGADA!

Renata

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660

Run by Renata at 16:55:11 on 2013-08-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.8067.5685 [GMT -3:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files\Conexant\SA3\CxUtilSvc.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Conexant\SA3\SmartAudio3.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Cracked License Manager 10\lmgrd.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\Elantech\ETDGesture.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Cracked License Manager 10\ARCGIS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.gmail.com/

uDefault_Page_URL = hxxp://www.dell.com

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

StartupFolder: C:\Users\Renata\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ARCGIS~1.LNK - C:\Cracked License Manager 10\start_lic_mgr_invisible.vbs

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{3E6E7D79-D20A-4980-9250-AD2BF9489D90} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{81ECDBBC-2A7D-4A2D-9474-10EA06960BD7} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0+ /dne /s

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: klogon - C:\Windows\System32\klogon.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2013-7-19 32896]

R0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-19 20024]

R0 rtcrfilt64;Realtek Turbo Mode Filter Driver;C:\Windows\System32\drivers\rtcrfilt64.sys [2013-7-19 19600]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-9 283064]

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-7-19 235520]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-3-8 107648]

R2 AVP;Serviço do Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448]

R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2013-7-19 109184]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-7-30 409640]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-7-19 2464400]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-19 161560]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-19 363800]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-8 159360]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-7-19 77824]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-3-8 30848]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-7-20 176096]

R3 ETD;Dell Touchpad;C:\Windows\System32\drivers\ETD.sys [2013-7-19 211856]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2013-7-19 331264]

R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2013-7-19 14745600]

R3 iusb3hub;Driver para hub Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-19 358456]

R3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-19 791608]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2013-7-19 317584]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-19 685160]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2013/07/20 16:11:01;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-6-25 242448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-3-8 36480]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-3-8 340096]

S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-3-8 111232]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-3-8 168064]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-3-8 68736]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-3-8 281472]

S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-3-8 551552]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-9 1255736]

.

=============== Created Last 30 ================

.

2013-08-23 16:50:43 -------- d-----w- C:\Program Files (x86)\Hidro 1.2

2013-08-23 11:29:50 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02AE5D48-3477-4143-9239-43F6EB763BE3}\mpengine.dll

2013-08-16 23:47:35 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-16 23:47:34 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-16 23:47:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-16 23:47:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-16 23:47:34 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-16 23:47:34 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-16 23:47:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-16 23:47:34 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-16 23:47:33 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-16 23:47:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-16 23:47:33 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-13 12:05:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2013-08-09 21:00:21 -------- d-----w- C:\Cracked License Manager 10

2013-08-09 19:33:56 -------- d-----w- C:\Program Files (x86)\ESRI

2013-08-09 19:13:47 -------- d-----w- C:\Program Files (x86)\ET SpatialTechniques

2013-08-09 19:09:14 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2013-08-09 19:01:11 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 4.0

2013-08-09 18:59:40 -------- d-----w- C:\Python26

2013-08-09 18:59:39 -------- d-----w- C:\Program Files (x86)\Common Files\Data Dynamics

2013-08-09 18:59:34 -------- d-----w- C:\Program Files (x86)\Common Files\Tom Sawyer Software

2013-08-09 18:59:34 -------- d-----w- C:\Program Files (x86)\Common Files\ArcGIS

2013-08-09 18:59:21 -------- d-----w- C:\Program Files (x86)\ArcGIS

2013-08-09 18:57:11 -------- d-----w- C:\Windows\SysWow64\1033

2013-08-09 18:57:11 -------- d-----w- C:\Windows\System32\1033

2013-08-09 18:57:11 -------- d-----w- C:\Program Files\Microsoft SQL Server

2013-08-09 18:57:11 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2013-08-09 17:59:37 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2013-08-09 17:59:04 -------- d-----w- C:\Windows\PCHEALTH

2013-08-09 17:59:03 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2013-08-09 17:56:50 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-08-09 17:55:50 -------- d-----w- C:\Program Files\Microsoft Analysis Services

2013-08-09 17:55:50 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-08-09 17:54:41 -------- d-----w- C:\Users\Renata\AppData\Local\Microsoft Help

2013-08-09 17:47:00 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2013-08-09 17:46:56 -------- d-----w- C:\Users\Renata\AppData\Roaming\DAEMON Tools Lite

2013-08-09 17:46:54 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2013-08-09 17:37:59 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2013-08-09 17:09:25 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS

2013-08-09 17:09:25 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2013-08-09 17:09:01 96768 ----a-w- C:\Windows\System32\fsutil.exe

2013-08-09 17:09:01 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2013-08-09 17:09:01 2565632 ----a-w- C:\Windows\System32\esent.dll

2013-08-09 17:09:01 1699328 ----a-w- C:\Windows\SysWow64\esent.dll

2013-08-09 17:05:32 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-08-09 17:05:32 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-08-09 16:55:10 -------- d-----w- C:\Windows\SysWow64\Wat

2013-08-09 16:55:10 -------- d-----w- C:\Windows\System32\Wat

2013-08-02 00:36:18 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-08-02 00:36:18 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-08-02 00:36:18 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-08-02 00:36:18 2560 ----a-w- C:\Windows\System32\drivers\pt-BR\wdf01000.sys.mui

2013-08-02 00:23:02 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-02 00:00:36 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-08-02 00:00:36 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-08-02 00:00:36 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-08-02 00:00:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-08-02 00:00:36 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-08-02 00:00:36 100864 ----a-w- C:\Windows\System32\fontsub.dll

2013-08-01 23:59:51 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-08-01 23:59:51 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-08-01 23:59:51 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-08-01 23:59:51 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-08-01 23:59:50 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-08-01 23:59:50 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-08-01 23:59:50 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-08-01 23:51:13 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-08-01 23:51:13 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-08-01 23:51:13 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-08-01 23:51:13 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-08-01 23:51:13 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-07-31 12:00:56 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-07-31 11:59:55 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll

2013-07-31 11:58:34 800768 ----a-w- C:\Windows\System32\usp10.dll

2013-07-31 11:57:56 715776 ----a-w- C:\Windows\System32\kerberos.dll

2013-07-31 11:56:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2013-07-31 11:44:20 77312 ----a-w- C:\Windows\System32\packager.dll

2013-07-31 11:44:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-07-31 11:42:40 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-07-30 13:35:11 -------- d-----w- C:\ProgramData\boost_interprocess

2013-07-30 13:26:01 49536 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys

2013-07-30 13:26:01 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-07-30 13:25:37 -------- d-----w- C:\ProgramData\GbPlugin

2013-07-30 13:25:37 -------- d-----w- C:\Program Files (x86)\GbPlugin

2013-07-30 13:24:27 720082 ----a-w- C:\Users\Renata\AppData\Roaming\unins000.exe

2013-07-30 13:24:27 -------- d-----w- C:\Users\Renata\AppData\Local\Programs

2013-07-30 13:24:27 -------- d-----w- C:\Users\Renata\AppData\Local\GAS Tecnologia

2013-07-30 13:24:27 -------- d-----w- C:\ProgramData\GAS Tecnologia

2013-07-30 11:28:55 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-07-30 11:28:55 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-07-30 11:28:55 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2013-07-30 11:24:26 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-07-30 11:24:12 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-07-30 11:24:02 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-07-30 11:24:02 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2013-08-02 00:23:02 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-21 19:11:17 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2013-07-21 19:11:16 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-07-21 19:11:16 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-07-19 21:11:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-19 21:11:10 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-07-19 19:27:07 0 ----a-w- C:\Windows\ativpsrm.bin

2013-07-19 19:20:28 986456 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll

2013-07-19 19:20:18 879616 ----a-w- C:\Windows\System32\MCAPO64.dll

2013-07-19 19:20:18 74240 ----a-w- C:\Windows\System32\MCWrp64.dll

2013-07-19 19:20:18 619520 ----a-w- C:\Windows\System32\MCTHX64.dll

2013-07-19 19:20:18 576344 ----a-w- C:\Windows\System32\MaxxAudioAPO4064.dll

2013-07-19 19:20:18 568960 ----a-w- C:\Windows\System32\UCI64A89.dll

2013-07-19 19:20:18 1604736 ----a-w- C:\Windows\System32\drivers\CHDRT64.sys

2013-07-19 19:20:18 1577600 ----a-w- C:\Windows\System32\CX64AP63.dll

2013-07-19 19:07:29 103832 ----a-w- C:\Users\Renata\GoToAssistDownloadHelper.exe

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

.

============= FINISH: 16:55:53,98 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 19/07/2013 15:35:05

System Uptime: 23/08/2013 08:23:03 (8 hours ago)

.

Motherboard: Dell Inc. | | 0DNMM8

Processor: Intel® Core i5-3210M CPU @ 2.50GHz | U3E1 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 469 GiB total, 396,047 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 462 GiB total, 328,925 GiB free.

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Dell Wireless 1703 Bluetooth

Device ID: USB\VID_0CF3&PID_E004\ALASKA_DAY_2006

Manufacturer: Atheros Communications

Name: Dell Wireless 1703 Bluetooth

PNP Device ID: USB\VID_0CF3&PID_E004\ALASKA_DAY_2006

Service: BTHUSB

.

==== System Restore Points ===================

.

RP31: 09/08/2013 18:44:54 - Windows Update

RP32: 13/08/2013 08:51:11 - Windows Update

RP33: 13/08/2013 21:47:52 - Windows Update

RP34: 16/08/2013 21:27:16 - Windows Update

RP35: 21/08/2013 11:26:53 - Windows Update

.

