mibs

Doador
  • Total de itens

    32
  • Registro em

  • Última visita

Reputação

0 Neutral

Sobre mibs

  • Rank
    Doador

Profile Information

  • Sexo
    Feminino
  1. Bom dia! Não sei se é tópico para o fórum, mas estou com problema na pesquisa do Microsoft Outlook que não trás todos os resultados da pesquisa. Ao entrar em soluções de problemas, recebo a mensagem "Permissões incorretas em diretórios do Windows Search". Dentro do Outlook mesmo, ao digitar no campo pesquisa ele informa que "Talvez os resultados da pesquisa estejam incompletos porque ainda há itens sendo indexados." Porém, também dentro do Outlook, ao clicar em Arquivo->Opções->Pesquisar->Indexando opções a resposta é "Indexação Concluída". Como se faz a restauração das permissões corretas?
  2. Parece que resolveu! Obrigada! Como fecho o tópico?
  3. Sim. Ao abrir o navegador, na página inicial, nada ocorre até começar a navegar. Estou falando do Firefox. Daí abrem-se as 3 janelas na parte inferior do monitor. Se eu não fizer nada, a página principal muda. Muitas vezes para uma tal de http://offers.bycontext.com Se eu fechar cuidadosamente (no X) as 3 janelas que abrem, consigo navegar. Entretanto, usei o IE hoje de manhã sem problemas. Antes de você começar a me ajudar, o problema no IE era idêntico. Cordialmente.... [Edit].... quem sabe eu desinstalo do Firefox?
  4. ~ ZHPCleaner v2015.5.18.245 by Nicolas Coolman (2015\05\18) ~ Run by irene (Administrator) (19/05/2015 15:13:46) ~ Forum : http://forum.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Reparo ~ Report : C:\Users\irene\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\irene\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) ~ Windows 7, 64-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ~ Nenhum ítem malicioso foi encontrado. ---\\ Navegadores de Internet (2) SUPRIMIDO dados: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 [bad : 1] (Hijacker.Proxy) SUPRIMIDO dados: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 [bad : 1] (Hijacker.Proxy) ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (20) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (4) MOVIDO pasta: C:\Users\irene\AppData\Roaming\unins000.exe [ - Setup/Uninstall] (Adware.Pirrit) MOVIDO pasta: C:\Users\irene\AppData\Roaming\unins001.exe [ - Setup/Uninstall] (Adware.Pirrit) MOVIDO pasta: C:\Users\irene\AppData\Local\Temp\HPSFUpdaterEXE.cab (PUP.Dealply) MOVIDO pasta: c:\Windows\Installer\{67626E09-5366-4480-8F1E-93FADF50CA15}\ARPPRODUCTICON.exe (PUP.ClientConnect) ---\\ Registro ( Chaves, Valores, Dados ) (18) SUBSTITUIDO dados: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{28AAE250-6996-4BBF-BE9E-D173C20ABCA6} (Hijacker.SearchScopes) SUPRIMIDO dados: HKCR\AutoCADScriptFile\Shell\Open\Command\\Default [bad : [scr] C:\Windows\system32\notepad.exe "%1"] (Broken.OpenCommand) SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\do-search.com [72] (PUP.DoSearches) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\ComposerEMV.SectionViewpointCmd [sectionViewpointCmd Object] (Adware.MetaStream) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\ComposerEMV.SectionViewpointCmd.1 [sectionViewpointCmd Object] (Adware.MetaStream) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\EModelViewer.SectionViewpointCmd [] (Adware.MetaStream) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\EModelViewer.SectionViewpointCmd.1 [] (Adware.MetaStream) SUPRIMIDO chave*: [X64] HKLM\Software\Classes\Installer\Products\90E6267666350844F8E139AFFD05AC51 [MediaSmart Live TV] (PUP.ClientConnect) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MediaSmart Live TV [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\HPTV.exe] (PUP.ClientConnect) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MediaSmartWebcam [C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\HPMediaSmartWebcam.exe] (PUP.SmartWebSearch) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00C9B4A561A0943E76B8F669053EEA90 [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Presentation\packages\Crypto\__init__.kc] (PUP.ClientConnect) SUPRIMIDO chave: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\MediaSmart Live TV [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\HPTV.exe] (PUP.ClientConnect) SUPRIMIDO chave: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\MediaSmartWebcam [C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\HPMediaSmartWebcam.exe] (PUP.SmartWebSearch) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15} [HP MediaSmart Live TV] (PUP.ClientConnect) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{67626E09-5366-4480-8F1E-93FADF50CA15} [HP MediaSmart Live TV] (PUP.ClientConnect) SUPRIMIDO chave*: [X64] HKLM\Software\Classes\Installer\Features\90E6267666350844F8E139AFFD05AC51 [] (PUP.ClientConnect) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\CLSID\{C77D5601-9BE6-411f-B180-82EE0957A540} [statusSink Class] (PUP.ClientConnect) SUPRIMIDO chave: [X64] HKLM\SOFTWARE\Classes\CLSID\{C77D5601-9BE6-411f-B180-82EE0957A540}\InprocServer32 [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\Common\MCEMediaStatus64.dll] (PUP.ClientConnect) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Google Chrome) ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 1054 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 24 End of clean at 15:14:12 =================== ZHPCleaner-[R]-19052015-15_14_12.txt ZHPCleaner--19052015-15_13_01.txt
