Ir ao conteúdo
  • Cadastre-se
RF Carvalho

remover ATAJITOS Chrome / IE

Recommended Posts

Caro RF Carvalho

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 

Qual erro que aparece?

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, obrigada pelo retorno rápido. 

Fui premiada com o tal ATAJITOS quando baixei um editor de músicas.

Agora tanto o IE qto o Google Chrome abrem com o tal site e não adianta mudar em configurações porque aparece que "as configurações são aplicadas pelo administrador".

Li como proceder antes de abrir o tópico e já baixei o ZA-Scan mas não consegui anexar o arquivo .txt na primeira mensagem. 

Aproveito pra enviar agora. 

 

 

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara RF Carvalho

 

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.



# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.



# Etapa nº 3 #

Abra o Bloco de Notas e crie um arquivo chamado zascript.txt
Salve em sua área de trabalho (Desktop);
Copie todo o conteúdo abaixo e cole no aquivo criado acima:

c:\users\usuario\appdata\roaming\bb1f68c4-1425863964-5045-aa9e-00e0914e52e6\jnsf5c04.tmp;fsgulykihu;s standardsearch;torpigcheck;services-list;installedprogs;msconfigcheck;emptyfolderscheck;delete;srinfo;emptyclsid;emptyalltemp;createsrpoint;

Novamente, execute o ZA-Scan e aguarde.
Poste o novo log.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

caramba...tá difícil aqui...internet não tá ajudando. :( 

bom, vamos ver se consegui fazer tudo certinho  ;)

na torcida  :D

 

 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Basic x64
Ran by Usuario on 12/03/2015 at  0:09:48,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\baidu security"
Successfully deleted: [Folder] "C:\Program Files (x86)\predm"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/03/2015 at  0:18:39,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v4.112 - Logfile created 12/03/2015 at 00:58:23
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Local]
# Operating system : Windows 7 Home Basic Service Pack 1 (x64)
# Username : Usuario - USUARIO-PC
# Running from : D:\Users\Usuario\Desktop\adwcleaner_4.112.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Google Chrome v41.0.2272.89
 
 
*************************
 
AdwCleaner[R0].txt - [952 bytes] - [12/03/2015 00:27:58]
AdwCleaner[R1].txt - [868 bytes] - [12/03/2015 00:56:24]
AdwCleaner[s0].txt - [977 bytes] - [12/03/2015 00:49:35]
AdwCleaner[s1].txt - [796 bytes] - [12/03/2015 00:58:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [854  bytes] ##########
 
 
ZA-Scan V1.0.0.4 Updated 11-March-2015
Tool run by Usuario on 12/03/2015 at  1:14:26,19.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Usuario\Desktop\ZA-Scan.exe [Z-Analyse Scan]
 
==== Running Processes ======================
 
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
D:\Users\Usuario\Desktop\ZA-Scan.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Usuario\AppData\Local\Temp\ZAScan.exe
 
==== Drivers(whitelist) ======================
Powered by E Dev
 
R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys
R0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys
R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wd] - Driver de Watchdog da Microsoft - C:\Windows\system32\Drivers\Wd.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-2805126714-2820243177-176866361-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT EPLTarget\P0000000000000000 /M XP-211 214 216 Series /EF HKCU"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"YouCam Mirage"="C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"YouCam Tray"="C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe /s"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT EPLTarget\P0000000000000000 /M XP-211 214 216 Series /EF HKCU"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"3D BubbleSound"="C:\Program Files\BubbleSound\3D BubbleSound.exe"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BDRegion]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BDRegion"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Cyberlink\\Shared files\\brs.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Diebold - Warsaw]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Diebold - Warsaw"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Diebold\\Warsaw\\core.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RemoteControl10"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD10\\PDVD10Serv.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]
 
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05/02/2015 20:33]
C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS.exe []
C:\Windows\tasks\EPSON XP-211 214 216 Series Invitation {2B42C60A-1591-4497-BF93-2A9D31D340DC}.job --a------ C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.exe [28/02/2013 00:20]
C:\Windows\tasks\EPSON XP-211 214 216 Series Update {2B42C60A-1591-4497-BF93-2A9D31D340DC}.job --a------ C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.exe [28/02/2013 00:20]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/03/2015 12:39]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/03/2015 12:39]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\EPSON XP-211 214 216 Series Invitation {2B42C60A-1591-4497-BF93-2A9D31D340DC}" [C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE]
"C:\Windows\SysNative\tasks\EPSON XP-211 214 216 Series Update {2B42C60A-1591-4497-BF93-2A9D31D340DC}" [C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\{F67277B5-5A0C-4140-A7C0-F5A9582E2E9D}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [09/03/2015 22:08]
 
==== Chromium Look ======================
 
Google Chrome Version: 41.0.2272.89 (Up to date, latest Stable version: 41.0.2272.89)
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[16/12/2014 13:34]
 
Google Docs - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast Online Security - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki
GBBD Guardião - Itaú 30 horas - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Google Wallet - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{2BEEA6B3-961B-4FE2-88CD-856FA066ADEF} Google  Url="https://www.google.com/search?q={searchTerms}"
 
==== HijackThis Entries ======================
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
 
==== EOF on 12/03/2015 at  1:16:45,48 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Repita a etapa 3, pois, aparentemente, o ZA-Scan não identificou o script. Veja se não deixou escapar nada! ;)

 

Aviso: Amanhã terei que fazer uma viagem, retornando somente na segunda-feira, dia 16. Me aguarde! Conforme for, ainda hoje retorno aqui no fórum. ;)

Compartilhar este post


Link para o post
Compartilhar em outros sites

e lá vamos nós....de novo =P

segue log

ZA-Scan V1.0.0.4 Updated 11-March-2015
Tool run by Usuario on 12/03/2015 at 12:17:46,17.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Usuario\Desktop\ZA-Scan.exe
Script used: D:\Users\Usuario\Desktop\zascript.txt

==== System Restore Info ======================

12/03/2015 12:19:13 Zoek.exe System Restore Point Created Succesfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\GbExplorerPersistObj {32A5804C-50B2-4295-8252-C32751FE0008} undetermined path
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll


==== Empty Folders Check ======================

C:\Users\Usuario\AppData\Roaming\ntsvc deleted successfully

==== Installed Programs ======================

Adobe AIR  
Adobe Flash Player 16 ActiveX  
Adobe Shockwave Player 12.1  
Aplicativo Ita£  
Avast Free Antivirus  
Cisco EAP-FAST Module  
Cisco LEAP Module  
Cisco PEAP Module  
CyberLink PowerDVD 10  
CyberLink YouCam  
Epson Customer Participation  
Epson E-Web Print  
Epson Easy Photo Print 2  
Epson Event Manager  
EPSON Scan  
EPSON XP-211 214 216 Series Printer Uninstall  
EpsonNet Print  
Foxit Reader  
Google Chrome  
Google Update Helper  
GuardiÆo - Ita£ 30 horas  
Intel® Processor Graphics  
Java 8 Update 25  
Java Auto Updater  
Malwarebytes Anti-Malware versÆo 2.0.4.1028  
Manual Epson XP-211_214 versÆo 1.0  
Microsoft .NET Framework 4.5.1  
Microsoft .NET Framework 4.5.1 (Portuguˆs do Brasil)  
Microsoft .NET Framework 4.5.1 (PTB)  
Microsoft Office Access MUI (Portuguese (Brazil)) 2010  
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010  
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010  
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010  
Microsoft Office Office 32-bit Components 2010  
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010  
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010  
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010  
Microsoft Office Professional Plus 2010  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (Portuguese (Brazil)) 2010  
Microsoft Office Proof (Spanish) 2010  
Microsoft Office Proofing (Portuguese (Brazil)) 2010  
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010  
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010  
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010  
Microsoft Office Word MUI (Portuguese (Brazil)) 2010  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Ralink RT2860 Wireless LAN Card  
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)  
SkypeT 7.0  
Software Updater  
Songr  
swMSM  
VLC media player  
Warsaw 1.3.1  
WinRAR 5.20 (64-bit)  

==== Running Processes ======================

C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
D:\Users\Usuario\Desktop\ZA-Scan.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Usuario\AppData\Local\Temp\ZAScan.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [EpsonCustomerParticipation] - EpsonCustomerParticipation - c:\program files\epson\epsoncustomerparticipation\epcp.exe
R2 - [EpsonScanSvc] - Epson Scanner Service - c:\windows\system32\escsvc64.exe
R2 - [GbpSv] - Gbp Service - c:\progra~2\gbplugin\gbpsv.exe
R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
R2 - [Warsaw Technology] - Warsaw Technology - c:\program files (x86)\diebold\warsaw\core.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe
R3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
R3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [skypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files\microsoft office\office14\groove.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [sNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

c:\users\usuario\appdata\roaming\bb1f68c4-1425863964-5045-aa9e-00e0914e52e6\jnsf5c04.tmp not found

==== System Specs ======================

Windows: Windows 7 Home Basic Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4044 MB
CPU Info: Intel® Core i3-2330M CPU @ 2.20GHz
CPU Speed: 2201,8 MHz
Sound Card: Alto-falantes (Dispositivo de H |
Display Adapters: Intel® HD Graphics 3000 | Intel® HD Graphics 3000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Monitor Genérico PnP |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8188CE Wireless LAN 802.11n COMBO PCI-E NIC | Atheros AR8151 PCI-E Gigabit Ethernet Controller | Dispositivo Bluetooth (Rede Pessoal)
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT32N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  141,0GB | D:  140,6GB
Hard Disks - Free: C:  38,9GB | D:  122,1GB
Manufacturer *: INSYDE
BIOS Info: AT/AT COMPATIBLE | 12/13/11 | LGE    - 1
Time Zone: Hora oficial do Brasil
Motherboard *: Quanta LG2
Country: Brasil
Language: PTB

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Google Chrome    41.0.2272.89
Internet Explorer Version: 11.0.9600.17691
Google Chrome version: 41.0.2272.89
Sun Java version: 1.8.0_25 (32-bit)
Sun Java version: 1.8.0_25 (64-bit)
Shockwave Player version: 12.1.4r154