==== Installed Programs ======================

.

a Versão 1.2 - (compilação 1.2.1.281) © 2012 ANA

Adobe Flash Player 11 ActiveX

Adobe Reader X MUI

Advanced Audio FX Engine

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD AVIVO64 Codecs

AMD Catalyst Install Manager

Arc Hydro Tools

ArcGIS 10 Desktop Add Globalids in ArcView Patch

ArcGIS 10 Desktop Raster Format Patch

ArcGIS 10 SP1 (Desktop) Active Tool Patch

ArcGIS 10.0 (Desktop) FGDC Metadata Style Patch

ArcGIS 10.0 (Desktop, Engine, Server) Geodatabase Replication Upgrade patch

ArcGIS 10.0 Desktop Parcel Editiong copy/past Patch

ArcGIS 10.0 Desktop Patch for Load a Topology to a Parcel Fabric

ArcGIS Desktop 10

ArcGIS Desktop 10 Feature Inspector Patch

ArcGIS Desktop 10 File Menu Performance Patch

ArcGIS Desktop 10 Personal Geodatabase Unicode Item Definition Patch

ArcGIS Desktop 10 Service Pack 1

ArcGIS Desktop 10 SP1 Load Objects Command Patch

ArcGIS Desktop 10 Split Custom Features with Relationship Propagation Patch

ArcGIS Desktop 10.0 Geocoding Memory Leak and Matching Quality Patch

ArcGIS Desktop 10.0 WMS Service Memory Leak Patch

Atheros Bluetooth Suite (64)

µTorrent

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Mobile

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Conexant HD Audio

CyberLink PowerDVD 9.6

DAEMON Tools Lite

Dell Touchpad

Dell VideoStage

Dell Webcam Central

Dell WLAN and Bluetooth Client Installation

ET GeoWizards 10.1 for ArcGIS 10.0

foobar2000 v1.1.8

Google Chrome

Google Earth

Google Update Helper

GoToAssist Corporate

Intel® Display Audio Driver

Intel® Management Engine Components

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

Kaspersky Internet Security 2012

Módulo de Segurança - Banco do Brasil

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft SQL Server 2008 Native Client

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

PowerXpressHybrid

PX Profile Update

Realtek Ethernet Controller All-In-One Windows Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

WinRAR 4.01 (64-bit)

.

==== End Of File ===========================

Gmer:

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-08-23 17:42:43

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB

Running: gmer.exe; Driver: C:\Users\Renata\AppData\Local\Temp\fwdiqpow.sys

---- User code sections - GMER 2.1 ----

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[992] C:\Windows\syswow64\kernel32.dll!FreeLibrary 00000000753434a8 5 bytes JMP 000000013b0ae02d

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[992] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 000000007535d56a 5 bytes JMP 000000013b0adfa5

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[992] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[992] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]

.text ... * 2

.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076fc0038 5 bytes JMP 000000016ac91765

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]

.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\SysWOW64\ntdll.dll [3148:3220] 0000000000419a10

Thread C:\Windows\SysWOW64\ntdll.dll [3148:660] 00000000675e4e30

Thread C:\Windows\SysWOW64\ntdll.dll [3148:3284] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:3636] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:4684] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:4688] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:5092] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:2092] 0000000073aca3e0

Thread C:\Windows\SysWOW64\ntdll.dll [3148:5288] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:876] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:6904] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:5296] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:5480] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:7492] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:7300] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:5212] 00000000727029e1

Thread C:\Windows\SysWOW64\ntdll.dll [3148:7384] 000000007270286e

Thread C:\Windows\SysWOW64\ntdll.dll [3148:8140] 00000000727029e1

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e006e6d0d3e4

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e006e6d0d3e4 (not active ControlSet)

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

Abaixo cópia dos logs que fiz agora!

Só para informar, nas instruções dizia para selecionar o C:\, mas meu HD está compartimentado e tenho os dados no E:\ e os programas e sistema no C:\. Seria necessário ter marcado o E:\ tb?

Obrigada pela ajuda!

Renata

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660

Run by Renata at 19:45:00 on 2013-08-25

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.8067.5808 [GMT -3:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files\Conexant\SA3\CxUtilSvc.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Conexant\SA3\SmartAudio3.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\Elantech\ETDGesture.exe

C:\Cracked License Manager 10\lmgrd.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Cracked License Manager 10\ARCGIS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.gmail.com/

uDefault_Page_URL = hxxp://www.dell.com

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

StartupFolder: C:\Users\Renata\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ARCGIS~1.LNK - C:\Cracked License Manager 10\start_lic_mgr_invisible.vbs

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{3E6E7D79-D20A-4980-9250-AD2BF9489D90} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{81ECDBBC-2A7D-4A2D-9474-10EA06960BD7} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0+ /dne /s

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: klogon - C:\Windows\System32\klogon.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2013-7-19 32896]

R0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-19 20024]

R0 rtcrfilt64;Realtek Turbo Mode Filter Driver;C:\Windows\System32\drivers\rtcrfilt64.sys [2013-7-19 19600]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-9 283064]

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-7-19 235520]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-3-8 107648]

R2 AVP;Serviço do Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448]

R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2013-7-19 109184]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-7-30 409640]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-7-19 2464400]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-19 161560]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-19 363800]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-8 159360]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-7-19 77824]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-3-8 30848]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-7-20 176096]

R3 ETD;Dell Touchpad;C:\Windows\System32\drivers\ETD.sys [2013-7-19 211856]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2013-7-19 331264]

R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2013-7-19 14745600]

R3 iusb3hub;Driver para hub Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-19 358456]

R3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-19 791608]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2013-7-19 317584]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-19 685160]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2013/07/20 16:11:01;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-6-25 242448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-3-8 36480]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-3-8 340096]

S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-3-8 111232]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-3-8 168064]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-3-8 68736]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-3-8 281472]

S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-3-8 551552]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-9 1255736]

.

=============== Created Last 30 ================

.

2013-08-23 16:50:43 -------- d-----w- C:\Program Files (x86)\Hidro 1.2

2013-08-23 11:29:50 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02AE5D48-3477-4143-9239-43F6EB763BE3}\mpengine.dll

2013-08-16 23:47:35 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-16 23:47:34 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-16 23:47:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-16 23:47:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-16 23:47:34 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-16 23:47:34 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-16 23:47:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-16 23:47:34 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-16 23:47:33 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-16 23:47:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-16 23:47:33 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-13 12:05:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2013-08-09 21:00:21 -------- d-----w- C:\Cracked License Manager 10

2013-08-09 19:33:56 -------- d-----w- C:\Program Files (x86)\ESRI

2013-08-09 19:13:47 -------- d-----w- C:\Program Files (x86)\ET SpatialTechniques

2013-08-09 19:09:14 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2013-08-09 19:01:11 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 4.0

2013-08-09 18:59:40 -------- d-----w- C:\Python26

2013-08-09 18:59:39 -------- d-----w- C:\Program Files (x86)\Common Files\Data Dynamics

2013-08-09 18:59:34 -------- d-----w- C:\Program Files (x86)\Common Files\Tom Sawyer Software

2013-08-09 18:59:34 -------- d-----w- C:\Program Files (x86)\Common Files\ArcGIS

2013-08-09 18:59:21 -------- d-----w- C:\Program Files (x86)\ArcGIS

2013-08-09 18:57:11 -------- d-----w- C:\Windows\SysWow64\1033

2013-08-09 18:57:11 -------- d-----w- C:\Windows\System32\1033

2013-08-09 18:57:11 -------- d-----w- C:\Program Files\Microsoft SQL Server

2013-08-09 18:57:11 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2013-08-09 17:59:37 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2013-08-09 17:59:04 -------- d-----w- C:\Windows\PCHEALTH

2013-08-09 17:59:03 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2013-08-09 17:56:50 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-08-09 17:55:50 -------- d-----w- C:\Program Files\Microsoft Analysis Services

2013-08-09 17:55:50 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-08-09 17:54:41 -------- d-----w- C:\Users\Renata\AppData\Local\Microsoft Help

2013-08-09 17:47:00 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2013-08-09 17:46:56 -------- d-----w- C:\Users\Renata\AppData\Roaming\DAEMON Tools Lite

2013-08-09 17:46:54 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2013-08-09 17:37:59 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2013-08-09 17:09:25 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS

2013-08-09 17:09:25 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2013-08-09 17:09:01 96768 ----a-w- C:\Windows\System32\fsutil.exe

2013-08-09 17:09:01 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2013-08-09 17:09:01 2565632 ----a-w- C:\Windows\System32\esent.dll

2013-08-09 17:09:01 1699328 ----a-w- C:\Windows\SysWow64\esent.dll

2013-08-09 17:05:32 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-08-09 17:05:32 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-08-09 16:55:10 -------- d-----w- C:\Windows\SysWow64\Wat

2013-08-09 16:55:10 -------- d-----w- C:\Windows\System32\Wat

2013-08-02 00:36:18 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-08-02 00:36:18 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-08-02 00:36:18 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-08-02 00:36:18 2560 ----a-w- C:\Windows\System32\drivers\pt-BR\wdf01000.sys.mui

2013-08-02 00:23:02 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-02 00:00:36 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-08-02 00:00:36 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-08-02 00:00:36 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-08-02 00:00:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-08-02 00:00:36 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-08-02 00:00:36 100864 ----a-w- C:\Windows\System32\fontsub.dll

2013-08-01 23:59:51 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-08-01 23:59:51 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-08-01 23:59:51 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-08-01 23:59:51 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-08-01 23:59:50 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-08-01 23:59:50 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-08-01 23:59:50 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-08-01 23:51:13 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-08-01 23:51:13 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-08-01 23:51:13 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-08-01 23:51:13 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-08-01 23:51:13 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-07-31 12:00:56 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-07-31 11:59:55 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll

2013-07-31 11:58:34 800768 ----a-w- C:\Windows\System32\usp10.dll

2013-07-31 11:57:56 715776 ----a-w- C:\Windows\System32\kerberos.dll

2013-07-31 11:56:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2013-07-31 11:44:20 77312 ----a-w- C:\Windows\System32\packager.dll

2013-07-31 11:44:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-07-31 11:42:40 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-07-30 13:35:11 -------- d-----w- C:\ProgramData\boost_interprocess

2013-07-30 13:26:01 49536 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys

2013-07-30 13:26:01 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-07-30 13:25:37 -------- d-----w- C:\ProgramData\GbPlugin