  5. Bom dia JoseMelo Sobre o roteador, sou leiga demais para fazer o procedimento. Sei que tem configuração da Oi (ADSL), das câmeras, hd externo.... não saberia refazer. Se você acha que é a solução, eu chamo um técnico para fazer. De qualquer modo, fiz a orientação seguinte (ESET), mas não foi encontrado nada. Só para você saber, hoje de manhã, apesar do computador ter ficado a noite ligado (o scan é bem demorado), as janelas não apareceram de imediato. Quando estava pensando que o problema tinha se resolvido, apareceram no Firefox. (O IE ainda está limpo!) Cordialmente, 2015 05 19 ESET No Threats Found.pdf
  6. [Edit].... Está bem difícil de navegar... para poder realizar este procedimento, tive que ler as instruções no celular e fazer várias tentativas para conseguir baixar os softwares... No anexo também um print screen de telas. ====== Bom dia! Continua abrindo janelas e mudando de página... ADW # AdwCleaner v4.204 - Relatório criado 17/05/2015 às 09:41:31 # Atualizado 12/05/2015 por Xplode # Base de dados : 2015-05-12.2 [servidor] # Sistema operacional : Windows 7 Professional Service Pack 1 (x64) # Usuário : irene - IRENE-PC # Executando de : C:\Users\irene\Desktop\adwcleaner_4.204.exe # Opção : Limpar ***** [ Serviços ] ***** [#] Serviço Excluído : Update Mgr SaleCharger [#] Serviço Excluído : Service Mgr SaleCharger ***** [ Arquivos / Pastas ] ***** Pasta Excluído : C:\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad Pasta Excluído : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICamVideoPlayer Pasta Excluído : C:\Program Files (x86)\Sale Charger Pasta Excluído : C:\Program Files (x86)\ICamVideoPlayer Pasta Excluído : C:\Program Files (x86)\Common Files\322cb724-1680-423d-8862-1b52ca5027ad Pasta Excluído : C:\Users\irene\AppData\Roaming\do-search Arquivo Excluído : C:\Users\irene\AppData\Roaming\Mozilla\Firefox\Profiles\crjd57ft.default-1427373050539\searchplugins\do-search.xml Arquivo Excluído : C:\Users\irene\AppData\Roaming\Mozilla\Firefox\Profiles\crjd57ft.default-1427373050539\user.js ***** [ Tarefas agendadas ] ***** ***** [ Atalhos ] ***** ***** [ Registro ] ***** Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [detgdp@gmail.com] Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com] Chave Apagado : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Chave Apagado : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Chave Apagado : HKCU\Software\Mozilla\Extends Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{7A38E53C-E000-41E4-9B5A-47447DB81C2B} Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2} Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8} Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A38E53C-E000-41E4-9B5A-47447DB81C2B} Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A38E53C-E000-41E4-9B5A-47447DB81C2B} Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7A38E53C-E000-41E4-9B5A-47447DB81C2B} Chave Apagado : HKCU\Software\Myfree Codec Chave Apagado : HKCU\Software\Baidu Chave Apagado : HKLM\SOFTWARE\do-searchSoftware Chave Apagado : HKLM\SOFTWARE\Myfree Codec Chave Apagado : HKLM\SOFTWARE\FFPluginHp Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d} Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\do-search uninstall Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sale Charger ***** [ Navegadores ] ***** -\\ Internet Explorer v11.0.9600.17801 Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v38.0.1 (x86 pt-BR) [crjd57ft.default-1427373050539\prefs.js] - Linha Apagado : user_pref("browser.search.defaultenginename", "do-search"); [crjd57ft.default-1427373050539\prefs.js] - Linha Apagado : user_pref("extensions.quick_start.enable_search1", false); [crjd57ft.default-1427373050539\prefs.js] - Linha Apagado : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); ************************* AdwCleaner[R0].txt - [7376 bytes] - [29/11/2014 17:52:02] AdwCleaner[R1].txt - [4187 bytes] - [17/05/2015 09:37:25] AdwCleaner[s0].txt - [5945 bytes] - [29/11/2014 17:53:59] AdwCleaner[s1].txt - [3694 bytes] - [17/05/2015 09:41:31] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [3753 bytes] ########## JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.7.2 (05.15.2015:1) OS: Windows 7 Professional x64 Ran by irene on 17/05/2015 at 9:52:58,58 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf ~~~ Folders Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec ~~~ FireFox Successfully deleted the following from C:\Users\irene\AppData\Roaming\mozilla\firefox\profiles\crjd57ft.default-1427373050539\prefs.js user_pref(browser.search.searchengine.alias, ); user_pref(browser.search.searchengine.desc, ); user_pref(browser.search.searchengine.iconURL, ); user_pref(browser.search.searchengine.name, ); user_pref(browser.search.searchengine.ptid, ); user_pref(browser.search.searchengine.uid, ); user_pref(browser.search.searchengine.url, ); Emptied folder: C:\Users\irene\AppData\Roaming\mozilla\firefox\profiles\crjd57ft.default-1427373050539\minidumps [10 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/05/2015 at 9:59:59,33 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malware em anexo Obrigada por enquanto.... Mbam.txt 2015 05 17 Pós instruções2.pdf