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Usuario\AppData\Local\Temp ====
2015-03-12 15:17:13    8377C99BF813BE986D07730F5C433382    68096    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\ZAScan.exe
2015-03-12 03:09:14    E0DC8C6BBC787B972A9A468648DBFD85    1008128    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\libiconv2.dll
2015-03-12 03:09:14    D202BAA425176287017FFE1FB5D1B77C    103424    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\libintl3.dll
2015-03-12 03:09:14    57CAC848FA14AE38F14F9441F8933282    140288    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\pcre3.dll
2015-03-12 03:09:14    547C43567AB8C08EB30F6C6BACB479A3    79360    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\regex2.dll
2015-03-11 13:08:26    C2BFEFC514E2FBE9AFD14338861855CE    17907712    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\SkypeSetup.exe
2015-03-10 02:38:44    DA82141065D68B1E973BE3F03E0B7E31    9369880    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\EPSON\Download\Resource\FWG825TL_OD04EC.exe
2015-03-10 01:07:10    F9EA78A6C14E0313E6C0A3E14DEDD441    9170416    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\EPSON\Download\Resource\E-WebPrint_12200_ALL_31.exe
2015-03-10 00:43:14    0E8EA0B94B22A1B33B732C27512933C4    6146328    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\EPSON\Download\Resource\CESU4360.exe
2015-03-09 01:25:58    FBF2520745F6E65B253A7EDE468A2670    497016    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\setup_557.exe
2015-03-09 01:19:42    EB1E08A649A1B6E4E86F98370F3908B7    38540192    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\1.tmp.exe
2015-03-09 01:17:44    FD60E0C358982B37EB0BCCC31CA74DDE    23662328    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.9.107990.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-03-12 03:40:54    FDF0B4DC83627A859D18EE439B8E5A26    47616    ----a-w-    C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-12 03:40:54    B8445B89D0EA5C2575C98EA7BD180C5C    30720    ----a-w-    C:\Windows\SysWOW64\iernonce.dll
2015-03-12 03:40:54    6108ED659B5962DE73DACB3B04D86ED3    64000    ----a-w-    C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 03:40:54    00F39165D6D14302618C20CDD7BB213A    76288    ----a-w-    C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 03:40:53    B35C35C55FED3DD7F995C77F63CBC29B    1311232    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2015-03-12 03:40:53    AD1BA932AC31D2BC8C9105DA59BEA6BE    689152    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 03:40:53    AD13E719AE506AA0E0BB5D49E0D5B44A    285696    ----a-w-    C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 03:40:53    95CB6079B3E62D4301958023C2070A48    19720192    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2015-03-12 03:40:53    8FDE1162C9DCF7B180AA702DD9EB6071    60416    ----a-w-    C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-12 03:40:53    29EDBC5C381F1406A5262351E69BC87A    342696    ----a-w-    C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 03:40:51    F5F730ED126DCFBEBDB9BB629BD482C4    620032    ----a-w-    C:\Windows\SysWOW64\jscript9diag.dll
2015-03-12 03:40:51    BD838E2129623E8311720AA86C5DFBBF    62464    ----a-w-    C:\Windows\SysWOW64\iesetup.dll
2015-03-12 03:40:51    A41C85FDB2275FA9AAA821A118807FDB    710144    ----a-w-    C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 03:40:51    A34897A1A39316BDECCA3E61986F98F2    2052608    ----a-w-    C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 03:40:51    988AB676FBF4484508BA134CAAB711EB    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2015-03-12 03:40:51    756B4F77945C61ADBE68150D7D2EC7A6    47104    ----a-w-    C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 03:40:51    52B4DECDC70B8758380D37EA2CDD4254    2278400    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2015-03-12 03:40:51    08B30EB9751858C1C369E8775492D732    2724864    ----a-w-    C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 03:40:50    E868396BC5F8957A9E39BD9A28EA814D    12827648    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2015-03-12 03:40:50    BA10D970EB39913357B224F4473D535B    418304    ----a-w-    C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 03:40:50    AC35DA94A14679E8E515A44A8CF90804    478208    ----a-w-    C:\Windows\SysWOW64\ieui.dll
2015-03-12 03:40:49    02C0770DA3BE9231EFAF7185EE51020C    1155072    ----a-w-    C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-12 03:40:48    FC5FE9F2D140435FC95CB3EF6724EF0A    4300288    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2015-03-12 03:40:48    EA6EA6912F27F05C61D8D747517EB47E    1888256    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2015-03-12 03:40:48    BC9CE46C3F05CCC40F8F1EFC7E4B41C7    503296    ----a-w-    C:\Windows\SysWOW64\vbscript.dll
2015-03-12 03:40:48    B0B83B31853E15C619FDB91B64F8349A    168960    ----a-w-    C:\Windows\SysWOW64\msrating.dll
2015-03-12 03:25:47    84B460BB65567ED42DD605FA044DB370    828928    ----a-w-    C:\Windows\SysWOW64\msctf.dll
2015-03-12 03:25:45    5F3628DCF926C4499BE1DC74431DFBC8    1230848    ----a-w-    C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 03:24:42    D5063B86DC3F85B93D02AF68099F4C9A    248832    ----a-w-    C:\Windows\SysWOW64\schannel.dll
2015-03-12 03:24:41    C7D334A01C66BF07B92D04CD7A981B7F    259584    ----a-w-    C:\Windows\SysWOW64\msv1_0.dll
2015-03-12 03:24:41    B06A4105DD22E91A1D922D7310803140    65536    ----a-w-    C:\Windows\SysWOW64\TSpkg.dll
2015-03-12 03:24:41    84974782ED5D108DA2EFAF3C6534A760    22016    ----a-w-    C:\Windows\SysWOW64\secur32.dll
2015-03-12 03:24:41    7A71DA6D6F75AB73475128F787DD8EAD    221184    ----a-w-    C:\Windows\SysWOW64\ncrypt.dll
2015-03-12 03:24:41    69925A266D265DAD96C6FCBB861FA5CD    550912    ----a-w-    C:\Windows\SysWOW64\kerberos.dll
2015-03-12 03:24:41    5E76C26CAE2810EA71C161ED9A2CF0D1    50176    ----a-w-    C:\Windows\SysWOW64\auditpol.exe
2015-03-12 03:24:41    4E15E2D20AE755FDEACD96F359F732DB    172032    ----a-w-    C:\Windows\SysWOW64\wdigest.dll
2015-03-12 03:24:41    30F5B3E28636009A0B194057AAE4392A    17408    ----a-w-    C:\Windows\SysWOW64\credssp.dll
2015-03-12 03:24:41    04934912B1317F2F8816208067A32B96    96768    ----a-w-    C:\Windows\SysWOW64\sspicli.dll
2015-03-12 03:24:40    ACD0CA819E279E1C17BE5C8A077EF448    146432    ----a-w-    C:\Windows\SysWOW64\msaudite.dll
2015-03-12 03:24:40    7407DDA27838C393DE67A0BDCDD044D0    60416    ----a-w-    C:\Windows\SysWOW64\msobjs.dll
2015-03-12 03:24:40    0485899A035E02C53014C0545D912405    686080    ----a-w-    C:\Windows\SysWOW64\adtschema.dll
2015-03-12 03:23:14    ABB358777FDF4AF51B2FE26137D2B8D4    70656    ----a-w-    C:\Windows\SysWOW64\fontsub.dll
2015-03-12 03:23:14    965D6A2B30A95A9F7EF13653988D3D9F    299008    ----a-w-    C:\Windows\SysWOW64\atmfd.dll
2015-03-12 03:23:14    55273844B66D77A2F1A2213C17A9EA4A    34304    ----a-w-    C:\Windows\SysWOW64\atmlib.dll
2015-03-12 03:23:14    274F0540FD4C88FC845C94CA1569688A    10240    ----a-w-    C:\Windows\SysWOW64\dciman32.dll
2015-03-12 03:23:14    01D9C9A70323BC7E5835B92442DD7EC2    25600    ----a-w-    C:\Windows\SysWOW64\lpk.dll
2015-03-12 03:22:42    DCC148408770F2D55B201F8FC26438A1    988160    ----a-w-    C:\Windows\SysWOW64\drmv2clt.dll
2015-03-12 03:22:42    003C51B9FE38287BA4E0E58D3AE080BD    744960    ----a-w-    C:\Windows\SysWOW64\blackbox.dll
2015-03-12 03:22:40    833FCABCB5D95B1911BA6E62FC82AC04    617984    ----a-w-    C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-12 03:22:40    5B0C6247027FCF5A2E2F150E298D2FFA    3209728    ----a-w-    C:\Windows\SysWOW64\mf.dll
2015-03-12 03:22:39    B378B6A865C28CE5C1E23C35760A1199    11411968    ----a-w-    C:\Windows\SysWOW64\wmp.dll
2015-03-12 03:22:37    BB73C907D1BD437B6C30F2C23BB089FC    406016    ----a-w-    C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-12 03:22:36    74264B7F57A16D25CB581C07964D324A    1174528    ----a-w-    C:\Windows\SysWOW64\crypt32.dll
2015-03-12 03:22:35    6C2D4DC5D2E271F4AE4016FD4587B0B2    3973048    ----a-w-    C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-12 03:22:34    2CFE69A0A8AFDA8DB9A773D728000BB7    3917760    ----a-w-    C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-12 03:22:32    2D4814D567E5A85C473228BA772A7AFB    489984    ----a-w-    C:\Windows\SysWOW64\evr.dll
2015-03-12 03:22:31    96DB6A923DEDB58FC7CBBF5CFF73314D    1329664    ----a-w-    C:\Windows\SysWOW64\quartz.dll
2015-03-12 03:22:30    C5667EE72D7364BE81516C0707FEF724    354816    ----a-w-    C:\Windows\SysWOW64\mfplat.dll
2015-03-12 03:22:30    B7D2BB84C590F0AE9DA51DBB065A780E    1005056    ----a-w-    C:\Windows\SysWOW64\cryptui.dll
2015-03-12 03:22:29    B54FD1991E659FD61EF1D34EC27AAECD    81408    ----a-w-    C:\Windows\SysWOW64\cryptsp.dll
2015-03-12 03:22:26    D5EC42139D6A6158CF188975C50B6A60    179200    ----a-w-    C:\Windows\SysWOW64\wintrust.dll
2015-03-12 03:22:26    98C1191C862B44567FCF3C18BAEE859E    519680    ----a-w-    C:\Windows\SysWOW64\qdvd.dll
2015-03-12 03:22:26    3BAA4BAE71460C5CEB40D5E9339A61BC    103936    ----a-w-    C:\Windows\SysWOW64\cryptnet.dll
2015-03-12 03:22:26    320A8699369C43CF53B2DB4538D17C52    504320    ----a-w-    C:\Windows\SysWOW64\msscp.dll
2015-03-12 03:22:25    70E96EBE87A38857619671FCB9C8EC7B    265216    ----a-w-    C:\Windows\SysWOW64\msnetobj.dll
2015-03-12 03:22:25    49474B3E37969AF4B5C076F42B623AFF    143872    ----a-w-    C:\Windows\SysWOW64\cryptsvc.dll
2015-03-12 03:22:24    2D21189858856316D55EAD55DF4964C2    374784    ----a-w-    C:\Windows\SysWOW64\AudioEng.dll
2015-03-12 03:22:24    08FF727297A97907AADED4BA86CF44E9    50176    ----a-w-    C:\Windows\SysWOW64\rrinstaller.exe
2015-03-12 03:22:23    A56F4029FDCF4F817E78953CDA953E28    442880    ----a-w-    C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-12 03:22:22    E0AB9CA912398BE1AAD14FF7AD75C397    50688    ----a-w-    C:\Windows\SysWOW64\appidapi.dll
2015-03-12 03:22:22    AF47EAA4ADDA9AA221FB7647EE22BF53    103424    ----a-w-    C:\Windows\SysWOW64\mfps.dll
2015-03-12 03:22:22    50B8937A81360D16A5C772302BD32CFE    195584    ----a-w-    C:\Windows\SysWOW64\AudioSes.dll
2015-03-12 03:22:21    A4A2EFB40015B76467F09E6DC388BC26    43008    ----a-w-    C:\Windows\SysWOW64\srclient.dll
2015-03-12 03:22:21    49F4EE8DF752CFA159B99046CD1FDD2B    23040    ----a-w-    C:\Windows\SysWOW64\mfpmp.exe
2015-03-12 03:22:20    FCD5137A10C8943B34C9BE891C50159F    6656    ----a-w-    C:\Windows\SysWOW64\apisetschema.dll
2015-03-12 03:22:20    D3916F83AC8F2314262387A2E16C6578    4096    ----a-w-    C:\Windows\SysWOW64\msdxm.ocx
2015-03-12 03:22:20    D3916F83AC8F2314262387A2E16C6578    4096    ----a-w-    C:\Windows\SysWOW64\dxmasf.dll
2015-03-12 03:22:20    8B07DBA0D77346545C6359AC67DCB980    8192    ----a-w-    C:\Windows\SysWOW64\spwmp.dll
2015-03-12 03:22:20    7C1CADCA0E674212412559B0EAD0919A    12625408    ----a-w-    C:\Windows\SysWOW64\wmploc.DLL
2015-03-12 03:22:19    2F3CE58D8C276570EEB69C99CFBAFD58    2048    ----a-w-    C:\Windows\SysWOW64\mferror.dll
2015-03-12 03:19:39    9566C8BBD2271A7962D4432A624762AD    417792    ----a-w-    C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 03:18:49    B804EAA9E037580F96C22537C2ECB62A    171520    ----a-w-    C:\Windows\SysWOW64\ubpm.dll
2015-03-12 03:17:35    340EECB781E6C06A6171B3068DA208AD    12875264    ----a-w-    C:\Windows\SysWOW64\shell32.dll
2015-02-27 13:44:39    3B9E2AB1F3ABC53D4A423E699EB625C8    419936    ----a-w-    C:\Windows\SysWOW64\locale.nls
====== C:\Windows\SysWOW64\drivers =====