2013-07-30 13:25:37 -------- d-----w- C:\Program Files (x86)\GbPlugin

2013-07-30 13:24:27 720082 ----a-w- C:\Users\Renata\AppData\Roaming\unins000.exe

2013-07-30 13:24:27 -------- d-----w- C:\Users\Renata\AppData\Local\Programs

2013-07-30 13:24:27 -------- d-----w- C:\Users\Renata\AppData\Local\GAS Tecnologia

2013-07-30 13:24:27 -------- d-----w- C:\ProgramData\GAS Tecnologia

2013-07-30 11:28:55 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-07-30 11:28:55 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-07-30 11:28:55 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2013-07-30 11:24:26 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-07-30 11:24:12 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-07-30 11:24:02 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-07-30 11:24:02 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2013-08-02 00:23:02 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-21 19:11:17 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2013-07-21 19:11:16 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-07-21 19:11:16 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-07-19 21:11:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-19 21:11:10 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-07-19 19:27:07 0 ----a-w- C:\Windows\ativpsrm.bin

2013-07-19 19:20:28 986456 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll

2013-07-19 19:20:18 879616 ----a-w- C:\Windows\System32\MCAPO64.dll

2013-07-19 19:20:18 74240 ----a-w- C:\Windows\System32\MCWrp64.dll

2013-07-19 19:20:18 619520 ----a-w- C:\Windows\System32\MCTHX64.dll

2013-07-19 19:20:18 576344 ----a-w- C:\Windows\System32\MaxxAudioAPO4064.dll

2013-07-19 19:20:18 568960 ----a-w- C:\Windows\System32\UCI64A89.dll

2013-07-19 19:20:18 1604736 ----a-w- C:\Windows\System32\drivers\CHDRT64.sys

2013-07-19 19:20:18 1577600 ----a-w- C:\Windows\System32\CX64AP63.dll

2013-07-19 19:07:29 103832 ----a-w- C:\Users\Renata\GoToAssistDownloadHelper.exe

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

.

============= FINISH: 19:45:28,00 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 19/07/2013 15:35:05

System Uptime: 25/08/2013 19:23:47 (0 hours ago)

.

Motherboard: Dell Inc. | | 0DNMM8

Processor: Intel® Core i5-3210M CPU @ 2.50GHz | U3E1 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 469 GiB total, 395,842 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 462 GiB total, 328,925 GiB free.

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Dell Wireless 1703 Bluetooth

Device ID: USB\VID_0CF3&PID_E004\ALASKA_DAY_2006

Manufacturer: Atheros Communications

Name: Dell Wireless 1703 Bluetooth

PNP Device ID: USB\VID_0CF3&PID_E004\ALASKA_DAY_2006

Service: BTHUSB

.

==== System Restore Points ===================

.

RP31: 09/08/2013 18:44:54 - Windows Update

RP32: 13/08/2013 08:51:11 - Windows Update

RP33: 13/08/2013 21:47:52 - Windows Update

RP34: 16/08/2013 21:27:16 - Windows Update

RP35: 21/08/2013 11:26:53 - Windows Update

.

==== Installed Programs ======================

.

a Versão 1.2 - (compilação 1.2.1.281) © 2012 ANA

Adobe Flash Player 11 ActiveX

Adobe Reader X MUI

Advanced Audio FX Engine

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD AVIVO64 Codecs

AMD Catalyst Install Manager

Arc Hydro Tools

ArcGIS 10 Desktop Add Globalids in ArcView Patch

ArcGIS 10 Desktop Raster Format Patch

ArcGIS 10 SP1 (Desktop) Active Tool Patch

ArcGIS 10.0 (Desktop) FGDC Metadata Style Patch

ArcGIS 10.0 (Desktop, Engine, Server) Geodatabase Replication Upgrade patch

ArcGIS 10.0 Desktop Parcel Editiong copy/past Patch

ArcGIS 10.0 Desktop Patch for Load a Topology to a Parcel Fabric

ArcGIS Desktop 10

ArcGIS Desktop 10 Feature Inspector Patch

ArcGIS Desktop 10 File Menu Performance Patch

ArcGIS Desktop 10 Personal Geodatabase Unicode Item Definition Patch

ArcGIS Desktop 10 Service Pack 1

ArcGIS Desktop 10 SP1 Load Objects Command Patch

ArcGIS Desktop 10 Split Custom Features with Relationship Propagation Patch

ArcGIS Desktop 10.0 Geocoding Memory Leak and Matching Quality Patch

ArcGIS Desktop 10.0 WMS Service Memory Leak Patch

Atheros Bluetooth Suite (64)

µTorrent

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Mobile

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Conexant HD Audio

CyberLink PowerDVD 9.6

DAEMON Tools Lite

Dell Touchpad

Dell VideoStage

Dell Webcam Central

Dell WLAN and Bluetooth Client Installation

ET GeoWizards 10.1 for ArcGIS 10.0

foobar2000 v1.1.8

Google Chrome

Google Earth

Google Update Helper

GoToAssist Corporate

Intel® Display Audio Driver

Intel® Management Engine Components

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

Kaspersky Internet Security 2012

Módulo de Segurança - Banco do Brasil

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft SQL Server 2008 Native Client

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

PowerXpressHybrid

PX Profile Update

Realtek Ethernet Controller All-In-One Windows Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

WinRAR 4.01 (64-bit)

.

==== End Of File ===========================

GMER:

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-08-25 20:09:40

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB

Running: gmer.exe; Driver: C:\Users\Renata\AppData\Local\Temp\fwdiqpow.sys

---- User code sections - GMER 2.1 ----

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[996] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000075b434a8 5 bytes JMP 000000013b0ae02d

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[996] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 0000000075b5d56a 5 bytes JMP 000000013b0adfa5

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[996] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077051465 2 bytes [05, 77]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[996] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770514bb 2 bytes [05, 77]

.text ... * 2

.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000775c0038 5 bytes JMP 000000016ac91765

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077051465 2 bytes [05, 77]

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770514bb 2 bytes [05, 77]

.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [2460:5028] 000007feec809688

Thread C:\Windows\SysWOW64\ntdll.dll [3748:3772] 0000000000419a10

Thread C:\Windows\SysWOW64\ntdll.dll [3748:3688] 00000000675e4e30

Thread C:\Windows\SysWOW64\ntdll.dll [3748:3824] 0000000072cf29e1

Thread C:\Windows\SysWOW64\ntdll.dll [3748:3984] 0000000072cf29e1

Thread C:\Windows\SysWOW64\ntdll.dll [3748:4176] 0000000072cf29e1

Thread C:\Windows\SysWOW64\ntdll.dll [3748:4180] 0000000072cf29e1

Thread C:\Windows\SysWOW64\ntdll.dll [3748:4476] 0000000072cf29e1

Thread C:\Windows\SysWOW64\ntdll.dll [3748:4628] 00000000707da3e0

Thread C:\Windows\SysWOW64\ntdll.dll [3748:3164] 0000000072cf29e1

Thread C:\Windows\SysWOW64\ntdll.dll [3748:5552] 0000000072cf286e

Thread C:\Windows\SysWOW64\ntdll.dll [3748:5952] 0000000072cf29e1

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e006e6d0d3e4

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e006e6d0d3e4 (not active ControlSet)

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara RenataDV

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Seria necessário ter marcado o E:\ tb?
Tudo bem... não vi nada de anormal nos logs. Vamos ver se tem algum programa indesejado e fazer um novo scan com outra ferramenta. ;)

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Faça o donwload do OTL by OldTimer e salve em seu Desktop.

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Deixe a tela principal configurada conforme figura abaixo:

5369448421_6bf795eb1a_b.jpg

  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dl
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
/md5stop

  • Clique no botão 5370056362_e3d07d5d8a_m.jpg
  • Não interrompa o scan em hipótese alguma;
  • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
  • Reinicie o computador;
  • Poste os dois logs em sua próxima resposta.
  • Não exclua o OTL

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

Vou tentar fazer hoje à noite as etapas que me orientastes, porém, se eu não conseguir hoje, poderei apenas na quarta à noite ou quinta de manhã. Tem problema esperar até lá?

Novamente, muito obrigada pela ajuda!

Renata

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego,

fiquei na dúvida sobre se faço uma etapa de cada vez, te repassando os resultados e esperando tua resposta antes de passar para a próxima etapa ou se já posso fazer as 3 direto, uma atrás da outra, mas em sequência. Faço tudo de uma vez na ordem que passastes??

Obrigada

Renata

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara RenataDV

Por favor, não use o botão CITAR a não ser que seja realmente necessário ;)

Faço tudo de uma vez na ordem que passastes??
Exatamente ^_^

Releia minhas instruções iniciais:

Respeite a ordem das instruções passadas.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

Realizei os procedimentos que indicastes hoje.

Abaixo coloco os logs.

Obrigada!