  7. Olá JoseMelo! Olha só... Fiz o que você pediu, praticamente na hora que o email chegou (pouco depois das 15h). Ao dar 'corrigir', ele passou rapidamente pelos itens "colados" e aparentemente travou. (Tentei mover a janela e não consegui). Não tinha nenhum sinal de que algo estava acontecendo, mas mesmo assim deixei ligado, sem usar outras janelas. Tive que sair, deixei o computador ligado. Agora,19:30 (praticamente 4h depois de iniciado o procedimento), tentei fechar a janela pelo gerenciador e deu tela azul. Mando uma imagem no anexo. Não chegou a criar arquivo de log. Se você for pedir para fazer de novo, gostaria de saber o que esperar depois de dar 'corrigir' (se há algo que indica que está trabalhando) e que tempo aproximado demora. Devo dizer que logo depois de reinicializar, abri o firefox e estava limpo! Mudou a página inicial para a dele mesmo (isto é o de menos) e não vieram as propagandas. Fui testar no IE e lá estava ainda com o problema, mudou a página inicial para o do-search (eu já havia alterado para a minha) e as 3 janelas de propaganda estavam lá. Depois de um tempinho, as janelas de propaganda apareceram de novo no firefox. Obrigada por enquanto! 2015 05 15 tela azul.pdf
  8. Olá JoseMelo boa tarde! Obrigada pela ajuda. Seguem os logs: OTL.Txt Extras.Txt
  9. Boa tarde Estava navegando quando apareceu uma msg para atualizar flash. Também apareceu para atualizar media player. Ao clicar, percebi que a janela era estranha e cancelei. Pelo jeito, tarde demais... Criei os logs no computador, mas estava com dificuldade de enviar porque não pára de abrir janelas e mudar a página onde estou. Reiniciei o computador e 47 atualizações foram instaladas (depois de gerados os logs). FSS.txt MbrScan.log ZA-Scan.txt
  10. Bom dia! Realmente demorou bastante... depois de instalar 'database' apareceu um 'unexpected error 2002'. Fechei comecei tudo de novo. Desta vez foi até o fim. O relatório: C:\$Recycle.Bin\S-1-5-21-2561684925-1481045400-2583998248-1000\$RO09BR4.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined C:\(D)\Downloads\CDBurnerXP.exe a variant of MSIL/Solimba.AH potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir Win32/ELEX.BC potentially unwanted application deleted - quarantined C:\Program Files\Autodesk\AutoCAD 2012 - English\x-force_2012_x64.exe Win32/Keygen.BL potentially unsafe application deleted - quarantined C:\Users\irene\AppData\Local\Temp\installer_adobe_flash_player_Portuguese.exe a variant of Win32/InstallCore.PL potentially unwanted application deleted - quarantined C:\Users\irene\AppData\Local\Temp\n2129\s2129.exe a variant of MSIL/Solimba.AC potentially unwanted application deleted - quarantined C:\Users\irene\AppData\Local\Temp\n6688\s6688.exe a variant of MSIL/Solimba.AC potentially unwanted application deleted - quarantined C:\Users\irene\AppData\Local\Temp\n8683\s8683.exe a variant of MSIL/Solimba.AC potentially unwanted application deleted - quarantined C:\Users\irene\AppData\Local\Temp\n8964\s8964.exe a variant of MSIL/Solimba.AC potentially unwanted application deleted - quarantined C:\Users\irene\Downloads\burnaware_free.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined C:\Users\irene\Downloads\easy_duplicate_setup.exe Win32/MyPCBackup.A potentially unwanted application deleted - quarantined C:\Users\irene\Downloads\Nero_BurningROM2015_setup-16.0c_trial.exe a variant of Win32/InstallCore.QW potentially unwanted application deleted - quarantined C:\Users\irene\Downloads\VDownloaderIC.exe Win32/Somoto.P potentially unwanted application deleted - quarantined
  11. Obrigada Ciro... Segue conforme sua orientação: 1) OTL.txt OTL logfile created on: 30/11/2014 17:16:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\irene\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.17148) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 5,99 Gb Total Physical Memory | 3,48 Gb Available Physical Memory | 58,08% Memory free 11,98 Gb Paging File | 9,26 Gb Available in Paging File | 77,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,33 Gb Total Space | 221,17 Gb Free Space | 48,68% Space Free | Partition Type: NTFS Drive D: | 11,13 Gb Total Space | 1,58 Gb Free Space | 14,18% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 92,43 Mb Free Space | 93,35% Space Free | Partition Type: FAT32 Computer Name: IRENE-PC | User Name: irene | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2014/11/30 17:12:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\irene\Desktop\OTL.exe PRC - [2014/11/13 04:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\irene\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2014/09/12 16:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe PRC - [2014/09/12 16:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe PRC - [2014/09/12 16:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe PRC - [2014/09/12 07:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2014/07/30 12:24:34 | 000,925,696 | ---- | M] (LionMax Software) -- C:\Program Files (x86)\Everyday Auto Backup\AutoBackup.exe PRC - [2014/07/25 06:42:26 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2014/07/25 06:42:20 | 001,562,264 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2014/05/06 15:26:30 | 000,528,424 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe PRC - [2014/03/25 11:32:01 | 001,004,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe PRC - [2013/10/15 12:51:16 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe PRC - [2011/03/29 04:54:36 | 000,057,488 | ---- | M] ( Beijing WatchData System Co., Ltd.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe PRC - [2011/03/24 06:16:36 | 000,075,680 | ---- | M] (Beijing WatchData System Co., Ltd.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe PRC - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2010/07/14 10:42:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe PRC - [2009/10/21 13:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009/10/06 23:56:44 | 000,415,016 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe PRC - [2009/10/06 00:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009/09/04 14:35:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe ========== Modules (No Company Name) ========== MOD - [2014/11/30 17:10:28 | 000,043,008 | ---- | M] () -- c:\users\irene\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptaaful.dll MOD - [2014/11/13 04:49:58 | 003,610,624 | ---- | M] () -- C:\Users\irene\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2014/11/12 09:47:31 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\11650ce4aad4575fc146aa66a575bcb7\System.Runtime.Remoting.ni.dll MOD - [2014/10/16 12:34:26 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll MOD - [2014/10/16 12:33:25 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll MOD - [2014/10/16 12:32:30 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll MOD - [2014/10/15 15:22:20 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll MOD - [2014/10/15 15:22:07 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll MOD - [2014/10/15 15:21:55 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll MOD - [2014/10/15 15:21:55 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll MOD - [2014/10/15 15:21:54 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll MOD - [2014/10/15 15:21:54 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll MOD - [2014/10/15 15:21:50 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll MOD - [2014/10/15 15:21:46 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll MOD - [2014/10/15 15:21:46 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll MOD - [2014/10/15 15:21:45 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll MOD - [2014/03/20 13:21:28 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll MOD - [2014/03/20 12:49:31 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll MOD - [2014/03/05 12:07:06 | 000,287,744 | ---- | M] () -- C:\Program Files (x86)\Everyday Auto Backup\skin.cjstyles MOD - [2013/08/23 17:01:44 | 025,100,288 | ---- | M] () -- C:\Users\irene\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013/06/17 13:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll MOD - [2011/07/24 22:53:10 | 000,053,248 | ---- | M] () -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDEvent.dll MOD - [2011/03/24 06:16:36 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\UIResB3.dll MOD - [2011/03/24 06:16:36 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\hodll.dll MOD - [2009/10/06 00:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV:64bit: - [2014/03/31 10:45:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/05/13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) SRV - [2014/11/26 12:29:51 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/11/11 09:27:02 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/09/12 16:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9) SRV - [2014/09/12 07:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014/05/06 15:26:30 | 000,528,424 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv) SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014/03/20 20:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2014/03/13 14:57:27 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2013/10/15 12:51:16 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP) SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2011/03/24 