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

====== C:\Windows\Sysnative =====
2015-03-12 03:40:54    2CA6A98547E799812489E5ADF2774D97    114688    ----a-w-    C:\Windows\Sysnative\ieetwcollector.exe
2015-03-12 03:40:54    289581F0FDA6B93A0FAFE979486AD6FA    48640    ----a-w-    C:\Windows\Sysnative\ieetwproxystub.dll
2015-03-12 03:40:53    D3EA5B5E606EF17804B5BF565BEAD937    77824    ----a-w-    C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-03-12 03:40:53    D2BF72C0A9E26BE91C1DEEACF7C430E0    34304    ----a-w-    C:\Windows\Sysnative\iernonce.dll
2015-03-12 03:40:53    7FA2B43D940DF41E46B8049B59AB6639    718848    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2015-03-12 03:40:53    08892A4ED848386E6B901723C1EF611B    2724864    ----a-w-    C:\Windows\Sysnative\mshtml.tlb
2015-03-12 03:40:51    F5E5E96E188934BAB22C0916C91F46B3    4096    ----a-w-    C:\Windows\Sysnative\ieetwcollectorres.dll
2015-03-12 03:40:51    585B29EFB4954902FD53C4F8F9A0D39F    389800    ----a-w-    C:\Windows\Sysnative\iedkcs32.dll
2015-03-12 03:40:51    501A38B72FA264605123B4FACF53F057    1548288    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2015-03-12 03:40:50    D0767EA3A59FA70C7ACF59EE0C8CD42A    66560    ----a-w-    C:\Windows\Sysnative\iesetup.dll
2015-03-12 03:40:50    9E9B757A677927110393A505822D9174    800768    ----a-w-    C:\Windows\Sysnative\ieapfltr.dll
2015-03-12 03:40:50    80B3AD73027A2CCD42C47EBF5C89124F    316928    ----a-w-    C:\Windows\Sysnative\dxtrans.dll
2015-03-12 03:40:50    5443F21A33DB376734DBE47F7635542C    801280    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2015-03-12 03:40:50    132862B0FC4A1B7CB45C274DE169DBB2    968704    ----a-w-    C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-03-12 03:40:49    62269DEFF17AB006217330A24EA8577B    2886144    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2015-03-12 03:40:49    22C4867C690C38B18B2C1A0B072CD0C4    2125824    ----a-w-    C:\Windows\Sysnative\inetcpl.cpl
2015-03-12 03:40:48    A1264D16AF506125C974775C833A063C    54784    ----a-w-    C:\Windows\Sysnative\jsproxy.dll
2015-03-12 03:40:48    76B53D2150284E138B46410EA54967FA    490496    ----a-w-    C:\Windows\Sysnative\dxtmsft.dll
2015-03-12 03:40:48    1EC0BF321D3B14D02B9A8BAC134570F4    144384    ----a-w-    C:\Windows\Sysnative\ieUnatt.exe
2015-03-12 03:40:47    FB8C4EE9889790466A0174923410649E    633856    ----a-w-    C:\Windows\Sysnative\ieui.dll
2015-03-12 03:40:47    D373113A84C12BA7F07CE1E9CAF4747F    92160    ----a-w-    C:\Windows\Sysnative\mshtmled.dll
2015-03-12 03:40:47    4870B24EA7D4EEF5E1C4675AC47796B8    1359360    ----a-w-    C:\Windows\Sysnative\mshtmlmedia.dll
2015-03-12 03:40:47    2335F6BF8A127E31EB0E2D9A82F188A0    14398976    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2015-03-12 03:40:46    A9190899A35431CF8ABBEF5E1BB0C8F9    814080    ----a-w-    C:\Windows\Sysnative\jscript9diag.dll
2015-03-12 03:40:46    687E11F36832BFF65EF0CD2FA3DB1966    584192    ----a-w-    C:\Windows\Sysnative\vbscript.dll
2015-03-12 03:40:46    40DF85D8B2B0171EF5F23AA1B5CD9A62    6035456    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2015-03-12 03:40:46    36F99BD8A0F09BDBB7850A138845A014    2358784    ----a-w-    C:\Windows\Sysnative\wininet.dll
2015-03-12 03:40:45    667229C8F194D619D12F05943D7F61F0    199680    ----a-w-    C:\Windows\Sysnative\msrating.dll
2015-03-12 03:40:45    1C393E42928BF55B3796E732B678CD5B    88064    ----a-w-    C:\Windows\Sysnative\MshtmlDac.dll
2015-03-12 03:40:45    1193400D8E29A5A010135FB09A4EB1E8    25021440    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2015-03-12 03:25:47    E88A78273D429554B6B2D2BDA945ED9B    1067520    ----a-w-    C:\Windows\Sysnative\msctf.dll
2015-03-12 03:25:46    0A4D03A4C0F908B15B8A4C48FB18F197    1424896    ----a-w-    C:\Windows\Sysnative\WindowsCodecs.dll
2015-03-12 03:25:42    A0DEE06D68F210CA090FD4D9A33CDC12    3204096    ----a-w-    C:\Windows\Sysnative\win32k.sys
2015-03-12 03:24:51    B5CBA15C9DEDBE914D24AA1494A82DF5    3179520    ----a-w-    C:\Windows\Sysnative\rdpcorets.dll
2015-03-12 03:24:51    35308B0F821CE1E8EDC2FAB96F3073F3    16384    ----a-w-    C:\Windows\Sysnative\RdpGroupPolicyExtension.dll
2015-03-12 03:24:51    15C3986C015EA186BCB4E6096528D656    243200    ----a-w-    C:\Windows\Sysnative\rdpudd.dll
2015-03-12 03:24:43    3807605BDA83C0DA729A5219CEBB9041    341504    ----a-w-    C:\Windows\Sysnative\schannel.dll
2015-03-12 03:24:42    DB2904A4CEBC39DF8892A613BEC71512    1461760    ----a-w-    C:\Windows\Sysnative\lsasrv.dll
2015-03-12 03:24:41    FB95F6E11AAD62F24C2DB01E6E9D7BE7    64000    ----a-w-    C:\Windows\Sysnative\auditpol.exe
2015-03-12 03:24:41    E1404987DCD392AF9D67F6A26CE21175    86528    ----a-w-    C:\Windows\Sysnative\TSpkg.dll
2015-03-12 03:24:41    B6C7729936AAF8E0697F0A7DCA82CED8    31232    ----a-w-    C:\Windows\Sysnative\lsass.exe
2015-03-12 03:24:41    9B644AC070576AAE701910874C241DBD    210944    ----a-w-    C:\Windows\Sysnative\wdigest.dll
2015-03-12 03:24:41    92F920EE9EAF7306B4AB8124D474AB52    22016    ----a-w-    C:\Windows\Sysnative\credssp.dll
2015-03-12 03:24:41    7BC39275661EA7DEE54135AA26DF733E    136192    ----a-w-    C:\Windows\Sysnative\sspicli.dll
2015-03-12 03:24:41    65CF54B1D8CB1B085B6D8BC210E2C45F    686080    ----a-w-    C:\Windows\Sysnative\adtschema.dll
2015-03-12 03:24:41    6536829F6EA1149527728A210F493B79    314880    ----a-w-    C:\Windows\Sysnative\msv1_0.dll
2015-03-12 03:24:41    54CD467B3A6DA02E9449DB7FB1830612    29184    ----a-w-    C:\Windows\Sysnative\sspisrv.dll
2015-03-12 03:24:41    473BCBFFC55C9FE33D502035322E759D    28160    ----a-w-    C:\Windows\Sysnative\secur32.dll
2015-03-12 03:24:41    28CC69865D5DC458EDDCEA35F01D71DA    309760    ----a-w-    C:\Windows\Sysnative\ncrypt.dll
2015-03-12 03:24:41    1DB278E5834B08F9A184F953F2D31FF7    728064    ----a-w-    C:\Windows\Sysnative\kerberos.dll
2015-03-12 03:24:40    543553AD3E30CB261C8B436DF644F23E    60416    ----a-w-    C:\Windows\Sysnative\msobjs.dll
2015-03-12 03:24:40    378B175D0F0A1C38026F280BF6C8D0C6    146432    ----a-w-    C:\Windows\Sysnative\msaudite.dll
2015-03-12 03:23:15    1307814243F21EB129852D59B5AB37FB    372224    ----a-w-    C:\Windows\Sysnative\atmfd.dll
2015-03-12 03:23:14    F351B0E520502552734BE70AA5940784    41984    ----a-w-    C:\Windows\Sysnative\lpk.dll
2015-03-12 03:23:14    DB0BD8B8D68D8211CA23FBE52DACE549    14336    ----a-w-    C:\Windows\Sysnative\dciman32.dll
2015-03-12 03:23:14    85D3E918658C2766780F7DEE5F8FBE57    46080    ----a-w-    C:\Windows\Sysnative\atmlib.dll
2015-03-12 03:23:14    39A108604F51821F6F4E2001E9A1CB60    100864    ----a-w-    C:\Windows\Sysnative\fontsub.dll
2015-03-12 03:22:42    DF6104DCED89E13A78BA5539CEF5100A    1202176    ----a-w-    C:\Windows\Sysnative\drmv2clt.dll
2015-03-12 03:22:42    A53A63831185FF5339E76221BE45E6B9    842240    ----a-w-    C:\Windows\Sysnative\blackbox.dll
2015-03-12 03:22:41    BD311BB00DD0D656C091AC8888C2369D    14632960    ----a-w-    C:\Windows\Sysnative\wmp.dll
2015-03-12 03:22:40    FDA5F186596288F0B9ECE9DC7A5AA868    5554104    ----a-w-    C:\Windows\Sysnative\ntoskrnl.exe
2015-03-12 03:22:40    7F4D59E70DD6E757E96B40570B498D5C    782848    ----a-w-    C:\Windows\Sysnative\wmdrmsdk.dll
2015-03-12 03:22:38    B2F02AB28864B6D5B5B9BEDA565D41BB    497664    ----a-w-    C:\Windows\Sysnative\drmmgrtn.dll
2015-03-12 03:22:38    3FECBED0EACABD22E024EF4E50CF987B    1480192    ----a-w-    C:\Windows\Sysnative\crypt32.dll
2015-03-12 03:22:36    8DFDB70E3E56C2F1AE09CB3C03E266E5    1574400    ----a-w-    C:\Windows\Sysnative\quartz.dll
2015-03-12 03:22:36    5FFEE6CA63E27CBA1F32002743E58F3C    631808    ----a-w-    C:\Windows\Sysnative\evr.dll
2015-03-12 03:22:33    410F6B1BE785F3630B4782F8E3D85A24    1069056    ----a-w-    C:\Windows\Sysnative\cryptui.dll
2015-03-12 03:22:31    6AEEC5677AD522786CED371A7BEE620C    616360    ----a-w-    C:\Windows\Sysnative\winresume.efi
2015-03-12 03:22:31    0BC72EA80234382701EAFC1BE0ECD7E4    432128    ----a-w-    C:\Windows\Sysnative\mfplat.dll
2015-03-12 03:22:30    DB2D62AA2DF6B1F3D690A9EC9701AA2C    188416    ----a-w-    C:\Windows\Sysnative\pcasvc.dll
2015-03-12 03:22:30    73D81B5B4B2655CB1B5662E770F755D5    532176    ----a-w-    C:\Windows\Sysnative\winresume.exe
2015-03-12 03:22:29    94BC902494AFC9F5EBC5FBB61445D73F    82432    ----a-w-    C:\Windows\Sysnative\cryptsp.dll
2015-03-12 03:22:28    F88B4A9EA1A956F09D5001D08B546228    641024    ----a-w-    C:\Windows\Sysnative\msscp.dll
2015-03-12 03:22:28    29143C7827F9F2AC543E792A8C63FBB0    4121600    ----a-w-    C:\Windows\Sysnative\mf.dll
2015-03-12 03:22:27    B7E752FFD95DC61FCB7A6E70E37175E5    693176    ----a-w-    C:\Windows\Sysnative\winload.efi
2015-03-12 03:22:27    AE66D26930CA536706078537CB5AC840    325632    ----a-w-    C:\Windows\Sysnative\msnetobj.dll
2015-03-12 03:22:27    7A4064169FBA91F39DB1FDC094A18DA8    619056    ----a-w-    C:\Windows\Sysnative\winload.exe
2015-03-12 03:22:26    999A7FD4D9F8B1656F1167D94743E50A    457400    ----a-w-    C:\Windows\Sysnative\ci.dll
2015-03-12 03:22:26    93C7D1C3941086162B433107D9E8BCE3    296960    ----a-w-    C:\Windows\Sysnative\rstrui.exe
2015-03-12 03:22:26    72D4757510FDA69D729169C00AFC211E    32256    ----a-w-    C:\Windows\Sysnative\appidsvc.dll
2015-03-12 03:22:26    6E974F1C384615DEB0710E44F4847351    126464    ----a-w-    C:\Windows\Sysnative\audiodg.exe
2015-03-12 03:22:26    6968D02DC38757C3FBE7ED7C2F9670AA    680960    ----a-w-    C:\Windows\Sysnative\audiosrv.dll
2015-03-12 03:22:26    577D0B947B49DB83E2054FA169B2ECBF    229376    ----a-w-    C:\Windows\Sysnative\wintrust.dll
2015-03-12 03:22:26    483221CC1AAC288368292899E32B6B9B    503808    ----a-w-    C:\Windows\Sysnative\srcore.dll
2015-03-12 03:22:26    1BE9877B199184D7657BC4CFCB7B4A99    140288    ----a-w-    C:\Windows\Sysnative\cryptnet.dll
2015-03-12 03:22:25    C0AE7ABD87254B2789C8CB34AF274A65    296448    ----a-w-    C:\Windows\Sysnative\AudioSes.dll
2015-03-12 03:22:25    7BC64DEEFD0E6812E21DE89F0CF50A49    500224    ----a-w-    C:\Windows\Sysnative\AUDIOKSE.dll
2015-03-12 03:22:25    3029D8E78E4BF18A0551E22CD4CB892C    371712    ----a-w-    C:\Windows\Sysnative\qdvd.dll
2015-03-12 03:22:25    1CD76A83B9E8E9A5A3519B39E28354D9    187904    ----a-w-    C:\Windows\Sysnative\cryptsvc.dll
2015-03-12 03:22:24    CBE684883A45E5B047DA6B4AC46C2112    55808    ----a-w-    C:\Windows\Sysnative\rrinstaller.exe
2015-03-12 03:22:24    589852B65C91F574E980ABDB8205080A    146944    ----a-w-    C:\Windows\Sysnative\appidpolicyconverter.exe
2015-03-12 03:22:24    3A7BC2DC99D3C5B172465E890B3C3B14    440832    ----a-w-    C:\Windows\Sysnative\AudioEng.dll
2015-03-12 03:22:24    27793FE3FF2D0123896D1A01A2D222C7    37376    ----a-w-    C:\Windows\Sysnative\pcadm.dll
2015-03-12 03:22:23    947938F265D7CB99653CDFF2B3C0468D    206848    ----a-w-    C:\Windows\Sysnative\mfps.dll
2015-03-12 03:22:23    63D3C30B497347495B8EA78A38188969    112640    ----a-w-    C:\Windows\Sysnative\smss.exe
2015-03-12 03:22:22    ED6BF1E1C4F40F600DFEC0CB101A1789    9728    ----a-w-    C:\Windows\Sysnative\pcalua.exe
2015-03-12 03:22:22    A84C94CF795E08BBB99E4E145F9E81A3    11264    ----a-w-    C:\Windows\Sysnative\pcawrk.exe
2015-03-12 03:22:22    84DB8EB3C184BB549ED90A842020F278    58880    ----a-w-    C:\Windows\Sysnative\appidapi.dll
2015-03-12 03:22:22    29088A5723C81BF75AD909AAB6A91610    50176    ----a-w-    C:\Windows\Sysnative\srclient.dll
2015-03-12 03:22:22    0F79883E27BB1AFE2D9BB4656A1CEFCD    11264    ----a-w-    C:\Windows\Sysnative\msmmsp.dll
2015-03-12 03:22:22    00EE5D3E16D42F25F7813ACFA10EC803    24576    ----a-w-    C:\Windows\Sysnative\mfpmp.exe
2015-03-12 03:22:21    EA285B947EE48103697CDA53D76C9EEC    17920    ----a-w-    C:\Windows\Sysnative\appidcertstorecheck.exe
2015-03-12 03:22:21    C4937B9D6EF4D309A60054D4D00EE9DB    63488    ----a-w-    C:\Windows\Sysnative\setbcdlocale.dll
2015-03-12 03:22:21    BE7DA70C9F4A97CCA9ED78B70BCFC9AC    43520    ----a-w-    C:\Windows\Sysnative\csrsrv.dll
2015-03-12 03:22:21    56FD1BC602EE0E7949F92EE2EE327B72    284672    ----a-w-    C:\Windows\Sysnative\EncDump.dll
2015-03-12 03:22:20    FE03B35A22C3D2714B494FC2AB32AC5B    8704    ----a-w-    C:\Windows\Sysnative\pcaevts.dll
2015-03-12 03:22:20    F43B09E257121ADC501ABE9367FAA850    9728    ----a-w-    C:\Windows\Sysnative\spwmp.dll
2015-03-12 03:22:20    DBCD54B841F2B216B2F0F86E18205C22    6656    ----a-w-    C:\Windows\Sysnative\apisetschema.dll
2015-03-12 03:22:20    D3F1F9C784BCCDF2C880669D69FC1970    5120    ----a-w-    C:\Windows\Sysnative\msdxm.ocx
2015-03-12 03:22:20    D3F1F9C784BCCDF2C880669D69FC1970    5120    ----a-w-    C:\Windows\Sysnative\dxmasf.dll
2015-03-12 03:22:20    77D49942BD5DC97723ABC8A6D2757B6E    12625920    ----a-w-    C:\Windows\Sysnative\wmploc.DLL
2015-03-12 03:22:19    8364A0F7633414DC5C50A37295B1FAFF    2048    ----a-w-    C:\Windows\Sysnative\mferror.dll
2015-03-12 03:19:40    CBA2694BFC61F371181F2BE2BCD66C40    465920    ----a-w-    C:\Windows\Sysnative\WMPhoto.dll
2015-03-12 03:18:49    1FB81632476857E8451DDA8A456EF3CE    215552    ----a-w-    C:\Windows\Sysnative\ubpm.dll
2015-03-12 03:17:37    01F9FEB7F0C84EA1AC6A9B4D7C6B0435    14177280    ----a-w-    C:\Windows\Sysnative\shell32.dll
2015-02-27 13:44:39    3B9E2AB1F3ABC53D4A423E699EB625C8    419936    ----a-w-    C:\Windows\Sysnative\locale.nls
====== C:\Windows\Sysnative\drivers =====
2015-03-12 03:24:42    8BA90F480705D7153AD0060CCA62222A    155576    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-03-12 03:24:42    56ED3EE5FED6BF2FC1305CF872042868    95680    ----a-w-    C:\Windows\Sysnative\drivers\ksecdd.sys
2015-03-12 03:24:42    27667A788130A7F7A5858DE27572E6D7    459336    ----a-w-    C:\Windows\Sysnative\drivers\cng.sys
2015-03-12 03:22:37    ED6E75158D28D33A2E2A020AC5B2B59D    663552    ----a-w-    C:\Windows\Sysnative\drivers\PEAuth.sys
2015-03-12 03:22:29    87BCD1034CBF33537D4D4C251D39BA26    94656    ----a-w-    C:\Windows\Sysnative\drivers\mountmgr.sys
2015-03-12 03:22:26    90C53BD47979FB8814F465A08B885102    61440    ----a-w-    C:\Windows\Sysnative\drivers\appid.sys
2015-03-09 15:29:37    26C43960C99EE861A5D0EDC4DCF3B1C3    129752    ----a-w-    C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-03-09 15:28:46    CA43F8904E24BBE49982E4C0B29E6579    25816    ----a-w-    C:\Windows\Sysnative\drivers\mbam.sys
2015-03-09 15:28:46    A646C2DDB8C46E9B20A326FAF566646C    63704    ----a-w-    C:\Windows\Sysnative\drivers\mwac.sys
2015-03-09 15:28:46    478CC94C937D235CB0A96AB8F2359D81    93400    ----a-w-    C:\Windows\Sysnative\drivers\mbamchameleon.sys
====== C:\Windows\Tasks ======
2015-03-09 15:39:33    F79EBA871B4112549AFF445D6F9C4CEC    4066    ----a-w-    C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2015-03-09 15:39:33    01275973DE4441E7C217466C732848E3    1070    ----a-w-    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-09 15:39:31    4FF2D115F4F5233152C4CA6118D4CA27    3814    ----a-w-    C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2015-03-09 15:39:31    0AD8B79C37647200EE256CFF919EBD00    1066    ----a-w-    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 20:30:45    --------    d-----w-    C:\Windows\Sysnative\Tasks\Games
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Usuario\AppData\Roaming ======
2015-03-09 01:26:18    --------    d-----w-    C:\Users\Usuario\AppData\Roaming\Macwebtoise
2015-03-09 01:26:14    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\ntsvc
2015-03-09 01:19:24    --------    d-----w-    C:\Users\Usuario\AppData\Roaming\BB1F68C4-1425863964-5045-AA9E-00E0914E52E6
2015-03-07 13:42:18    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\Users\Usuario\AppData\Local\{F85FED99-6FE9-475D-AFE6-E11B87D88517}
2015-02-19 14:47:31    --------    d-----w-    C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2015-02-19 14:47:27    --------    d-----w-    C:\Users\Usuario\AppData\Local\Aplicativo Itau
2015-02-17 16:10:37    --------    d-----w-    C:\Users\Usuario\AppData\Local\Microsoft Games
====== C:\Users\Usuario ======
2015-03-09 15:47:30    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-09 01:26:16    C4B8367FBC1B7A85D0D575BFBACDFB38    286    --sha-r-    C:\Users\TODOSO~1\ntuser.pol
2015-03-09 01:26:16    C4B8367FBC1B7A85D0D575BFBACDFB38    286    --sha-r-    C:\ProgramData\ntuser.pol
2015-02-25 16:32:37    --------    d-----w-    C:\Users\TODOSO~1\gbas
2015-02-25 16:32:37    --------    d-----w-    C:\ProgramData\gbas