Renata

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.4 (08.22.2013:1)

OS: Windows 7 Home Premium x64

Ran by Renata on 29/08/2013 at 12:03:28,92

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 29/08/2013 at 12:08:30,41

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.001 - Report created 29/08/2013 at 13:38:24

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Renata - RENATA-PC

# Running from : C:\Users\Renata\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [782 octets] - [29/08/2013 13:14:58]

AdwCleaner[R1].txt - [841 octets] - [29/08/2013 13:37:35]

AdwCleaner[s0].txt - [765 octets] - [29/08/2013 13:38:24]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [824 octets] ##########

OTL logfile created on: 29/08/2013 13:57:22 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Renata\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16660)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,88 Gb Total Physical Memory | 5,62 Gb Available Physical Memory | 71,27% Memory free

15,75 Gb Paging File | 13,22 Gb Available in Paging File | 83,91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 469,01 Gb Total Space | 395,94 Gb Free Space | 84,42% Space Free | Partition Type: NTFS

Drive E: | 462,41 Gb Total Space | 328,93 Gb Free Space | 71,13% Space Free | Partition Type: NTFS

Drive F: | 3,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: RENATA-PC | User Name: Renata | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/28 21:43:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Renata\Desktop\OTL.exe

PRC - [2013/08/24 14:49:56 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/07/19 20:06:34 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

PRC - [2013/07/19 18:09:57 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

PRC - [2013/07/19 16:20:27 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Arquivos de Programas\CONEXANT\SA3\CxUtilSvc.exe

PRC - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2012/12/21 07:57:56 | 000,291,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2012/06/25 18:06:04 | 000,076,872 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe

PRC - [2012/04/22 20:56:44 | 000,077,824 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

PRC - [2012/03/08 19:47:18 | 000,159,360 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2012/01/21 08:35:24 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/01/21 08:35:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012/01/21 08:35:08 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2008/11/06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) -- C:\Cracked License Manager 10\lmgrd.exe

PRC - [2008/08/02 08:57:14 | 001,757,184 | ---- | M] () -- C:\Cracked License Manager 10\ARCGIS.EXE

========== Modules (No Company Name) ==========

MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll

MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll

MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll

MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll

MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll

MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll

MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

MOD - [2008/08/02 08:57:14 | 001,757,184 | ---- | M] () -- C:\Cracked License Manager 10\ARCGIS.EXE

========== Services (SafeList) ==========

SRV - [2013/08/09 16:09:14 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2013/07/19 18:11:11 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/07/19 18:09:57 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)

SRV - [2013/07/19 16:20:27 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Arquivos de Programas\CONEXANT\SA3\CxUtilSvc.exe -- (CxUtilSvc)

SRV - [2013/07/19 16:07:42 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)

SRV - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2012/09/07 10:06:26 | 002,464,400 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2012/06/25 18:06:00 | 000,242,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)

SRV - [2012/04/22 20:56:44 | 000,077,824 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)

SRV - [2012/03/19 08:14:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/03/08 19:47:18 | 000,159,360 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)

SRV - [2012/03/08 19:25:30 | 000,107,648 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc)

SRV - [2012/01/21 08:35:24 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/01/21 08:35:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/01/21 08:35:08 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

SRV - [2012/01/10 21:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010/01/09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV - [2013/05/08 09:52:48 | 000,049,536 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

IE - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

IE - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\..\SearchScopes\{E038C2F6-28A6-4A6B-A3B8-AD6A2882EC89}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}

IE - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\Renata\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2013/07/19 18:42:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2013/07/19 18:42:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2013/07/19 18:42:13 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: https://mail.google.com/mail/u/0/?shva=1#inbox

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - Extension: Google Docs = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Pesquisa do Google = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Conselheiro de URLs da Kaspersky = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\

CHR - Extension: Teclado virtual = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\

CHR - Extension: Chrome In-App Payments service = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\

CHR - Extension: GBBD Banco do Brasil = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh\3.0.0_0\

CHR - Extension: Gmail = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Anti-Banner = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2753503105-670087258-2731069859-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Renata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArcGIS License Manager 10 CRACKED.lnk = C:\Cracked License Manager 10\start_lic_mgr_invisible.vbs ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E6E7D79-D20A-4980-9250-AD2BF9489D90}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81ECDBBC-2A7D-4A2D-9474-10EA06960BD7}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ms-help - No CLSID value found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2009/12/04 14:52:28 | 000,000,041 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{a993b747-f0a0-11e2-809d-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{a993b747-f0a0-11e2-809d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\install.EXE id= ver=1.0.0.0

O33 - MountPoints2\{cdcd3cd4-0114-11e3-b12d-e006e6d0d3e4}\Shell - "" = AutoRun

O33 - MountPoints2\{cdcd3cd4-0114-11e3-b12d-e006e6d0d3e4}\Shell\AutoRun\command - "" = F:\ESRI.exe -- [2010/07/08 17:57:35 | 005,398,936 | R--- | M] (ESRI)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus estender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus estender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus estender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus estender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {49C187D7-91E1-459E-9759-2925384BD397} - .NET Framework

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/29 13:14:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/08/29 12:03:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/08/28 21:43:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Renata\Desktop\OTL.exe

[2013/08/26 20:33:01 | 001,021,434 | ---- | C] (Thisisu) -- C:\Users\Renata\Desktop\JRT.exe

[2013/08/23 16:57:55 | 000,000,000 | ---D | C] -- C:\Users\Renata\Desktop\gmer

[2013/08/23 16:50:32 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Renata\Desktop\dds.scr

[2013/08/23 13:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hidro 1.2

[2013/08/23 13:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hidro 1.2

[2013/08/19 20:35:44 | 000,000,000 | R--D | C] -- C:\Users\Renata\Documents\Scanned Documents

[2013/08/19 20:35:44 | 000,000,000 | ---D | C] -- C:\Users\Renata\Documents\Fax

[2013/08/16 21:35:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/08/16 21:35:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/08/16 21:35:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/08/16 21:35:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/08/16 21:35:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/08/16 21:35:46 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/08/16 20:47:35 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/08/16 20:47:34 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/08/16 20:47:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/08/16 20:47:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/08/16 20:47:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/08/16 20:47:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/08/16 20:47:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/08/16 14:49:17 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2013/08/16 14:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative

[2013/08/13 09:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2013/08/09 18:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision

[2013/08/09 18:00:22 | 000,000,000 | ---D | C] -- C:\Users\Renata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcGIS License Manager 10 CRACKED

[2013/08/09 18:00:21 | 000,000,000 | ---D | C] -- C:\Cracked License Manager 10

[2013/08/09 16:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESRI

[2013/08/09 16:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ET GeoWizards 101

[2013/08/09 16:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ET SpatialTechniques

[2013/08/09 16:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2013/08/09 16:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared

[2013/08/09 16:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS

[2013/08/09 16:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 4.0

[2013/08/09 15:59:40 | 000,000,000 | ---D | C] -- C:\Python26

[2013/08/09 15:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Data Dynamics

[2013/08/09 15:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tom Sawyer Software

[2013/08/09 15:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcGIS

[2013/08/09 15:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcGIS

[2013/08/09 15:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server

[2013/08/09 15:57:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033

[2013/08/09 15:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

[2013/08/09 15:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2013/08/09 14:59:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2013/08/09 14:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8

[2013/08/09 14:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2013/08/09 14:54:41 | 000,000,000 | ---D | C] -- C:\Users\Renata\AppData\Local\Microsoft Help

[2013/08/09 14:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2013/08/09 14:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2013/08/09 14:54:07 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2013/08/09 14:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

[2013/08/09 14:46:56 | 000,000,000 | ---D | C] -- C:\Users\Renata\AppData\Roaming\DAEMON Tools Lite

[2013/08/09 14:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite

[2013/08/09 14:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2013/08/09 14:09:01 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2013/08/09 14:08:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2013/08/09 13:55:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2013/08/01 21:28:21 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/08/01 21:28:21 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/08/01 21:28:21 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/08/01 21:28:21 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/08/01 21:28:21 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/08/01 21:28:21 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/08/01 21:28:21 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/08/01 21:28:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/08/01 21:28:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/08/01 21:28:21 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/08/01 21:28:21 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/08/01 21:28:21 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/08/01 21:28:21 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/08/01 21:28:21 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/08/01 21:28:21 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/08/01 21:28:21 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/08/01 21:28:21 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/08/01 21:28:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/08/01 21:28:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/08/01 21:28:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/08/01 21:28:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/08/01 21:28:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/08/01 21:28:21 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/08/01 21:23:02 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/08/01 21:23:02 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/08/01 21:23:02 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/08/01 21:23:02 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/08/01 21:23:02 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013/08/01 21:23:02 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/08/01 21:23:02 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/08/01 21:23:02 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/08/01 21:23:02 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/08/01 21:23:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/08/01 21:23:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/08/01 21:23:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/08/01 21:23:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/08/01 21:23:02 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/08/01 21:00:36 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2013/08/01 21:00:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2013/08/01 21:00:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2013/08/01 13:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2013/07/31 09:01:34 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll

[2013/07/31 09:01:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll

[2013/07/31 09:01:34 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll

[2013/07/31 09:01:34 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll

[2013/07/31 09:01:34 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll

[2013/07/31 09:01:12 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2013/07/31 09:01:03 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll

[2013/07/31 09:00:55 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/07/31 09:00:55 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/07/31 09:00:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/07/31 09:00:50 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2013/07/31 09:00:50 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2013/07/31 09:00:41 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll

[2013/07/31 09:00:41 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2013/07/31 09:00:41 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2013/07/31 09:00:31 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2013/07/31 09:00:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2013/07/31 09:00:26 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2013/07/31 09:00:26 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2013/07/31 09:00:26 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2013/07/31 09:00:26 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2013/07/31 09:00:25 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll

[2013/07/31 09:00:15 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/07/31 09:00:05 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll

[2013/07/31 09:00:01 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2013/07/31 08:59:51 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2013/07/31 08:59:51 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2013/07/31 08:59:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2013/07/31 08:59:36 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll

[2013/07/31 08:59:35 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll

[2013/07/31 08:59:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll

[2013/07/31 08:59:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2013/07/31 08:59:07 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2013/07/31 08:59:06 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll

[2013/07/31 08:58:31 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2013/07/31 08:58:30 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2013/07/31 08:58:30 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2013/07/31 08:58:30 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2013/07/31 08:58:30 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2013/07/31 08:58:30 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2013/07/31 08:58:30 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2013/07/31 08:58:30 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2013/07/31 08:58:30 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2013/07/31 08:58:30 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2013/07/31 08:58:30 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2013/07/31 08:58:30 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2013/07/31 08:58:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2013/07/31 08:58:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2013/07/31 08:58:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2013/07/31 08:58:30 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2013/07/31 08:58:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2013/07/31 08:58:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax

[2013/07/31 08:57:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/07/31 08:57:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/07/31 08:57:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/07/31 08:57:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/07/31 08:57:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/07/31 08:57:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/07/31 08:57:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/07/31 08:57:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/07/31 08:57:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/07/31 08:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/07/31 08:57:30 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2013/07/31 08:57:26 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/07/31 08:57:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll

[2013/07/31 08:57:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe

[2013/07/31 08:57:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll

[2013/07/31 08:57:10 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll

[2013/07/31 08:57:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe

[2013/07/31 08:56:54 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe

[2013/07/31 08:56:51 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll

[2013/07/31 08:56:30 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2013/07/31 08:56:28 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2013/07/31 08:56:13 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2013/07/31 08:56:09 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/07/31 08:56:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe

[2013/07/31 08:44:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

========== Files - Modified Within 30 Days ==========

[2013/08/29 13:45:08 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/08/29 13:39:59 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\SysWow64\drivers\gbpndisrd.sys

[2013/08/29 13:39:59 | 000,010,266 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.cat

[2013/08/29 13:39:59 | 000,003,641 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.inf

[2013/08/29 13:39:59 | 000,001,814 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd_m.inf

[2013/08/29 13:39:59 | 000,001,402 | ---- | M] () -- C:\Windows\SysWow64\drivers\gas.cer

[2013/08/29 13:39:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/08/29 13:39:49 | 2049,458,175 | -HS- | M] () -- C:\hiberfil.sys

[2013/08/29 13:11:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/08/29 13:11:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/08/29 09:13:21 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/08/28 21:43:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Renata\Desktop\OTL.exe

[2013/08/28 21:43:41 | 000,994,642 | ---- | M] () -- C:\Users\Renata\Desktop\AdwCleaner.exe

[2013/08/26 20:33:10 | 001,021,434 | ---- | M] (Thisisu) -- C:\Users\Renata\Desktop\JRT.exe

[2013/08/23 16:50:44 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Renata\Desktop\dds.scr

[2013/08/23 13:50:45 | 000,001,021 | ---- | M] () -- C:\Users\Renata\Desktop\Hidro 1.2.lnk

[2013/08/23 13:49:20 | 010,218,636 | ---- | M] () -- C:\Users\Renata\Desktop\InstaladorHidroBuild_1.2.1.281.zip

[2013/08/23 10:15:02 | 000,005,770 | ---- | M] () -- C:\Users\Renata\Desktop\pgto-BalcaoeCadeiras-BriqueCruzeiro-23ago13-Loiva-$640.pdf

[2013/08/19 20:38:35 | 001,650,469 | ---- | M] () -- C:\Users\Renata\Desktop\ContaLuz-Quitto-ago13.jpeg

[2013/08/16 15:16:27 | 000,003,031 | ---- | M] () -- C:\Users\Renata\Desktop\Microsoft Word 2010.lnk

[2013/08/13 21:56:11 | 001,596,864 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/08/13 20:29:56 | 000,005,554 | ---- | M] () -- C:\Users\Renata\Desktop\ComprovantePgto-DVDinfantis-Americanas-13ago13.pdf

[2013/08/09 18:00:22 | 000,001,709 | ---- | M] () -- C:\Users\Renata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArcGIS License Manager 10 CRACKED.lnk

[2013/08/09 14:48:30 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2013/08/01 21:28:21 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/08/01 21:28:21 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/08/01 21:28:21 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/08/01 21:28:21 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/08/01 21:28:21 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/08/01 21:28:21 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/08/01 21:28:21 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/08/01 21:28:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/08/01 21:28:21 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/08/01 21:28:21 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/08/01 21:28:21 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/08/01 21:28:21 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/08/01 21:28:21 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/08/01 21:28:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/08/01 21:28:21 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/08/01 21:28:21 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/08/01 21:28:21 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/08/01 21:28:21 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/08/01 21:28:21 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/08/01 21:28:21 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/08/01 21:28:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/08/01 21:28:21 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/08/01 21:28:21 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/08/01 21:28:21 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/08/01 21:23:02 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/08/01 21:23:02 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/08/01 21:23:02 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/08/01 21:23:02 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/08/01 21:23:02 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013/08/01 21:23:02 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/08/01 21:23:02 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/08/01 21:23:02 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/08/01 21:23:02 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/08/01 21:23:02 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/08/01 21:23:02 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/08/01 21:23:02 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/08/01 21:23:02 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/08/01 21:23:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

========== Files Created - No Company Name ==========

[2013/08/28 21:43:23 | 000,994,642 | ---- | C] () -- C:\Users\Renata\Desktop\AdwCleaner.exe

[2013/08/23 13:50:45 | 000,001,021 | ---- | C] () -- C:\Users\Renata\Desktop\Hidro 1.2.lnk

[2013/08/23 13:49:02 | 010,218,636 | ---- | C] () -- C:\Users\Renata\Desktop\InstaladorHidroBuild_1.2.1.281.zip

[2013/08/23 10:15:02 | 000,005,770 | ---- | C] () -- C:\Users\Renata\Desktop\pgto-BalcaoeCadeiras-BriqueCruzeiro-23ago13-Loiva-$640.pdf

[2013/08/19 20:38:35 | 001,650,469 | ---- | C] () -- C:\Users\Renata\Desktop\ContaLuz-Quitto-ago13.jpeg

[2013/08/16 15:16:27 | 000,003,031 | ---- | C] () -- C:\Users\Renata\Desktop\Microsoft Word 2010.lnk

[2013/08/13 20:29:56 | 000,005,554 | ---- | C] () -- C:\Users\Renata\Desktop\ComprovantePgto-DVDinfantis-Americanas-13ago13.pdf

[2013/08/09 18:00:22 | 000,001,709 | ---- | C] () -- C:\Users\Renata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArcGIS License Manager 10 CRACKED.lnk

[2013/08/09 15:48:40 | 001,596,864 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/08/09 14:48:30 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2013/08/01 21:28:21 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/07/30 10:24:27 | 000,720,082 | ---- | C] () -- C:\Users\Renata\AppData\Roaming\unins000.exe

[2013/07/30 10:24:27 | 000,011,469 | ---- | C] () -- C:\Users\Renata\AppData\Roaming\unins000.dat

[2013/07/19 18:06:42 | 000,017,408 | ---- | C] () -- C:\Users\Renata\AppData\Local\WebpageIcons.db

[2013/07/19 16:27:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2013/07/19 16:25:02 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat

[2013/07/19 16:22:51 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll

[2013/07/19 16:22:51 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin

[2013/07/19 16:22:51 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin

[2013/07/19 16:22:51 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2013/07/19 16:22:51 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2013/07/19 16:22:51 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2013/07/19 16:22:51 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2013/07/19 16:07:27 | 000,103,832 | ---- | C] () -- C:\Users\Renata\GoToAssistDownloadHelper.exe

[2012/03/26 03:52:28 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/01/10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 02:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/09 14:51:55 | 000,000,000 | ---D | M] -- C:\Users\Renata\AppData\Roaming\DAEMON Tools Lite

[2013/07/20 16:06:27 | 000,000,000 | ---D | M] -- C:\Users\Renata\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >

[2009/07/13 22:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009/07/13 22:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/13 22:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/13 22:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009/07/13 22:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: NETLOGON.DLL >

[2010/11/21 00:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010/11/21 00:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/21 00:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010/11/21 00:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2011/03/11 03:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/11 03:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011/03/11 03:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 03:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/21 00:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/21 00:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >

[2010/11/21 00:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010/11/21 00:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/21 00:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010/11/21 00:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Renata\Desktop\ContaLuz-Quitto-ago13.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

OTL Extras logfile created on: 29/08/2013 13:57:22 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Renata\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16660)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,88 Gb Total Physical Memory | 5,62 Gb Available Physical Memory | 71,27% Memory free

15,75 Gb Paging File | 13,22 Gb Available in Paging File | 83,91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 469,01 Gb Total Space | 395,94 Gb Free Space | 84,42% Space Free | Partition Type: NTFS

Drive E: | 462,41 Gb Total Space | 328,93 Gb Free Space | 71,13% Space Free | Partition Type: NTFS

Drive F: | 3,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: RENATA-PC | User Name: Renata | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2753503105-670087258-2731069859-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{B9921D51-273C-494F-BB17-2532B58F8222}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0497D86C-B188-47E2-B769-F6DEB493EF9D}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |

"{4DFD3522-0130-449D-879D-66FE039894C6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{510C09CA-B113-43F4-B0C9-9B724A5CE391}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |

"{A476A7BD-1E2C-47AE-83D8-6D39AA3F3170}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |

"{A5C2A9BD-7BF6-4B8E-8D30-1B9C558CA9D7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{A9F748E6-C6BB-4DBC-B6B1-41C151EAC712}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{AAD5543A-DF4C-4202-BF8E-4B412AAA5E2B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{B77E78A4-D3A4-498C-B762-DD12C6E8EA74}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{EA6F8818-C319-4E83-86AD-E405E55DD4D0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"TCP Query User{5F3CB7A9-EE24-4746-8F4A-4969A32158B9}C:\cracked license manager 10\lmgrd.exe" = protocol=6 | dir=in | app=c:\cracked license manager 10\lmgrd.exe |

"TCP Query User{68CC6DC9-1A07-4356-9ECA-47197B6344B4}C:\cracked license manager 10\lmgrd.exe" = protocol=6 | dir=in | app=c:\cracked license manager 10\lmgrd.exe |

"TCP Query User{77F46403-1C7F-4C6F-9EB1-6071ACB17490}C:\cracked license manager 10\arcgis.exe" = protocol=6 | dir=in | app=c:\cracked license manager 10\arcgis.exe |

"TCP Query User{B8DD4A2E-E6A5-439F-8B08-0D80CB92149F}C:\cracked license manager 10\arcgis.exe" = protocol=6 | dir=in | app=c:\cracked license manager 10\arcgis.exe |

"UDP Query User{103C5295-DF9A-4678-8106-A3BAFC57E0B1}C:\cracked license manager 10\arcgis.exe" = protocol=17 | dir=in | app=c:\cracked license manager 10\arcgis.exe |