====== C: exe-files ==
2015-03-12 15:17:13    8377C99BF813BE986D07730F5C433382    68096    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\ZAScan.exe
2015-03-12 03:41:24    B58A5F5543984335DAD5CAB84CEEEAFB    1975376    ----a-w-    C:\Program Files (x86)\Google\Update\Install\{381AA265-2C5C-498D-8627-1DCB94FCCBEF}\41.0.2272.89_41.0.2272.76_chrome_updater.exe
2015-03-12 03:41:24    B58A5F5543984335DAD5CAB84CEEEAFB    1975376    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.89\41.0.2272.89_41.0.2272.76_chrome_updater.exe
2015-03-12 03:40:54    2CA6A98547E799812489E5ADF2774D97    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2015-03-12 03:40:53    B5F3C8A860C39AEC1356A708C2A701A1    221184    ----a-w-    C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2015-03-12 03:40:53    7FA2B43D940DF41E46B8049B59AB6639    718848    ----a-w-    C:\Windows\System32\ie4uinit.exe
2015-03-12 03:40:51    E931C01E7DD7CEC0BD26CD1B9DA967A3    815272    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-03-12 03:40:51    9C7990C221DC5C283BFF5A05CF52D69B    222720    ----a-w-    C:\Program Files\Internet Explorer\ielowutil.exe
2015-03-12 03:40:51    988AB676FBF4484508BA134CAAB711EB    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2015-03-12 03:40:51    5CC34CBBBD90696FD82DB670C38B13FD    469504    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2015-03-12 03:40:50    132862B0FC4A1B7CB45C274DE169DBB2    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2015-03-12 03:40:49    EF3BE302619A2C85A1E33FBFAB4C60F8    484864    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2015-03-12 03:40:49    D3D00B950A174882DAC32F45AB589864    813736    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2015-03-12 03:40:48    1EC0BF321D3B14D02B9A8BAC134570F4    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2015-03-12 03:24:41    FB95F6E11AAD62F24C2DB01E6E9D7BE7    64000    ----a-w-    C:\Windows\System32\auditpol.exe
2015-03-12 03:24:41    B6C7729936AAF8E0697F0A7DCA82CED8    31232    ----a-w-    C:\Windows\System32\lsass.exe
2015-03-12 03:24:41    5E76C26CAE2810EA71C161ED9A2CF0D1    50176    ----a-w-    C:\Windows\SysWOW64\auditpol.exe
2015-03-12 03:22:40    FDA5F186596288F0B9ECE9DC7A5AA868    5554104    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2015-03-12 03:22:35    6C2D4DC5D2E271F4AE4016FD4587B0B2    3973048    ----a-w-    C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-12 03:22:34    6B4BE7F9923F727C0298E9CB0FB2A406    497080    ----a-w-    C:\Windows\Boot\PCAT\memtest.exe
2015-03-12 03:22:34    2CFE69A0A8AFDA8DB9A773D728000BB7    3917760    ----a-w-    C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-12 03:22:31    73D81B5B4B2655CB1B5662E770F755D5    532176    ----a-w-    C:\Windows\System32\Boot\winresume.exe
2015-03-12 03:22:30    73D81B5B4B2655CB1B5662E770F755D5    532176    ----a-w-    C:\Windows\System32\winresume.exe
2015-03-12 03:22:27    7A4064169FBA91F39DB1FDC094A18DA8    619056    ----a-w-    C:\Windows\System32\winload.exe
2015-03-12 03:22:27    7A4064169FBA91F39DB1FDC094A18DA8    619056    ----a-w-    C:\Windows\System32\Boot\winload.exe
2015-03-12 03:22:26    93C7D1C3941086162B433107D9E8BCE3    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2015-03-12 03:22:26    6E974F1C384615DEB0710E44F4847351    126464    ----a-w-    C:\Windows\System32\audiodg.exe
2015-03-12 03:22:24    CBE684883A45E5B047DA6B4AC46C2112    55808    ----a-w-    C:\Windows\System32\rrinstaller.exe
2015-03-12 03:22:24    589852B65C91F574E980ABDB8205080A    146944    ----a-w-    C:\Windows\System32\appidpolicyconverter.exe
2015-03-12 03:22:24    08FF727297A97907AADED4BA86CF44E9    50176    ----a-w-    C:\Windows\SysWOW64\rrinstaller.exe
2015-03-12 03:22:23    63D3C30B497347495B8EA78A38188969    112640    ----a-w-    C:\Windows\System32\smss.exe
2015-03-12 03:22:22    ED6BF1E1C4F40F600DFEC0CB101A1789    9728    ----a-w-    C:\Windows\System32\pcalua.exe
2015-03-12 03:22:22    A84C94CF795E08BBB99E4E145F9E81A3    11264    ----a-w-    C:\Windows\System32\pcawrk.exe
2015-03-12 03:22:22    00EE5D3E16D42F25F7813ACFA10EC803    24576    ----a-w-    C:\Windows\System32\mfpmp.exe
2015-03-12 03:22:21    FEB8566E798B2F6BA40AC39C90E354B3    102400    ----a-w-    C:\Program Files\Windows Media Player\wmpconfig.exe
2015-03-12 03:22:21    EA285B947EE48103697CDA53D76C9EEC    17920    ----a-w-    C:\Windows\System32\appidcertstorecheck.exe
2015-03-12 03:22:21    D1D03ED0A40B9EA7D45CD09E585415ED    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2015-03-12 03:22:21    733F15A545DCB45295EEB1E409F2D63A    102912    ----a-w-    C:\Program Files\Windows Media Player\wmpshare.exe
2015-03-12 03:22:21    49F4EE8DF752CFA159B99046CD1FDD2B    23040    ----a-w-    C:\Windows\SysWOW64\mfpmp.exe
2015-03-12 03:22:21    3CB513A4E2D3666282725B09FF66D2B1    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2015-03-12 03:22:20    E357783E1561251E25513247B534D423    102400    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmpshare.exe
2015-03-12 03:22:20    201283E93160A0EBBA8CC9F3F2388FDA    101888    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmpconfig.exe
2015-03-11 13:08:26    C2BFEFC514E2FBE9AFD14338861855CE    17907712    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\SkypeSetup.exe
2015-03-11 13:08:26    C2BFEFC514E2FBE9AFD14338861855CE    17907712    ----a-w-    C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0G0IZQ18\SkypeSetupFull[1].exe
2015-03-10 02:38:44    DA82141065D68B1E973BE3F03E0B7E31    9369880    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\EPSON\Download\Resource\FWG825TL_OD04EC.exe
2015-03-10 01:07:10    F9EA78A6C14E0313E6C0A3E14DEDD441    9170416    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\EPSON\Download\Resource\E-WebPrint_12200_ALL_31.exe
2015-03-10 00:43:14    0E8EA0B94B22A1B33B732C27512933C4    6146328    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\EPSON\Download\Resource\CESU4360.exe
2015-03-09 16:44:54    5F0A3AA68785C49454F56C9F2DDA0237    52040    ----atw-    C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
2015-03-09 16:44:53    FD98434B6A06FE31A35E4BFBC827B290    52040    ----atw-    C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
2015-03-09 16:44:53    7CA00A58AA808F4B9844C91845910377    880208    ----a-w-    C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
2015-03-09 16:44:53    4C02536F4CA35911FB3EA5715F300C57    52040    ----atw-    C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
2015-03-09 16:44:46    F3B6470DA7CE34E559D3BA7365CC909C    115528    ----atw-    C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
2015-03-09 16:44:46    83BB030C71C9727DCFB2737005772C4E    232264    ----atw-    C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
2015-03-09 16:44:46    323CFFFDAF253AC65CD194A101BE6231    287048    ----atw-    C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
2015-03-09 16:44:45    E1B44A75947137F4143308D566889837    107848    ----atw-    C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe
2015-03-09 16:44:38    7CA00A58AA808F4B9844C91845910377    880208    ----a-w-    C:\Program Files (x86)\Google\Update\Install\{42F1E6D0-A203-44D5-97BC-251D773A5233}\GoogleUpdateSetup.exe
2015-03-09 16:44:38    7CA00A58AA808F4B9844C91845910377    880208    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
2015-03-09 15:39:25    506708142BC63DABA64F2D3AD1DCD5BF    116648    ----atw-    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2015-03-09 01:26:18    D13D572CDEFE2084CA1A4C93FCE9CAD4    658808    ----a-w-    C:\Users\Usuario\AppData\Roaming\Macwebtoise\ProtectInstall.exe
2015-03-09 01:25:58    FBF2520745F6E65B253A7EDE468A2670    497016    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\setup_557.exe
2015-03-09 01:19:42    EB1E08A649A1B6E4E86F98370F3908B7    38540192    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\1.tmp.exe
2015-03-09 01:19:25    32B8CAEC754FB3754A28A741CC94ADFA    129341    ----a-w-    C:\Users\Usuario\AppData\Roaming\BB1F68C4-1425863964-5045-AA9E-00E0914E52E6\Uninstall.exe
2015-03-09 01:17:44    FD60E0C358982B37EB0BCCC31CA74DDE    23662328    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.9.107990.exe
=== C: other files ==
2015-03-12 03:25:42    A0DEE06D68F210CA090FD4D9A33CDC12    3204096    ----a-w-    C:\Windows\System32\win32k.sys
2015-03-12 03:24:42    8BA90F480705D7153AD0060CCA62222A    155576    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2015-03-12 03:24:42    56ED3EE5FED6BF2FC1305CF872042868    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2015-03-12 03:24:42    27667A788130A7F7A5858DE27572E6D7    459336    ----a-w-    C:\Windows\System32\drivers\cng.sys
2015-03-12 03:22:37    ED6E75158D28D33A2E2A020AC5B2B59D    663552    ----a-w-    C:\Windows\System32\drivers\PEAuth.sys
2015-03-12 03:22:29    87BCD1034CBF33537D4D4C251D39BA26    94656    ----a-w-    C:\Windows\System32\drivers\mountmgr.sys
2015-03-12 03:22:26    90C53BD47979FB8814F465A08B885102    61440    ----a-w-    C:\Windows\System32\drivers\appid.sys
2015-03-12 03:09:14    F56A319979F631C141F5FF02DF87FDB1    43563    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\prelim.bat
2015-03-12 03:09:14    E49F9C309DC32E854A081507B89EBE39    11201    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\runvalues.bat
2015-03-12 03:09:14    DD1E4D974B1672ABD09EFFB225791C4A    1230    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\TDL4.bat
2015-03-12 03:09:14    AA0C656F898523BEDF2DA6923197BB80    1264    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\surfvox.bat
2015-03-12 03:09:14    8E6020C14F982CF11B3FE7DBB0CB8EDE    24738    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\searchlnk.bat
2015-03-12 03:09:14    56CE326F6AAE3CF1709D332C04E8F9F1    191237    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\misc.bat
2015-03-12 03:09:14    080CFDE64F31E7B50EECF4552033E84D    9937    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\mws.bat
2015-03-12 03:09:13    AD2F52DC72B10AF331692E4A4DD80DFC    18670    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\medfos.bat
2015-03-12 03:09:13    883C768ADFD65F6C4968BD852B8D45E5    14924    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\get.bat
2015-03-12 03:09:13    86707BCE5CBB65D9B1C41E249B4423BA    152733    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\firefox.bat
2015-03-12 03:09:13    83F691D8398F0E37E71E9355BF730DB9    719    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\ev_clear.bat
2015-03-12 03:09:13    38A0BDF322ACCC968B0A824C38D50157    29635    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\ask.bat
2015-03-12 03:09:13    335DFF8F23E5EC02B5426362F0F8509B    31401    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\iexplore.bat
2015-03-12 03:09:13    0C4649A62845AB5D5DBCC4998477FF6D    1813    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\delfolders.bat
2015-03-12 03:09:13    048407135C9B1FB6A355E256BD96160D    14192    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\jrt\chrome.bat
2015-03-09 15:29:37    26C43960C99EE861A5D0EDC4DCF3B1C3    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-03-09 15:28:46    CA43F8904E24BBE49982E4C0B29E6579    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2015-03-09 15:28:46    A646C2DDB8C46E9B20A326FAF566646C    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2015-03-09 15:28:46    478CC94C937D235CB0A96AB8F2359D81    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2015-03-09 01:26:18    93A4B07A201C46759D8B680151617C44    393912    ----a-w-    C:\Users\Usuario\AppData\Local\Temp\Macwebtoise\macweb.zip