"UDP Query User{201F29B8-FC05-4789-8CC0-3A826FAC4248}C:\cracked license manager 10\lmgrd.exe" = protocol=17 | dir=in | app=c:\cracked license manager 10\lmgrd.exe |

"UDP Query User{7CCC870B-D97F-4B2F-ACFC-EFBF8B993BB3}C:\cracked license manager 10\arcgis.exe" = protocol=17 | dir=in | app=c:\cracked license manager 10\arcgis.exe |

"UDP Query User{F9F62BA9-B71F-4D14-9154-5811B0921F4A}C:\cracked license manager 10\lmgrd.exe" = protocol=17 | dir=in | app=c:\cracked license manager 10\lmgrd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1EEAFF54-E1A1-4E76-6B8F-94D077537383}" = CCC Help Spanish

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation

"{2F314F78-689D-4380-A969-594C40988DCD}" = ET GeoWizards 10.1 for ArcGIS 10.0

"{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1" = Módulo de Segurança - Banco do Brasil

"{3E668045-01FA-C8C0-9CFB-E14D158DA244}" = CCC Help Chinese Standard

"{44A5966D-2340-C22D-4F24-E7D9BD05BFF2}" = CCC Help Japanese

"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"{50405301-8163-4EB2-409D-C79B4DAE6B67}" = Catalyst Control Center

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{51FDC2DE-0917-46B7-EAEC-5377504701DE}" = PowerXpressHybrid

"{53A321FB-2740-DC24-1A13-2C764B5CBFE0}" = CCC Help Swedish

"{54B846C0-7D87-063A-5570-DEA031A3280F}" = CCC Help Portuguese

"{61C559D2-5039-4970-A42C-EDD50E23943C}" = Catalyst Control Center - Branding

"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{777B898F-BB2C-4A7E-8FD9-A7E251C14E9D}" = Arc Hydro Tools

"{7AA85983-85AA-A5D4-3194-084C0B8B04E2}" = CCC Help Danish

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{9427E9F4-3C7C-A8D5-B61E-F41F452121DB}" = CCC Help Norwegian

"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{97C8DB88-7241-4101-93BF-52E355CBB671}" = CCC Help Dutch

"{9C516C08-FAA5-4650-46E0-57F6BC2D1196}" = CCC Help Russian

"{9CBD1CFF-980C-2EB2-8D36-3E28F3EB39C0}" = CCC Help Italian

"{9D4026D4-B292-3C3E-93B4-D490F298AE74}" = CCC Help German

"{A420599B-011E-B5CB-9D9E-96DB8C70E21D}" = Catalyst Control Center Localization All

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC313587-CD54-62B3-C75F-FB7BE6FEE652}" = Catalyst Control Center Profiles Mobile

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI

"{AFEA34C5-3D2C-4A67-71A9-2D1F23DC5835}" = CCC Help Finnish

"{C00D8A72-21D9-38FE-7C59-213CBA54C49A}" = Catalyst Control Center InstallProxy

"{C4EE9CF3-A201-4D99-AD3C-728A28ECB828}_is1" = a Versão 1.2 - (compilação 1.2.1.281) © 2012 ANA

"{D0EDFF5D-95EF-BA19-AE58-661628E6DDB9}" = PX Profile Update

"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"{E2EA5E0A-D322-E878-C0F6-011DD829E54A}" = CCC Help Chinese Traditional

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EDD0B5FD-2CDE-3C0A-372D-625CD4960DEB}" = CCC Help French

"{F086BC41-1324-EC75-1BAA-6636D1C66F20}" = CCC Help English

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = Conexant HD Audio

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver

"{F2BB9FB8-37B5-969D-ACBB-C208D29E6F2B}" = CCC Help Korean

"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"ArcGIS Desktop 10" = ArcGIS Desktop 10

"ArcGIS Desktop 10 CR157841" = ArcGIS 10.0 (Desktop, Engine, Server) Geodatabase Replication Upgrade patch

"ArcGIS Desktop 10 CR159208" = ArcGIS Desktop 10.0 WMS Service Memory Leak Patch

"ArcGIS Desktop 10 CR159627" = ArcGIS 10.0 (Desktop) FGDC Metadata Style Patch

"ArcGIS Desktop 10 CR159690" = ArcGIS Desktop 10.0 Geocoding Memory Leak and Matching Quality Patch

"ArcGIS Desktop 10 CR160479" = ArcGIS 10.0 Desktop Parcel Editiong copy/past Patch

"ArcGIS Desktop 10 CR162383" = ArcGIS Desktop 10 Personal Geodatabase Unicode Item Definition Patch

"ArcGIS Desktop 10 CR163179" = ArcGIS 10 Desktop Raster Format Patch

"ArcGIS Desktop 10 CR164236" = ArcGIS 10.0 Desktop Patch for Load a Topology to a Parcel Fabric

"ArcGIS Desktop 10 CR164848" = ArcGIS 10 Desktop Add Globalids in ArcView Patch

"ArcGIS Desktop 10 CR165671" = ArcGIS Desktop 10 File Menu Performance Patch

"ArcGIS Desktop 10 CR168890" = ArcGIS Desktop 10 Feature Inspector Patch

"ArcGIS Desktop 10 CR172708P" = ArcGIS 10 SP1 (Desktop) Active Tool Patch

"ArcGIS Desktop 10 CR174778P" = ArcGIS Desktop 10 SP1 Load Objects Command Patch

"ArcGIS Desktop 10 CR175680P" = ArcGIS Desktop 10 Split Custom Features with Relationship Propagation Patch

"ArcGIS Desktop 10 SP1" = ArcGIS Desktop 10 Service Pack 1

"DAEMON Tools Lite" = DAEMON Tools Lite

"Dell Webcam Central" = Dell Webcam Central

"foobar2000" = foobar2000 v1.1.8

"Google Chrome" = Google Chrome

"GoToAssist" = GoToAssist Corporate

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6

"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2753503105-670087258-2731069859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 29/08/2013 12:41:42 | Computer Name = Renata-PC | Source = WinMgmt | ID = 10

Description =

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara RenataDV

Novamente com o OTL

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2753503105-670087258-2731069859-1000\..\SearchScopes\{E038C2F6-28A6-4A6B-A3B8-AD6A2882EC89}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
O33 - MountPoints2\{a993b747-f0a0-11e2-809d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a993b747-f0a0-11e2-809d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\install.EXE id= ver=1.0.0.0
O33 - MountPoints2\{cdcd3cd4-0114-11e3-b12d-e006e6d0d3e4}\Shell - "" = AutoRun
O33 - MountPoints2\{cdcd3cd4-0114-11e3-b12d-e006e6d0d3e4}\Shell\AutoRun\command - "" = F:\ESRI.exe -- [2010/07/08 17:57:35 | 005,398,936 | R--- | M] (ESRI)

:Commands
[purity]
[emptyflash]
[createrestorepoint]
[emptytemp]

  • Clique no botão 5370056394_358505935a_m.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Poste o conteúdo desse log em sua próxima resposta.
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste mais este log em sua próxima resposta o log gerado.

Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego!

Fiz os procedimentos no OTL de novo e os logs estão abaixo.

Obrigada!

Renata

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-2753503105-670087258-2731069859-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-2753503105-670087258-2731069859-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E038C2F6-28A6-4A6B-A3B8-AD6A2882EC89}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E038C2F6-28A6-4A6B-A3B8-AD6A2882EC89}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a993b747-f0a0-11e2-809d-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a993b747-f0a0-11e2-809d-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a993b747-f0a0-11e2-809d-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a993b747-f0a0-11e2-809d-806e6f6e6963}\ not found.

File D:\install.EXE id= ver=1.0.0.0 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdcd3cd4-0114-11e3-b12d-e006e6d0d3e4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdcd3cd4-0114-11e3-b12d-e006e6d0d3e4}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdcd3cd4-0114-11e3-b12d-e006e6d0d3e4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdcd3cd4-0114-11e3-b12d-e006e6d0d3e4}\ not found.

File move failed. F:\ESRI.exe scheduled to be moved on reboot.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Renata

->Flash cache emptied: 602 bytes

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Renata

->Temp folder emptied: 399752211 bytes

->Temporary Internet Files folder emptied: 48271859 bytes

->Google Chrome cache emptied: 362519587 bytes

->Flash cache emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1631572348 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78403601 bytes

RecycleBin emptied: 287455440 bytes

Total Files Cleaned = 2.678,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09032013_141029

Files\Folders moved on Reboot...

File\Folder F:\ESRI.exe not found!

C:\Users\Renata\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Renata\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 03/09/2013 14:16:12 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Renata\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16660)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,88 Gb Total Physical Memory | 6,28 Gb Available Physical Memory | 79,76% Memory free

15,75 Gb Paging File | 14,04 Gb Available in Paging File | 89,13% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 469,01 Gb Total Space | 400,83 Gb Free Space | 85,46% Space Free | Partition Type: NTFS

Drive E: | 462,41 Gb Total Space | 327,87 Gb Free Space | 70,91% Space Free | Partition Type: NTFS

Drive F: | 3,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: RENATA-PC | User Name: Renata | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/28 21:43:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Renata\Desktop\OTL.exe

PRC - [2013/07/19 20:06:34 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

PRC - [2013/07/19 18:09:57 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

PRC - [2013/07/19 16:20:27 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Arquivos de Programas\CONEXANT\SA3\CxUtilSvc.exe

PRC - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2012/12/21 07:57:56 | 000,291,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2012/06/25 18:06:04 | 000,076,872 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe

PRC - [2012/04/22 20:56:44 | 000,077,824 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

PRC - [2012/03/26 03:57:18 | 000,636,032 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

PRC - [2012/03/08 19:47:18 | 000,159,360 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2012/01/21 08:35:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012/01/21 08:35:08 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2008/11/06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) -- C:\Cracked License Manager 10\lmgrd.exe

PRC - [2008/08/02 08:57:14 | 001,757,184 | ---- | M] () -- C:\Cracked License Manager 10\ARCGIS.EXE