======== System Restore Points ========

RP17: 02/12/2014 10:03:19 - Windows Update
RP18: 11/12/2014 14:11:41 - Windows Update
RP19: 13/12/2014 20:14:14 - Windows Update
RP20: 14/12/2014 20:24:01 - Backup do Windows
RP21: 16/12/2014 14:31:13 - avast! antivirus system restore point
RP22: 19/12/2014 14:52:45 - Windows Update
RP23: 20/12/2014 11:02:24 - Windows Update
RP24: 25/12/2014 22:27:00 - Backup do Windows
RP25: 26/12/2014 17:07:29 - Windows Update
RP26: 04/01/2015 19:49:31 - Windows Update
RP27: 04/01/2015 20:24:55 - Instalado Microsoft Visual C++ 2005 Redistributable
RP28: 08/01/2015 20:54:34 - Backup do Windows
RP29: 09/01/2015 21:28:46 - Backup do Windows
RP30: 09/01/2015 21:32:42 - Windows Update
RP31: 13/01/2015 11:59:56 - Windows Update
RP32: 16/01/2015 21:25:17 - Windows Update
RP33: 17/01/2015 15:29:08 - Windows Update
RP34: 18/01/2015 19:16:10 - Backup do Windows
RP35: 21/01/2015 10:24:28 - Windows Update
RP36: 28/01/2015 17:10:53 - Windows Update
RP37: 30/01/2015 11:38:00 - Backup do Windows
RP38: 02/02/2015 11:42:13 - Backup do Windows
RP39: 03/02/2015 17:34:37 - Windows Update
RP40: 10/02/2015 17:37:33 - Ponto de Verificação Agendado
RP41: 10/02/2015 21:53:47 - Windows Update
RP42: 10/02/2015 23:47:51 - Backup do Windows
RP43: 12/02/2015 11:39:36 - Windows Update
RP44: 16/02/2015 20:25:35 - Windows Update
RP45: 19/02/2015 00:41:52 - Backup do Windows
RP46: 20/02/2015 12:38:27 - Windows Update
RP47: 23/02/2015 17:02:18 - Backup do Windows
RP48: 24/02/2015 14:55:59 - Windows Update
RP49: 27/02/2015 10:41:27 - Windows Update
RP50: 03/03/2015 14:02:11 - Windows Update
RP51: 04/03/2015 01:04:00 - Backup do Windows
RP52: 09/03/2015 21:45:43 - Installed Software Updater
RP53: 11/03/2015 23:52:28 - Windows Update
RP54: 12/03/2015 03:00:24 - Windows Update
RP55: 12/03/2015 12:18:35 - zoek.exe restore point

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2805126714-2820243177-176866361-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT EPLTarget\P0000000000000000 /M XP-211 214 216 Series /EF HKCU"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"YouCam Mirage"="C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"YouCam Tray"="C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe /s"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT EPLTarget\P0000000000000000 /M XP-211 214 216 Series /EF HKCU"

==== Startup Registry Enabled x64 ======================

 


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"3D BubbleSound"="C:\Program Files\BubbleSound\3D BubbleSound.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BDRegion]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BDRegion"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Cyberlink\\Shared files\\brs.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Diebold - Warsaw]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Diebold - Warsaw"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Diebold\\Warsaw\\core.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RemoteControl10"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD10\\PDVD10Serv.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05/02/2015 20:33]
C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS.exe []
C:\Windows\tasks\EPSON XP-211 214 216 Series Invitation {2B42C60A-1591-4497-BF93-2A9D31D340DC}.job --a------ C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.exe [28/02/2013 00:20]
C:\Windows\tasks\EPSON XP-211 214 216 Series Update {2B42C60A-1591-4497-BF93-2A9D31D340DC}.job --a------ C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.exe [28/02/2013 00:20]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/03/2015 12:39]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/03/2015 12:39]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\EPSON XP-211 214 216 Series Invitation {2B42C60A-1591-4497-BF93-2A9D31D340DC}" [C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE]
"C:\Windows\SysNative\tasks\EPSON XP-211 214 216 Series Update {2B42C60A-1591-4497-BF93-2A9D31D340DC}" [C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\{F67277B5-5A0C-4140-A7C0-F5A9582E2E9D}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2014-11-26 13:33:33    --------    d-sh--we    C:\PROGRA~3\Dados de aplicativos
2014-11-26 13:33:33    --------    d-sh--we    C:\PROGRA~3\Documentos
2014-11-26 13:33:33    --------    d-sh--we    C:\PROGRA~3\Favoritos
2014-11-26 13:33:33    --------    d-sh--we    C:\PROGRA~3\Menu Iniciar
2014-11-26 13:33:33    --------    d-sh--we    C:\PROGRA~3\Modelos
2014-11-26 13:58:21    --------    d-----w-    C:\PROGRA~3\Ralink Driver
2014-11-26 15:49:09    --------    d-----w-    C:\PROGRA~3\Microsoft Help
2014-11-26 16:38:18    --------    d-----w-    C:\PROGRA~3\Ashampoo
2014-11-26 16:44:30    --------    d-----w-    C:\PROGRA~3\Temp
2014-11-26 16:47:58    --------    d-----w-    C:\PROGRA~3\CyberLink
2014-11-26 16:48:36    --------    d-----w-    C:\PROGRA~3\Adobe
2014-11-26 18:09:02    --------    d-----w-    C:\PROGRA~3\Skype
2014-11-26 18:11:22    --------    d-----w-    C:\PROGRA~3\AVAST Software
2014-11-27 10:44:20    --------    d-----w-    C:\PROGRA~3\Oracle
2014-11-27 10:45:27    --------    d-----w-    C:\PROGRA~3\Sun
2014-11-27 10:48:25    --------    d-----w-    C:\PROGRA~3\Package Cache
2014-11-27 10:50:49    --------    d-----w-    C:\PROGRA~3\boost_interprocess
2014-11-27 10:50:49    --------    d-----w-    C:\PROGRA~3\GAS Tecnologia
2014-11-27 10:51:21    --------    d-----w-    C:\PROGRA~3\GbPlugin
2015-01-04 22:22:11    --------    d-----w-    C:\PROGRA~3\EPSON
2015-01-04 22:27:14    --------    d-----w-    C:\PROGRA~3\Sony Corporation
2015-01-04 22:27:26    --------    d-----w-    C:\PROGRA~3\UDL
2015-02-25 16:32:37    --------    d-----w-    C:\PROGRA~3\gbas
2015-03-09 15:28:45    --------    d-----w-    C:\PROGRA~3\Malwarebytes

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [09/03/2015 22:08]

==== Chromium Look ======================

Google Chrome Version: 41.0.2272.89 (Up to date, latest Stable version: 41.0.2272.89)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[16/12/2014 13:34]

Google Docs - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast Online Security - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki
GBBD Guardião - Itaú 30 horas - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Google Wallet - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{2BEEA6B3-961B-4FE2-88CD-856FA066ADEF} Google  Url="https://www.google.com/search?q={searchTerms}"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files (x86)\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Usuario\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 12/03/2015 at 12:33:23,10 ====================== 
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara RF Carvalho

 

# Etapa nº 1 #

Baixe o RogueKiller e salve em sua área de trabalho.
32 bit (x86)ou 64 bit (x64)

Execute o arquivo RogueKiller.exe.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo RogueKiller.exe, depois clique em execadmin.png.