========== Modules (No Company Name) ==========

MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll

MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll

MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll

MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll

MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll

MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll

MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

MOD - [2008/08/02 08:57:14 | 001,757,184 | ---- | M] () -- C:\Cracked License Manager 10\ARCGIS.EXE

========== Services (SafeList) ==========

SRV:64bit: - [2012/03/25 18:44:18 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2013/08/09 16:09:14 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2013/07/19 18:11:11 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/07/19 18:09:57 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)

SRV - [2013/07/19 16:20:27 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Arquivos de Programas\CONEXANT\SA3\CxUtilSvc.exe -- (CxUtilSvc)

SRV - [2013/07/19 16:07:42 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)

SRV - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2012/09/07 10:06:26 | 002,464,400 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2012/06/25 18:06:00 | 000,242,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)

SRV - [2012/04/22 20:56:44 | 000,077,824 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)

SRV - [2012/03/19 08:14:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/03/08 19:47:18 | 000,159,360 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)

SRV - [2012/03/08 19:25:30 | 000,107,648 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc)

SRV - [2012/01/21 08:35:24 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/01/21 08:35:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/01/21 08:35:08 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

SRV - [2012/01/10 21:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010/01/09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/09 14:51:04 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2013/07/19 18:42:11 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2013/07/19 16:20:18 | 001,604,736 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2012/12/04 21:21:12 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/12/04 21:21:12 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2012/12/04 21:21:10 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012/10/31 05:31:14 | 000,211,856 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2012/09/04 09:49:42 | 000,317,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)

DRV:64bit: - [2012/09/04 09:49:42 | 000,019,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rtcrfilt64.sys -- (rtcrfilt64)

DRV:64bit: - [2012/03/25 19:26:40 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/03/25 17:51:16 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/03/21 06:43:02 | 002,808,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2012/03/19 20:45:54 | 000,032,896 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)

DRV:64bit: - [2012/03/19 08:02:02 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

DRV:64bit: - [2012/03/09 20:41:16 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2012/03/08 19:36:36 | 000,551,552 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2012/03/08 19:35:42 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2012/03/08 19:35:24 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2012/03/08 19:34:42 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2012/03/08 19:34:24 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2012/03/08 19:34:06 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2012/03/08 19:33:48 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)

DRV:64bit: - [2012/03/08 19:33:30 | 000,340,096 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/05 19:53:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011/11/10 17:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2011/01/20 11:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2010/11/21 00:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 00:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/09/30 16:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/09/30 16:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2013/05/08 09:52:48 | 000,049,536 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

IE - HKCU\..\SearchScopes,DefaultScope = {E038C2F6-28A6-4A6B-A3B8-AD6A2882EC89}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\Renata\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2013/07/19 18:42:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2013/07/19 18:42:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2013/07/19 18:42:13 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: https://mail.google.com/mail/u/0/?shva=1#inbox

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - Extension: Google Docs = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Pesquisa do Google = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Conselheiro de URLs da Kaspersky = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\

CHR - Extension: Teclado virtual = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\

CHR - Extension: Chrome In-App Payments service = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\

CHR - Extension: GBBD Banco do Brasil = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh\3.0.0_0\

CHR - Extension: Gmail = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Anti-Banner = C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Arquivos de Programas\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe (Conexant Systems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)

O4 - Startup: C:\Users\Renata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArcGIS License Manager 10 CRACKED.lnk = C:\Cracked License Manager 10\start_lic_mgr_invisible.vbs ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8:64bit: - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E6E7D79-D20A-4980-9250-AD2BF9489D90}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81ECDBBC-2A7D-4A2D-9474-10EA06960BD7}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2009/12/04 14:52:28 | 000,000,041 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{cdcd3cd4-0114-11e3-b12d-e006e6d0d3e4}\Shell - "" = AutoRun

O33 - MountPoints2\{cdcd3cd4-0114-11e3-b12d-e006e6d0d3e4}\Shell\AutoRun\command - "" = F:\ESRI.exe -- [2010/07/08 17:57:35 | 005,398,936 | R--- | M] (ESRI)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/03 14:10:29 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/08/30 15:30:54 | 000,000,000 | ---D | C] -- C:\Users\Renata\Documents\ArcGIS

[2013/08/30 15:30:53 | 000,000,000 | ---D | C] -- C:\Users\Renata\AppData\Roaming\ESRI

[2013/08/30 15:30:50 | 000,000,000 | ---D | C] -- C:\Users\Renata\AppData\Local\ESRI

[2013/08/29 13:14:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/08/29 12:03:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/08/28 21:43:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Renata\Desktop\OTL.exe

[2013/08/26 20:33:01 | 001,021,434 | ---- | C] (Thisisu) -- C:\Users\Renata\Desktop\JRT.exe

[2013/08/23 16:57:55 | 000,000,000 | ---D | C] -- C:\Users\Renata\Desktop\gmer

[2013/08/23 16:50:32 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Renata\Desktop\dds.scr

[2013/08/23 13:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hidro 1.2

[2013/08/23 13:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hidro 1.2

[2013/08/19 20:35:44 | 000,000,000 | R--D | C] -- C:\Users\Renata\Documents\Scanned Documents

[2013/08/19 20:35:44 | 000,000,000 | ---D | C] -- C:\Users\Renata\Documents\Fax

[2013/08/16 14:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative

[2013/08/13 09:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2013/08/09 18:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision

[2013/08/09 18:00:22 | 000,000,000 | ---D | C] -- C:\Users\Renata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcGIS License Manager 10 CRACKED

[2013/08/09 18:00:21 | 000,000,000 | ---D | C] -- C:\Cracked License Manager 10

[2013/08/09 16:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESRI

[2013/08/09 16:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ET GeoWizards 101

[2013/08/09 16:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ET SpatialTechniques

[2013/08/09 16:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2013/08/09 16:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared

[2013/08/09 16:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS

[2013/08/09 16:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 4.0

[2013/08/09 15:59:40 | 000,000,000 | ---D | C] -- C:\Python26

[2013/08/09 15:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Data Dynamics

[2013/08/09 15:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tom Sawyer Software

[2013/08/09 15:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcGIS

[2013/08/09 15:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcGIS

[2013/08/09 15:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2013/08/09 15:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server

[2013/08/09 15:57:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033

[2013/08/09 15:57:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033

[2013/08/09 15:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

[2013/08/09 15:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2013/08/09 15:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2013/08/09 14:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services

[2013/08/09 14:59:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2013/08/09 14:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework

[2013/08/09 14:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2013/08/09 14:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8

[2013/08/09 14:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services

[2013/08/09 14:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2013/08/09 14:54:41 | 000,000,000 | ---D | C] -- C:\Users\Renata\AppData\Local\Microsoft Help

[2013/08/09 14:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2013/08/09 14:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2013/08/09 14:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2013/08/09 14:54:07 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2013/08/09 14:47:00 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys

[2013/08/09 14:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

[2013/08/09 14:46:56 | 000,000,000 | ---D | C] -- C:\Users\Renata\AppData\Roaming\DAEMON Tools Lite

[2013/08/09 14:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite

[2013/08/09 14:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2013/08/09 13:55:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2013/08/09 13:55:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

========== Files - Modified Within 30 Days ==========

[2013/09/03 14:13:55 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/09/03 14:13:25 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\SysWow64\drivers\gbpndisrd.sys

[2013/09/03 14:13:25 | 000,010,266 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.cat

[2013/09/03 14:13:25 | 000,003,641 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.inf

[2013/09/03 14:13:25 | 000,001,814 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd_m.inf

[2013/09/03 14:13:25 | 000,001,402 | ---- | M] () -- C:\Windows\SysWow64\drivers\gas.cer

[2013/09/03 14:13:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/09/03 14:13:16 | 2049,458,175 | -HS- | M] () -- C:\hiberfil.sys

[2013/09/03 14:11:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/09/03 14:11:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/09/03 14:10:16 | 000,269,595 | ---- | M] () -- C:\Users\Renata\Desktop\Orientacoes-ClubedoHardware.jpg

[2013/09/03 09:41:40 | 003,463,045 | ---- | M] () -- C:\Users\Renata\Desktop\Apostila-Hidrologia_IPH.pdf

[2013/09/03 09:23:12 | 009,357,131 | ---- | M] () -- C:\Users\Renata\Desktop\Apostila-Hidrologia_WalterCollischonn-IPH.pdf

[2013/09/03 08:00:57 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/09/03 08:00:57 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/08/30 18:21:12 | 000,106,050 | ---- | M] () -- C:\Users\Renata\Desktop\escrivaninha2.jpg

[2013/08/30 18:19:37 | 000,018,755 | ---- | M] () -- C:\Users\Renata\Desktop\Escrivaninha1.jpg

[2013/08/29 22:05:53 | 001,628,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/08/29 22:05:53 | 000,703,580 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2013/08/29 22:05:53 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/08/29 22:05:53 | 000,146,366 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2013/08/29 22:05:53 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/08/29 09:13:21 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/08/28 21:43:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Renata\Desktop\OTL.exe

[2013/08/28 21:43:41 | 000,994,642 | ---- | M] () -- C:\Users\Renata\Desktop\AdwCleaner.exe

[2013/08/26 20:33:10 | 001,021,434 | ---- | M] (Thisisu) -- C:\Users\Renata\Desktop\JRT.exe

[2013/08/23 16:50:44 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Renata\Desktop\dds.scr

[2013/08/23 13:50:45 | 000,001,021 | ---- | M] () -- C:\Users\Renata\Desktop\Hidro 1.2.lnk

[2013/08/23 10:15:02 | 000,005,770 | ---- | M] () -- C:\Users\Renata\Desktop\pgto-BalcaoeCadeiras-BriqueCruzeiro-23ago13-Loiva-$640.pdf

[2013/08/19 20:38:35 | 001,650,469 | ---- | M] () -- C:\Users\Renata\Desktop\ContaLuz-Quitto-ago13.jpeg