Clique no botão Scan e aguarde o exame finalizar.

Clique no botão Relatório. Abrirá um bloco de notas com informações.

Anexe-o na sua próxima resposta.

OBS: não use o botão Deletar pois precisamos avaliar os itens antes de fazer isso.

 

 

# Etapa nº 2 #

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Baixe o Farbar Recovery Scan Tool e salve na sua área de trabalho.
32 bit (x86)ou 64 bit (x64)

Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Anexe os logs na sua próxima resposta.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

oie...os links pro RogueKiller não funcionam :(


ufa....consegui.....e la vamos nós :P

 

RogueKiller V10.5.7.0 (x64) [Mar 22 2015] por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Site : http://www.adlice.com/programas/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : Usuario [Administrador]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Modo : Escanear -- Data : 03/24/2015  14:02:25

¤¤¤ Processos : 1 ¤¤¤
[suspicious.Path] explorer.exe(4708) -- C:\Users\Usuario\AppData\Roaming\Macwebtoise\explorerEx64.dll[7] -> Descarregado

¤¤¤ Registro : 7 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ExplorerEx | (default) : {E056AFDD-03E9-4D73-8D33-8FCCBCA73438}  -> Encontrado
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2805126714-2820243177-176866361-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.uol.com.br/ -> Encontrado
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2805126714-2820243177-176866361-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.uol.com.br/ -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] xts7orpf.default : user_pref("browser.startup.homepage", "www.uol.com.br"); -> Encontrado

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST320LM001 HN-M320MBB ATA Device +++++
--- User ---
[MBR] b971db617275befac908f1c44102c267
[bSP] 0ad6f6ee35b4372b298f8385ff09ed1b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1536 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3147776 | Size: 144384 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 298846208 | Size: 143962 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 593680384 | Size: 15361 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03242015_133138.log


mais um bucadinho...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Usuario (administrator) on USUARIO-PC on 24-03-2015 13:38:27
Running from D:\Users\Usuario\Desktop
Loaded Profiles: Usuario (Available profiles: Usuario)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILDE.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKU\S-1-5-21-2805126714-2820243177-176866361-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => C:\Users\Usuario\AppData\Roaming\Macwebtoise\explorerEx64.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2805126714-2820243177-176866361-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
HKU\S-1-5-21-2805126714-2820243177-176866361-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2805126714-2820243177-176866361-1000 -> {2BEEA6B3-961B-4FE2-88CD-856FA066ADEF} URL = http://www.google.com/search?hl=en&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-21] (Avast Software s.r.o.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-21] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2014-08-12] (Banco Itaú Unibanco)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-27] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1760312 2014-08-12] (Banco Itaú Unibanco)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\xts7orpf.default
FF Homepage: www.uol.com.br
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-23] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin HKU\S-1-5-21-2805126714-2820243177-176866361-1000: gastecnologia.com.br/sf/uni -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-03-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-03-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-26]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-03-09]
FF HKU\S-1-5-21-2805126714-2820243177-176866361-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: Guardião - Itaú 30 horas - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2015-03-16]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-23]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-23]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-23]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-23]
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-23]
CHR Extension: (Avast Online Security) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-23]
CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-23]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-21] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-21] (Avast Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
R2 Warsaw Technology; C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-21] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-21] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [76912 2011-03-22] (Atheros Communications, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-21] (Avast Software)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2011-03-01] (CyberLink Corp.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 13:38 - 2015-03-24 13:38 - 00000000 ____D () C:\FRST
2015-03-24 13:24 - 2015-03-24 13:24 - 00000000 ____D () C:\Users\Usuario\AppData\Local\CrashDumps
2015-03-24 13:22 - 2015-03-24 13:33 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller
2015-03-24 13:22 - 2015-03-24 13:33 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-24 13:22 - 2015-03-24 13:22 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-24 13:22 - 2015-03-24 13:22 - 00000854 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-03-24 13:22 - 2015-03-24 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-03-24 13:22 - 2015-03-24 13:22 - 00000000 ____D () C:\Program Files\RogueKiller
2015-03-23 11:41 - 2015-03-23 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-23 11:39 - 2015-03-24 12:53 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-23 11:39 - 2015-03-24 12:05 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-23 11:39 - 2015-03-23 11:48 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-23 11:39 - 2015-03-23 11:48 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-22 20:47 - 2015-03-22 20:48 - 00000247 _____ () C:\Windows\system32\2015-03-22-23-47-59.027-aswFe.exe-2504.log
2015-03-22 20:40 - 2015-03-22 20:47 - 00000247 _____ () C:\Windows\system32\2015-03-22-23-40-47.031-aswFe.exe-5560.log
2015-03-22 20:40 - 2015-03-22 20:40 - 00000197 _____ () C:\Windows\system32\2015-03-22-23-40-41.053-AvastVBoxSVC.exe-4240.log
2015-03-21 19:44 - 2015-03-21 19:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 19:31 - 2015-03-21 19:31 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-21 19:30 - 2015-03-21 19:30 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-16 23:35 - 2015-03-16 23:35 - 00000197 _____ () C:\Windows\system32\2015-03-17-02-35-21.073-AvastVBoxSVC.exe-2892.log
2015-03-16 12:01 - 2015-03-16 12:01 - 00720082 _____ () C:\Users\Usuario\AppData\Roaming\unins000.exe
2015-03-14 11:05 - 2015-03-14 11:05 - 00000197 _____ () C:\Windows\system32\2015-03-14-14-05-38.070-AvastVBoxSVC.exe-2348.log
2015-03-13 00:47 - 2015-03-13 00:47 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Macromedia
2015-03-12 18:49 - 2015-03-12 18:49 - 00000197 _____ () C:\Windows\system32\2015-03-12-21-49-30.098-AvastVBoxSVC.exe-2372.log
2015-03-12 16:52 - 2015-03-12 16:52 - 00000197 _____ () C:\Windows\system32\2015-03-12-19-52-04.053-AvastVBoxSVC.exe-2656.log
2015-03-12 14:23 - 2015-03-23 11:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-12 14:23 - 2015-03-12 14:24 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Mozilla
2015-03-12 14:23 - 2015-03-12 14:24 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Mozilla
2015-03-12 14:23 - 2015-03-12 14:23 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-12 14:23 - 2015-03-12 14:23 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-12 14:23 - 2015-03-12 14:23 - 00000000 ____D () C:\Users\Todos os Usuários\Mozilla
2015-03-12 14:23 - 2015-03-12 14:23 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-12 13:50 - 2015-03-12 13:50 - 00000197 _____ () C:\Windows\system32\2015-03-12-16-50-20.059-AvastVBoxSVC.exe-2560.log
2015-03-12 12:34 - 2015-03-12 12:34 - 00000197 _____ () C:\Windows\system32\2015-03-12-15-34-38.057-AvastVBoxSVC.exe-2536.log
2015-03-12 12:30 - 2015-03-12 12:17 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-03-12 12:18 - 2015-03-12 12:33 - 00069328 _____ () C:\zoek-results.log
2015-03-12 12:18 - 2015-03-12 01:16 - 00014603 _____ () C:\zoek-results2015-03-12-041645.log
2015-03-12 03:48 - 2015-03-12 03:48 - 00000197 _____ () C:\Windows\system32\2015-03-12-06-48-49.002-AvastVBoxSVC.exe-2776.log
2015-03-12 01:14 - 2015-03-09 15:14 - 00019192 _____ () C:\zoek-results2015-03-09-181454.log
2015-03-12 01:03 - 2015-03-12 01:03 - 00000197 _____ () C:\Windows\system32\2015-03-12-04-03-27.003-AvastVBoxSVC.exe-3336.log
2015-03-12 00:54 - 2015-03-12 00:54 - 00000197 _____ () C:\Windows\system32\2015-03-12-03-54-50.091-AvastVBoxSVC.exe-2172.log
2015-03-12 00:40 - 2015-02-24 00:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 00:40 - 2015-02-23 23:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 00:40 - 2015-02-20 22:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 00:40 - 2015-02-20 21:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 00:40 - 2015-02-20 21:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 00:40 - 2015-02-20 21:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 00:40 - 2015-02-20 21:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 00:40 - 2015-02-20 20:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 00:40 - 2015-02-20 20:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 00:40 - 2015-02-20 00:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 00:40 - 2015-02-20 00:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-12 00:40 - 2015-02-19 23:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 00:40 - 2015-02-19 23:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 00:40 - 2015-02-19 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-12 00:40 - 2015-02-19 23:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 00:40 - 2015-02-19 23:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 00:40 - 2015-02-19 23:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 00:40 - 2015-02-19 23:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 00:40 - 2015-02-19 23:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 00:40 - 2015-02-19 23:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 00:40 - 2015-02-19 23:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-12 00:40 - 2015-02-19 23:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 00:40 - 2015-02-19 23:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 00:40 - 2015-02-19 23:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-12 00:40 - 2015-02-19 23:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 00:40 - 2015-02-19 23:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 00:40 - 2015-02-19 23:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-12 00:40 - 2015-02-19 23:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 00:40 - 2015-02-19 23:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 00:40 - 2015-02-19 23:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-12 00:40 - 2015-02-19 23:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-12 00:40 - 2015-02-19 23:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 00:40 - 2015-02-19 23:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 00:40 - 2015-02-19 23:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 00:40 - 2015-02-19 23:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 00:40 - 2015-02-19 23:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-12 00:40 - 2015-02-19 22:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-12 00:40 - 2015-02-19 22:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-12 00:40 - 2015-02-19 22:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-12 00:40 - 2015-02-19 22:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 00:40 - 2015-02-19 22:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 00:40 - 2015-02-19 22:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-12 00:40 - 2015-02-19 22:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 00:40 - 2015-02-19 22:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 00:40 - 2015-02-19 22:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-12 00:40 - 2015-02-19 22:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-12 00:40 - 2015-02-19 22:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 00:40 - 2015-02-19 22:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 00:40 - 2015-02-19 22:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 00:40 - 2015-02-19 22:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 00:40 - 2015-02-19 22:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-12 00:40 - 2015-02-19 22:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 00:40 - 2015-02-19 22:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 00:40 - 2015-02-19 22:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 00:40 - 2015-02-19 21:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 00:40 - 2015-02-19 21:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 00:27 - 2015-03-12 00:58 - 00000000 ____D () C:\AdwCleaner
2015-03-12 00:25 - 2015-02-26 00:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 00:25 - 2015-02-03 00:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 00:25 - 2015-02-03 00:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 00:25 - 2015-01-16 23:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 00:25 - 2015-01-16 23:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-12 00:24 - 2015-03-06 02:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-12 00:24 - 2015-03-06 02:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-12 00:24 - 2015-03-06 02:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-12 00:24 - 2015-03-06 02:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-12 00:24 - 2015-03-06 02:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 00:24 - 2015-03-06 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-12 00:24 - 2015-03-06 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-12 00:24 - 2015-03-06 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-12 00:24 - 2015-03-06 02:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-12 00:24 - 2015-03-06 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-12 00:24 - 2015-03-06 02:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-12 00:24 - 2015-03-06 02:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-12 00:24 - 2015-03-06 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-12 00:24 - 2015-03-06 02:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-12 00:24 - 2015-03-06 02:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-12 00:24 - 2015-03-06 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-12 00:24 - 2015-03-06 02:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-12 00:24 - 2015-03-06 02:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-12 00:24 - 2015-03-06 02:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-12 00:24 - 2015-03-06 02:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-12 00:24 - 2015-03-06 02:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-12 00:24 - 2015-03-06 02:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-12 00:24 - 2015-03-06 02:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-12 00:24 - 2015-03-06 02:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-12 00:24 - 2015-03-06 02:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-12 00:24 - 2015-03-06 02:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-12 00:24 - 2015-03-06 02:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-12 00:24 - 2015-03-06 02:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-12 00:24 - 2015-03-06 02:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-12 00:24 - 2015-03-06 02:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-12 00:24 - 2015-03-06 02:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-12 00:24 - 2015-01-31 00:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-12 00:24 - 2015-01-31 00:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-12 00:24 - 2015-01-30 20:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-12 00:24 - 2015-01-30 20:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-12 00:23 - 2015-02-20 01:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 00:23 - 2015-02-20 01:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 00:23 - 2015-02-20 01:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 00:23 - 2015-02-20 01:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 00:23 - 2015-02-20 01:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 00:23 - 2015-02-20 01:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 00:23 - 2015-02-20 01:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 00:23 - 2015-02-20 01:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 00:23 - 2015-02-20 00:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 00:23 - 2015-02-20 00:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-12 00:22 - 2015-02-03 00:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 00:22 - 2015-02-03 00:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-12 00:22 - 2015-02-03 00:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-12 00:22 - 2015-02-03 00:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-12 00:22 - 2015-02-03 00:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-12 00:22 - 2015-02-03 00:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-12 00:22 - 2015-02-03 00:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-12 00:22 - 2015-02-03 00:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-12 00:22 - 2015-02-03 00:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-12 00:22 - 2015-02-03 00:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-12 00:22 - 2015-02-03 00:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 00:22 - 2015-02-03 00:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-12 00:22 - 2015-02-03 00:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-12 00:22 - 2015-02-03 00:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-12 00:22 - 2015-02-03 00:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-12 00:22 - 2015-02-03 00:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-12 00:22 - 2015-02-03 00:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-12 00:22 - 2015-02-03 00:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-12 00:22 - 2015-02-03 00:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-12 00:22 - 2015-02-03 00:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-12 00:22 - 2015-02-03 00:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-12 00:22 - 2015-02-03 00:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-12 00:22 - 2015-02-03 00:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-12 00:22 - 2015-02-03 00:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-12 00:22 - 2015-02-03 00:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-12 00:22 - 2015-02-03 00:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-12 00:22 - 2015-02-03 00:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-12 00:22 - 2015-02-03 00:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-12 00:22 - 2015-02-03 00:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-12 00:22 - 2015-02-03 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-12 00:22 - 2015-02-03 00:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-12 00:22 - 2015-02-02 23:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-12 00:22 - 2014-10-31 19:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-12 00:22 - 2014-06-27 21:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-12 00:22 - 2014-06-27 21:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-12 00:19 - 2015-02-04 00:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 00:19 - 2015-02-03 23:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 00:18 - 2015-02-03 00:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 00:18 - 2015-02-03 00:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-12 00:17 - 2015-02-13 02:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-12 00:17 - 2015-02-13 02:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-09 15:11 - 2015-03-09 15:11 - 00000000 ____D () C:\zoek_backup
2015-03-09 14:18 - 2015-03-09 14:19 - 00000197 _____ () C:\Windows\system32\2015-03-09-17-18-59.005-AvastVBoxSVC.exe-3016.log
2015-03-09 12:28 - 2015-03-09 12:28 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2015-03-09 12:28 - 2015-03-09 12:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-09 12:17 - 2015-03-09 12:18 - 00000197 _____ () C:\Windows\system32\2015-03-09-15-17-55.001-AvastVBoxSVC.exe-3308.log
2015-03-09 11:22 - 2015-03-09 11:22 - 00000449 _____ () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\UOL.website
2015-03-09 11:18 - 2015-03-09 11:18 - 00000197 _____ () C:\Windows\system32\2015-03-09-14-18-41.093-AvastVBoxSVC.exe-3380.log
2015-03-09 00:41 - 2015-03-09 00:41 - 00000197 _____ () C:\Windows\system32\2015-03-09-03-41-07.072-AvastVBoxSVC.exe-452.log
2015-03-09 00:07 - 2015-03-09 00:07 - 00000197 _____ () C:\Windows\system32\2015-03-09-03-07-17.051-AvastVBoxSVC.exe-2416.log
2015-03-08 22:52 - 2015-03-08 22:52 - 00000197 _____ () C:\Windows\system32\2015-03-09-01-52-57.062-AvastVBoxSVC.exe-3020.log
2015-03-08 22:43 - 2015-03-08 22:43 - 00000197 _____ () C:\Windows\system32\2015-03-09-01-43-33.007-AvastVBoxSVC.exe-4056.log
2015-03-08 22:26 - 2015-03-09 12:30 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Macwebtoise
2015-03-08 22:26 - 2015-03-08 22:26 - 00000286 __RSH () C:\Users\Todos os Usuários\ntuser.pol
2015-03-08 22:26 - 2015-03-08 22:26 - 00000286 __RSH () C:\ProgramData\ntuser.pol
2015-03-08 22:19 - 2015-03-23 11:59 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\BB1F68C4-1425863964-5045-AA9E-00E0914E52E6
2015-03-08 21:42 - 2015-03-08 21:43 - 00000197 _____ () C:\Windows\system32\2015-03-09-00-42-44.043-AvastVBoxSVC.exe-3268.log
2015-03-07 10:51 - 2015-03-07 10:51 - 00000197 _____ () C:\Windows\system32\2015-03-07-13-51-09.026-AvastVBoxSVC.exe-3584.log
2015-03-07 10:42 - 2015-03-07 10:42 - 00000000 _____ () C:\Users\Usuario\AppData\Local\{F85FED99-6FE9-475D-AFE6-E11B87D88517}
2015-03-05 15:12 - 2015-03-05 15:12 - 00000197 _____ () C:\Windows\system32\2015-03-05-18-12-03.039-AvastVBoxSVC.exe-3172.log
2015-03-04 22:14 - 2015-03-04 22:15 - 00000197 _____ () C:\Windows\system32\2015-03-05-01-14-58.057-AvastVBoxSVC.exe-3096.log
2015-03-02 12:29 - 2015-03-02 12:29 - 00000197 _____ () C:\Windows\system32\2015-03-02-15-29-07.092-AvastVBoxSVC.exe-1456.log
2015-02-27 11:06 - 2015-02-27 11:06 - 00000197 _____ () C:\Windows\system32\2015-02-27-14-06-05.024-AvastVBoxSVC.exe-4028.log
2015-02-27 10:44 - 2015-01-08 20:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-27 10:44 - 2015-01-08 20:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-26 00:26 - 2015-02-26 00:26 - 00000197 _____ () C:\Windows\system32\2015-02-26-03-26-49.018-AvastVBoxSVC.exe-2104.log
2015-02-25 13:32 - 2015-02-25 13:32 - 00000000 ____D () C:\Users\Todos os Usuários\gbas
2015-02-25 13:32 - 2015-02-25 13:32 - 00000000 ____D () C:\ProgramData\gbas
2015-02-24 17:30 - 2015-02-24 17:30 - 00000000 ____D () C:\Windows\System32\Tasks\Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 13:33 - 2014-11-26 13:44 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-24 13:11 - 2014-11-26 10:30 - 01384001 _____ () C:\Windows\WindowsUpdate.log
2015-03-24 13:04 - 2014-11-27 07:50 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2015-03-24 13:04 - 2014-11-27 07:50 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2015-03-24 12:43 - 2015-01-04 19:43 - 00000913 _____ () C:\Windows\Tasks\EPSON XP-211 214 216 Series Update {2B42C60A-1591-4497-BF93-2A9D31D340DC}.job
2015-03-24 12:43 - 2015-01-04 19:43 - 00000727 _____ () C:\Windows\Tasks\EPSON XP-211 214 216 Series Invitation {2B42C60A-1591-4497-BF93-2A9D31D340DC}.job
2015-03-24 12:14 - 2009-07-14 01:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-24 12:14 - 2009-07-14 01:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-24 12:07 - 2014-11-26 15:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-24 12:05 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-24 12:05 - 2009-07-14 01:51 - 00026306 _____ () C:\Windows\setupact.log
2015-03-23 14:01 - 2014-11-26 13:04 - 00164160 _____ () C:\Windows\PFRO.log
2015-03-23 11:41 - 2014-11-26 13:44 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Google
2015-03-23 11:40 - 2014-11-26 13:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-21 19:31 - 2014-11-26 15:13 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-21 19:31 - 2014-11-26 15:13 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-21 19:31 - 2014-11-26 15:13 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-21 19:31 - 2014-11-26 15:13 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-21 19:31 - 2014-11-26 15:13 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-21 19:31 - 2014-11-26 15:13 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-21 19:31 - 2014-11-26 15:13 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-21 19:30 - 2014-11-26 15:13 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-20 14:35 - 2009-07-29 12:39 - 00705684 _____ () C:\Windows\system32\prfh0416.dat
2015-03-20 14:35 - 2009-07-29 12:39 - 00147524 _____ () C:\Windows\system32\prfc0416.dat
2015-03-20 14:35 - 2009-07-14 02:13 - 01634498 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 14:13 - 2015-01-08 20:12 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Epson
2015-03-16 12:35 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache
2015-03-16 12:01 - 2014-11-27 07:50 - 00048093 _____ () C:\Users\Usuario\AppData\Roaming\unins000.dat
2015-03-16 12:01 - 2014-11-26 13:44 - 00000000 ____D () C:\Users\Todos os Usuários\Temp
2015-03-16 12:01 - 2014-11-26 13:44 - 00000000 ____D () C:\ProgramData\Temp
2015-03-14 11:03 - 2009-07-14 02:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-13 00:37 - 2014-11-26 13:44 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-13 00:37 - 2014-11-26 13:43 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 00:37 - 2014-11-26 13:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 00:37 - 2014-11-26 13:43 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Adobe
2015-03-12 19:28 - 2015-01-08 19:56 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Songr
2015-03-12 18:56 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-12 03:42 - 2009-07-14 01:45 - 00409776 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:40 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 03:40 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 03:12 - 2014-11-26 13:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:04 - 2014-11-26 13:27 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 00:38 - 2014-11-28 07:32 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Skype
2015-03-09 23:39 - 2015-01-04 19:22 - 00000000 ____D () C:\Users\Todos os Usuários\EPSON
2015-03-09 23:39 - 2015-01-04 19:22 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-09 22:08 - 2015-01-04 19:24 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-03-09 21:47 - 2015-01-04 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-03-09 12:44 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\Globalization
2015-03-08 22:41 - 2009-07-13 23:34 - 00000580 _____ () C:\Windows\win.ini
2015-03-08 22:26 - 2014-11-26 10:34 - 00001697 _____ () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-08 22:26 - 2009-07-14 00:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-08 22:26 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-02-24 03:17 - 2014-11-26 13:24 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-11-26 13:49 - 2014-11-26 13:49 - 6000640 _____ () C:\Program Files (x86)\GUT423E.tmp
2014-11-27 07:50 - 2015-03-16 12:01 - 0048093 _____ () C:\Users\Usuario\AppData\Roaming\unins000.dat
2015-03-16 12:01 - 2015-03-16 12:01 - 0720082 _____ () C:\Users\Usuario\AppData\Roaming\unins000.exe
2015-01-26 14:22 - 2015-01-26 14:22 - 0022544 _____ () C:\Users\Usuario\AppData\Roaming\UserTile.png
2015-03-07 10:42 - 2015-03-07 10:42 - 0000000 _____ () C:\Users\Usuario\AppData\Local\{F85FED99-6FE9-475D-AFE6-E11B87D88517}

Some content of TEMP:
====================
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Usuario\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 12:27

==================== End Of Log ============================


ultimo  :D 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Usuario at 2015-03-24 13:40:20
Running from D:\Users\Usuario\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Aplicativo Itaú (HKLM-x32\...\{1F217BEC-1FE4-47D5-BACE-40B1DFDA7605}) (Version: 1.0.40 - Banco Itaú)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2701.51 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{DB1C500D-1504-46B1-9976-5CBE008E2C88}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-211 214 216 Series Printer Uninstall (HKLM\...\EPSON XP-211 214 216 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.10.1213 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.10.0.1 - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Manual Epson XP-211_214 versão 1.0 (HKLM-x32\...\UsersGuideManual Epson XP-211_214_is1) (Version: 1.0 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 pt-BR)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.9.0 - Ralink)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
Songr (HKU\S-1-5-21-2805126714-2820243177-176866361-1000\...\Songr) (Version: 2.0.2330 - Xamasoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warsaw 1.3.1 (HKLM-x32\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2805126714-2820243177-176866361-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2805126714-2820243177-176866361-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)