[2013/08/13 21:56:11 | 001,596,864 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/08/12 20:44:06 | 000,467,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/08/09 18:00:22 | 000,001,709 | ---- | M] () -- C:\Users\Renata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArcGIS License Manager 10 CRACKED.lnk

[2013/08/09 14:51:04 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys

[2013/08/09 14:48:30 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

========== Files Created - No Company Name ==========

[2013/09/03 14:10:16 | 000,269,595 | ---- | C] () -- C:\Users\Renata\Desktop\Orientacoes-ClubedoHardware.jpg

[2013/09/03 09:41:40 | 003,463,045 | ---- | C] () -- C:\Users\Renata\Desktop\Apostila-Hidrologia_IPH.pdf

[2013/09/03 09:23:12 | 009,357,131 | ---- | C] () -- C:\Users\Renata\Desktop\Apostila-Hidrologia_WalterCollischonn-IPH.pdf

[2013/08/30 18:21:11 | 000,106,050 | ---- | C] () -- C:\Users\Renata\Desktop\escrivaninha2.jpg

[2013/08/30 18:19:37 | 000,018,755 | ---- | C] () -- C:\Users\Renata\Desktop\Escrivaninha1.jpg

[2013/08/28 21:43:23 | 000,994,642 | ---- | C] () -- C:\Users\Renata\Desktop\AdwCleaner.exe

[2013/08/23 13:50:45 | 000,001,021 | ---- | C] () -- C:\Users\Renata\Desktop\Hidro 1.2.lnk

[2013/08/23 10:15:02 | 000,005,770 | ---- | C] () -- C:\Users\Renata\Desktop\pgto-BalcaoeCadeiras-BriqueCruzeiro-23ago13-Loiva-$640.pdf

[2013/08/19 20:38:35 | 001,650,469 | ---- | C] () -- C:\Users\Renata\Desktop\ContaLuz-Quitto-ago13.jpeg

[2013/08/09 18:00:22 | 000,001,709 | ---- | C] () -- C:\Users\Renata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArcGIS License Manager 10 CRACKED.lnk

[2013/08/09 15:48:40 | 001,596,864 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/08/09 14:48:30 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2013/07/30 10:24:27 | 000,720,082 | ---- | C] () -- C:\Users\Renata\AppData\Roaming\unins000.exe

[2013/07/30 10:24:27 | 000,011,469 | ---- | C] () -- C:\Users\Renata\AppData\Roaming\unins000.dat

[2013/07/19 18:06:42 | 000,017,408 | ---- | C] () -- C:\Users\Renata\AppData\Local\WebpageIcons.db

[2013/07/19 16:27:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2013/07/19 16:25:02 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat

[2013/07/19 16:22:51 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll

[2013/07/19 16:22:51 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin

[2013/07/19 16:22:51 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin

[2013/07/19 16:22:51 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2013/07/19 16:22:51 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2013/07/19 16:22:51 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2013/07/19 16:22:51 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2013/07/19 16:07:27 | 000,103,832 | ---- | C] () -- C:\Users\Renata\GoToAssistDownloadHelper.exe

[2012/03/26 03:52:28 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/01/10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 02:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/09 14:51:55 | 000,000,000 | ---D | M] -- C:\Users\Renata\AppData\Roaming\DAEMON Tools Lite

[2013/08/30 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Renata\AppData\Roaming\ESRI

[2013/07/20 16:06:27 | 000,000,000 | ---D | M] -- C:\Users\Renata\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Renata\Desktop\ContaLuz-Quitto-ago13.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ahh, e só pra registrar, testei com um site que notei que costuma ser redirecionado pro bb e aconteceu de novo agora. =/

Que coisa isso. O que será que é?!

Renata

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara RenataDV

Reinstale seu navegador ;)

O que seria a unidade F:\

Acesse o site 4y6d3b8.gif" Jotti's malware scan "

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez:
    • C:\Cracked License Manager 10\ARCGIS.EXE

    [*]Clique no botão 688godt.jpg[*] O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes programas antivirus, por favor aguarde.[*] Copie e cole o(s) resultado(s).

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego!

Desinstalei e baixei e instaçei novamente o Google Chrome. Testei em alguns sites que costumava dar problema e não apresentaram problema até agora!

E sobre a unidade F:, é a unidade que está o ESRI, que não sei exatamente o que é mas foi criada ou gerada quando instalei o software de GIS que utilizo, o ArcGIS.

O resultado do sacn no Jotti's está abaixo.

Obrigada!

Renata

Agnitum

2013-09-04 Found nothing

Fortinet

2013-09-04 Found nothing

ArcaVir

2013-09-04 Found nothing

Frisk F-Prot Antivirus

2013-09-05 Found nothing

Avast! antivirus

2013-09-05 Found nothing

F-Secure Anti-Virus

2013-09-05 Found nothing

Grisoft AVG Anti-Virus

2013-09-05 Found nothing

G DATA

2013-09-05 Found nothing

Avira AntiVir

2013-09-05 Found nothing

Ikarus

2013-09-05 Found nothing

Softwin BitDefender

2013-09-05 Found nothing

Kaspersky Anti-Virus

2013-09-05 Found nothing

ClamAV

2013-09-05 PUA.Win32.Packer.HardlockDongle-1

Panda Antivirus

2013-09-04 Found nothing

CPsecure

2013-09-05 Found nothing

Quick Heal

2013-09-05 Found nothing

Dr.Web

2013-09-05 Found nothing

Sophos

2013-09-05 Found nothing

MicroWorld eScan

2013-09-05 Found nothing

Trend Micro Antivirus

2013-09-04 Found nothing

ESET

2013-09-05 Found nothing

VirusBlokAda VBA32

2013-09-05 Found nothing

Compartilhar este post


Link para o post
Compartilhar em outros sites
E sobre a unidade F:, é a unidade que está o ESRI, que não sei exatamente o que é mas foi criada ou gerada quando instalei o software de GIS que utilizo, o ArcGIS.
E esse programa, ele é confiável?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego!

O programa é seguro. A questão é que estou usando ele craqueado. =/

Será esse o problema?

Obrigada!

Renata

Compartilhar este post


Link para o post
Compartilhar em outros sites
O programa é seguro. A questão é que estou usando ele craqueado. =/

Será esse o problema?

Então, pelas regras usuários com programas crackeados tem seus tópicos apagados, pois não damos suporte e não concordamos com esse tipo de atitude. No seu caso já estamos em andamento então iremos continuar... ;)

Agora, crackear não é a mesma coisa que ter um programa legítimo, o programa pode não receber atualizações e ficar vulnerável, por exemplo.

Portanto, se ele é o problema, não posso afirmar, cabe você decidir... vamos continuar? :rolleyes:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

Qual a melhor forma de desinstalar ele, de forma que não fique nada no PC?

Tu acha que é esse o problema?

Obrigada

Renata

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego!

Iiiih, infelizmente já tentei a desinstalação via desinstalador do sistema do windows. Tem, problema?? O problema é que ficaram arquivos ainda no PC.

E já tentei usar o Revo anteriormente e não deu certo no meu PC. O que posso fazer pra apagar todos os registros e arquivos do programa??

Não sei porquê.

Desde que desinstalei e reinstalei o Google Chrome não ocorreu mais o problema de redirecionar para o site do BB. Será que está resolvido?

E tenho uma outra dúvida que queria ver se tu pode me esclarecer. Recebi anúncio do boletim do Clube do Hardware de promoção do Office na loja on line Loopin. E comop eu estava sem licença e queria comprar, aproveitei a oferta e comprei. Porém, o produto veio sem nota em outra embalagem, diferente da original. Instalei ele ontem e ao tentar inserir o serial que veio na embalagem, o programa não aceitou, acusando não ser uma chave válida. Tu sabes da seriedade dessa loja? Confiei pois recebi o anúncio de vocês e tb porque havia vários comentários de pessoas dizendo que era bom...

Agora estou preocupada se, além de talvez ter perdido o dinheiro, se de repente não tinha vírus no cd de instalação.

:o

Obrigada!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara RenataDV

Iiiih, infelizmente já tentei a desinstalação via desinstalador do sistema do windows. Tem, problema?? O problema é que ficaram arquivos ainda no PC.

E já tentei usar o Revo anteriormente e não deu certo no meu PC. O que posso fazer pra apagar todos os registros e arquivos do programa??

Faça um novo log com o OLT, poste aqui que eu removo o resto dele ;)
Desde que desinstalei e reinstalei o Google Chrome não ocorreu mais o problema de redirecionar para o site do BB. Será que está resolvido?
Creio que sim :)

Porém, o produto veio sem nota em outra embalagem, diferente da original. Instalei ele ontem e ao

tentar inserir o serial que veio na embalagem, o programa não aceitou, acusando não ser uma chave válida. Tu sabes da seriedade dessa loja? Confiei pois recebi o anúncio de vocês e tb porque havia vários comentários de pessoas dizendo que era bom...

Agora estou preocupada se, além de talvez ter perdido o dinheiro, se de repente não tinha vírus no cd de instalação.

Vou avisar a Administração do fórum ;)

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego

Acho que não precisarei mais de ajuda.

Infelizmente, estou com problemas com meu note da Dell há meses e hoje veio um técnico de novo e trocou a placa mãe e formatou o sistema (o C:), onde eu tinha os programas. Só ficaram os dados, já que eu tenho o HD compartimentado. Aí acho que se tinha alguma coisa caiu fora, né?

Mas muito obrigada pela ajuda mesmo!

E deem uma cuidada com essa loja Loopin mesmo, pois eles ainda não resolveram o meu problema.

Att

Renata

Compartilhar este post


Link para o post
Compartilhar em outros sites
Aí acho que se tinha alguma coisa caiu fora, né?
Sim :)
E deem uma cuidada com essa loja Loopin mesmo, pois eles ainda não resolveram o meu problema.
Entrei em contato com a responsável do Clube do Hardware que por sua vez contatou a loja. Por acaso teve algum retorno da mesma?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×