==================== Restore Points  =========================

12-02-2015 10:39:36 Windows Update
16-02-2015 19:25:35 Windows Update
18-02-2015 23:41:52 Backup do Windows
20-02-2015 11:38:27 Windows Update
23-02-2015 17:02:18 Backup do Windows
24-02-2015 14:55:59 Windows Update
27-02-2015 10:41:27 Windows Update
03-03-2015 14:02:11 Windows Update
04-03-2015 01:04:00 Backup do Windows
09-03-2015 21:45:43 Installed Software Updater
11-03-2015 23:52:28 Windows Update
12-03-2015 03:00:24 Windows Update
12-03-2015 12:18:35 zoek.exe restore point
17-03-2015 13:27:36 Windows Update
20-03-2015 14:43:30 Windows Update
21-03-2015 19:27:49 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2015-01-08 20:27 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3D79D836-1F9E-4000-9816-8E396D45EE27} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-13] (Adobe Systems Incorporated)
Task: {520EB6F3-C18D-4F4E-8B6C-4D0EB26BDBB2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-21] (Avast Software s.r.o.)
Task: {740C3EA0-93ED-454C-8743-D2E7DF68F3EC} - System32\Tasks\EPSON XP-211 214 216 Series Update {2B42C60A-1591-4497-BF93-2A9D31D340DC} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {7AFC2286-9BEB-4AE5-98D1-278E92751D45} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2805126714-2820243177-176866361-1000
Task: {8381FDE9-2662-4D1D-A2E8-827588F0FE17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-23] (Google Inc.)
Task: {93BEFD71-73F7-4CF7-884C-45265917835C} - System32\Tasks\{F67277B5-5A0C-4140-A7C0-F5A9582E2E9D} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/pt/go/help.faq.installer?LastError=1618
Task: {94607396-315E-4C25-AC23-1EA099F659D3} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {2B42C60A-1591-4497-BF93-2A9D31D340DC} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A84C2178-94BA-4857-B611-5EC082832C35} - System32\Tasks\{749E74B6-3E51-4E14-B322-CD2FB9B53EEA} => pcalua.exe -a C:\Users\Usuario\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=smt
Task: {F748548C-BFC7-4CA0-823A-FEF4A417B894} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FA18E546-C2E8-43C4-B6AE-DBAC2B60AFBB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Invitation {2B42C60A-1591-4497-BF93-2A9D31D340DC}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE
Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Update {2B42C60A-1591-4497-BF93-2A9D31D340DC}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{2B42C60A-1591-4497-BF93-2A9D31D340DC} /F:UpdateSISTEMA
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-26 10:59 - 2011-04-15 14:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-08 22:26 - 2015-01-22 18:29 - 00462200 _____ () C:\Users\Usuario\AppData\Roaming\Macwebtoise\explorerEx64.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-21 19:30 - 2015-03-21 19:30 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-21 19:30 - 2015-03-21 19:30 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-23 23:54 - 2015-03-23 23:54 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15032301\algo.dll
2015-03-24 12:06 - 2015-03-24 12:06 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\15032400\algo.dll
2015-03-21 19:31 - 2015-03-21 19:31 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-21 19:31 - 2015-03-21 19:31 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-21 19:31 - 2015-03-21 19:31 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-13 00:37 - 2015-03-13 00:37 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\System32:BCF79949_Uni.gbp

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2805126714-2820243177-176866361-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: Diebold - Warsaw => C:\Program Files (x86)\Diebold\Warsaw\core.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrador (S-1-5-21-2805126714-2820243177-176866361-500 - Administrator - Disabled)
Convidado (S-1-5-21-2805126714-2820243177-176866361-501 - Limited - Disabled)
Usuario (S-1-5-21-2805126714-2820243177-176866361-1000 - Administrator - Enabled) => C:\Users\Usuario

==================== Faulty Device Manager Devices =============

Name: Dispositivo PCI
Description: Dispositivo PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Controlador de barramento SM
Description: Controlador de barramento SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2015 01:24:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17567, carimbo de hora: 0x4d672ee4
Nome do módulo de falhas: explorerEx64.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x54c0d01f
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000007fef9118e70
Identificação do processo com falha: 0x548
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
FCaminho do módulo de falhas: Explorer.EXE2
Identificação do Relatório: Explorer.EXE3

Error: (03/24/2015 01:22:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/23/2015 11:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: svchost.exe_SysMain, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bc3c1
Nome do módulo de falhas: sysmain.dll, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7c9db
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000001a490
Identificação do processo com falha: 0x1200
Hora de início do aplicativo com falha: 0xsvchost.exe_SysMain0
Caminho do aplicativo com falha: svchost.exe_SysMain1
FCaminho do módulo de falhas: svchost.exe_SysMain2
Identificação do Relatório: svchost.exe_SysMain3

Error: (03/23/2015 06:25:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: svchost.exe_SysMain, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bc3c1
Nome do módulo de falhas: sysmain.dll, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7c9db
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0000000000004e03
Identificação do processo com falha: 0x58c
Hora de início do aplicativo com falha: 0xsvchost.exe_SysMain0
Caminho do aplicativo com falha: svchost.exe_SysMain1
FCaminho do módulo de falhas: svchost.exe_SysMain2
Identificação do Relatório: svchost.exe_SysMain3

Error: (03/23/2015 03:42:17 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (472) SUS20ClientDataStore: Falha na verificação da leitura de página do banco de dados do arquivo "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" no deslocamento 168198144 (0x000000000a068000) (página do banco de dados wuaueng.dll0) para 32768 (0x00008000) bytes devido a uma incompatibilidade de soma de verificação da página. A soma de verificação esperada era [56fc56fcf9da9e88:bc84bc84723f146c:885477abd6e3143e:92456dba7f961444] e a real foi [56f656f64fff98e8:bf2ebf2ec7b011a6:885477abd6e3143e:92456dba7f961444]. A operação de leitura falhará com o erro -1018 (0xfffffc06). Se essa condição persistir, restaure o banco de dados por meio de um backup anterior. A causa provável desse problema é falha de hardware. Contate o fornecedor de hardware para obter assistência para diagnosticar o problema.

Error: (03/23/2015 11:33:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa firefox.exe versão 36.0.4.5557 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 162c

Hora de Início: 01d064f84f1b0d7e

Hora de Término: 31

Caminho do Aplicativo: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Id do Relatório: 9a42efaf-d169-11e4-b01c-5cc9d3ffa8ab

Error: (03/22/2015 08:30:54 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: O backup não foi concluído devido a um erro ao gravar no local de backup F:\. Erro: O local de backup não foi encontrado ou não é válido. Examine as configurações de backup e verifique o local de backup. (0x81000006).

Error: (03/22/2015 08:30:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: plugin-container.exe, versão: 36.0.1.5542, carimbo de hora: 0x54f851c0
Nome do módulo de falhas: mozalloc.dll, versão: 36.0.1.5542, carimbo de hora: 0x54f8437e
Código de exceção: 0x80000003
Deslocamento com falha: 0x00001e02
Identificação do processo com falha: 0xd54
Hora de início do aplicativo com falha: 0xplugin-container.exe0
Caminho do aplicativo com falha: plugin-container.exe1
FCaminho do módulo de falhas: plugin-container.exe2
Identificação do Relatório: plugin-container.exe3

Error: (03/22/2015 08:29:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: plugin-container.exe, versão: 36.0.1.5542, carimbo de hora: 0x54f851c0
Nome do módulo de falhas: mozalloc.dll, versão: 36.0.1.5542, carimbo de hora: 0x54f8437e
Código de exceção: 0x80000003
Deslocamento com falha: 0x00001e02
Identificação do processo com falha: 0x9c8
Hora de início do aplicativo com falha: 0xplugin-container.exe0
Caminho do aplicativo com falha: plugin-container.exe1
FCaminho do módulo de falhas: plugin-container.exe2
Identificação do Relatório: plugin-container.exe3

Error: (03/18/2015 10:29:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: svchost.exe_SysMain, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bc3c1
Nome do módulo de falhas: sysmain.dll, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7c9db
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00000000000032df
Identificação do processo com falha: 0x804
Hora de início do aplicativo com falha: 0xsvchost.exe_SysMain0
Caminho do aplicativo com falha: svchost.exe_SysMain1
FCaminho do módulo de falhas: svchost.exe_SysMain2
Identificação do Relatório: svchost.exe_SysMain3


System errors:
=============
Error: (03/23/2015 11:54:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Superfetch foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço.

Error: (03/23/2015 11:53:58 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "USUARIO-PC     :20" não pôde ser registrado na interface com o endereço IP 192.168.1.102.
O computador de endereço IP 192.168.1.104 não permitiu que o nome fosse reivindicado por
este computador.

Error: (03/23/2015 11:53:58 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "USUARIO-PC     :0" não pôde ser registrado na interface com o endereço IP 192.168.1.102.
O computador de endereço IP 192.168.1.104 não permitiu que o nome fosse reivindicado por
este computador.

Error: (03/23/2015 11:53:58 PM) (Source: Server) (EventID: 2505) (User: )
Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7407538-EC30-4362-A926-94C39AF30E96} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.

Error: (03/23/2015 06:25:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Superfetch foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço.

Error: (03/23/2015 06:25:30 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "USUARIO-PC     :0" não pôde ser registrado na interface com o endereço IP 192.168.1.102.
O computador de endereço IP 192.168.1.104 não permitiu que o nome fosse reivindicado por
este computador.

Error: (03/23/2015 06:25:30 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "USUARIO-PC     :20" não pôde ser registrado na interface com o endereço IP 192.168.1.102.
O computador de endereço IP 192.168.1.104 não permitiu que o nome fosse reivindicado por
este computador.

Error: (03/23/2015 06:25:30 PM) (Source: Server) (EventID: 2505) (User: )
Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7407538-EC30-4362-A926-94C39AF30E96} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.

Error: (03/23/2015 06:25:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: O driver detectou um erro de controlador em \Device\Harddisk1\DR1.

Error: (03/23/2015 06:25:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: O driver detectou um erro de controlador em \Device\Harddisk1\DR1.


Microsoft Office Sessions:
=========================
Error: (03/24/2015 01:24:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4explorerEx64.dll_unloaded0.0.0.054c0d01fc0000005000007fef9118e7054801d06643fbcd94d5C:\Windows\Explorer.EXEexplorerEx64.dll3f05595c-d242-11e4-917f-5cc9d3ffa8ab

Error: (03/24/2015 01:22:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Users\Usuario\Downloads\SoftonicDownloader_para_songr.exe

Error: (03/23/2015 11:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000005000000000001a490120001d065b0088aff90C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll043db4b0-d1d1-11e4-b676-5cc9d3ffa8ab

Error: (03/23/2015 06:25:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc00000050000000000004e0358c01d0658b3dca11ddC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll21b93e17-d1a3-11e4-b676-5cc9d3ffa8ab

Error: (03/23/2015 03:42:17 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll472SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb168198144 (0x000000000a068000)32768 (0x00008000)-1018 (0xfffffc06)[56fc56fcf9da9e88:bc84bc84723f146c:885477abd6e3143e:92456dba7f961444][56f656f64fff98e8:bf2ebf2ec7b011a6:885477abd6e3143e:92456dba7f961444]5132 (0x140C)

Error: (03/23/2015 11:33:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe36.0.4.5557162c01d064f84f1b0d7e31C:\Program Files (x86)\Mozilla Firefox\firefox.exe9a42efaf-d169-11e4-b01c-5cc9d3ffa8ab

Error: (03/22/2015 08:30:54 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\O local de backup não foi encontrado ou não é válido. Examine as configurações de backup e verifique o local de backup. (0x81000006)

Error: (03/22/2015 08:30:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e02d5401d0605ae29b300eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll625f7f73-d0eb-11e4-b01c-5cc9d3ffa8ab

Error: (03/22/2015 08:29:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e029c801d0642e03284c7aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll5a8c041c-d0eb-11e4-b01c-5cc9d3ffa8ab

Error: (03/18/2015 10:29:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc000000500000000000032df80401d0605aa096fb30C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll57d9edc8-cdd7-11e4-b01c-5cc9d3ffa8ab


CodeIntegrity Errors:
===================================
  Date: 2015-03-08 22:31:17.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 22:31:16.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 22:30:56.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 22:30:56.222
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 22:30:46.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 22:30:46.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 22:27:57.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 22:27:57.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 22:26:50.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 22:26:50.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 57%
Total physical RAM: 4043.84 MB
Available physical RAM: 1721.65 MB
Total Pagefile: 8085.88 MB
Available Pagefile: 6124.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (RENATA) (Fixed) (Total:141 GB) (Free:72.68 GB) NTFS
Drive d: (DADOS) (Fixed) (Total:140.59 GB) (Free:122.33 GB) NTFS
Drive e: (AGIT ) (CDROM) (Total:0.69 GB) (Free:0.56 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FAB51F5C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×