06:16:36 | 000,075,680 | ---- | M] (Beijing WatchData System Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe -- (WDBrazMonitor34) SRV - [2011/02/02 15:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV) SRV - [2010/01/09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009/09/04 14:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014/06/16 04:01:38 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2014/06/16 04:01:38 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2014/03/31 11:07:47 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2014/03/31 10:46:06 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2014/03/31 10:45:56 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2014/03/31 10:45:56 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2014/03/31 10:45:56 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2014/03/31 10:23:05 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2014/03/25 11:34:25 | 000,625,248 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2014/03/25 11:34:24 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt) DRV:64bit: - [2014/03/11 00:18:39 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2014/03/11 00:18:39 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2014/03/11 00:18:37 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2013/10/15 12:51:14 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2013/10/15 12:51:12 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2013/05/14 18:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2013/04/12 16:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) DRV:64bit: - [2012/03/01 04:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/14 05:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/05/13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 11:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 09:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 07:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/07/14 10:42:26 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/03/23 15:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/11/20 16:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/10/27 00:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009/10/27 00:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/10/21 23:11:00 | 000,066,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009/09/17 18:56:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/09/17 18:56:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009/09/17 18:56:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/09/17 18:56:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 22:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009/06/10 19:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 19:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 19:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 18:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 18:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 18:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2013/05/08 10:52:48 | 000,049,536 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm) DRV - [2009/10/16 21:47:06 | 000,146,928 | ---- | M] (CyberLink Corp.) [2014/03/07 14:45:38] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2009/09/02 15:58:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.capacitta.com.br/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 04 95 D8 47 3C CF 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {97583AA2-6B84-4180-BC9E-88904C3431F8} IE - HKCU\..\SearchScopes\{97583AA2-6B84-4180-BC9E-88904C3431F8}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}&rlz=1I7MXGB_pt-BRBR592 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.capacitta.com.br" FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E8871%7D:3.7.1 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:14.0.0.4939 FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.5.2 FF - prefs.js..extensions.enabledAddons: yesscript%40userstyles.org:2.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1 FF - prefs.js..browser.startup.homepage: "http://www.capacitta.com.br" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\irene\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\irene\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia) FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/scd: C:\Users\irene\AppData\Local\GAS Tecnologia\GBBD\npsf_scd.dll (GAS Tecnologia) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014/07/30 10:59:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014/07/30 10:59:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014/07/30 10:59:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014/07/30 10:59:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014/07/30 10:59:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/04/04 15:09:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\detgdp@gmail.com: C:\Users\irene\AppData\Roaming\Mozilla\Firefox\Profiles\2w1abo5l.default\extensions\detgdp@gmail.com [2014/11/12 08:37:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\irene\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014/08/19 18:51:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/04/04 15:09:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8871}: C:\Users\irene\AppData\Local\GAS Tecnologia\GBBD\scd\xpi [2014/05/22 13:45:57 | 000,000,000 | ---D | M] [2014/03/12 11:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\irene\AppData\Roaming\mozilla\Extensions [2014/11/12 10:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\irene\AppData\Roaming\mozilla\Firefox\Profiles\2w1abo5l.default\extensions [2014/11/12 08:37:18 | 000,000,000 | ---D | M] ("Security Protection") -- C:\Users\irene\AppData\Roaming\mozilla\Firefox\Profiles\2w1abo5l.default\extensions\detgdp@gmail.com [2014/10/22 09:46:27 | 000,053,620 | ---- | M] () (No name found) -- C:\Users\irene\AppData\Roaming\mozilla\firefox\profiles\2w1abo5l.default\extensions\yesscript@userstyles.org.xpi [2014/11/11 09:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014/11/11 09:27:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014/07/30 10:59:19 | 000,000,000 | ---D | M] (Chặn quảng cáo) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 14.0.0\FFEXT\ANTI_BANNER@KASPERSKY.COM [2014/08/19 18:51:02 | 000,000,000 | ---D | M] (GBBD Banco do Brasil) -- C:\USERS\IRENE\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\BB\XPI [2014/05/22 13:45:57 | 000,000,000 | ---D | M] (Dispositivo de Segurança Sicredi) -- C:\USERS\IRENE\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\SCD\XPI O1 HOSTS File: ([2014/05/22 13:45:02 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Program Files (x86)\GbPlugin\gbiehscd.dll (Sicredi) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Arquivos de Programas\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [wdbraz_certm] C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe ( Beijing WatchData System Co., Ltd.) O4 - HKCU..\Run: [Everyday Auto Backup] C:\Program Files (x86)\Everyday Auto Backup\AutoBackup.exe (LionMax Software) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard) O4 - Startup: C:\Users\irene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\irene\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 File not found O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: Teclado virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Teclado virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites) O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites) O15 - HKCU\..Trusted Domains: sicredi.com.br ([ibpj] * in Trusted sites) O15 - HKCU\..Trusted Domains: sicredi.com.br ([si-plg] * in Trusted sites) O15 - HKCU\..Trusted Domains: sicredi.com.br ([www] * in Trusted sites) O15 - HKCU\..Trusted Domains: sicreditotal.com.br ([internet] * in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCBC388E-78B2-4452-AFBB-46F068E125AF}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9844D71-3241-4F58-9832-550AEA0F0F48}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O20 - Winlogon\Notify\ GbPluginScd: DllName - (C:\Program Files (x86)\GbPlugin\gbiehScd.dll) - C:\Program Files (x86)\GbPlugin\gbiehScd.dll (Sicredi) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files (x86)\GbPlugin\gbiehscd.dll (Sicredi) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014/03/13 14:41:13 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2014/06/26 14:43:34 | 000,000,000 | ---D | M] - C:\Autodesk TrueView -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) ========== Files/Folders - Created Within 90 Days ========== [2014/11/30 17:12:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\irene\Desktop\OTL.exe [2014/11/29 19:27:23 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/11/29 19:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014/11/29 19:26:50 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014/11/29 19:26:50 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014/11/29 19:26:50 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014/11/29 19:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2014/11/29 19:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014/11/29 19:07:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/11/29 18:51:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/11/28 11:25:59 | 000,000,000 | ---D | C] -- C:\zoek_backup [2014/11/28 11:23:37 | 000,000,000 | ---D | C] -- C:\Users\irene\Desktop\ZAScan [2014/11/27 08:43:45 | 000,000,000 | ---D | C] -- C:\Users\irene\Documents\SelfMV [2014/11/12 08:40:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log [2014/11/11 10:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2014/11/11 10:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2014/11/11 09:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014/10/27 07:45:05 | 000,000,000 | R--D | C] -- C:\Users\irene\Documents\Scanned Documents [2014/10/27 07:45:04 | 000,000,000 | ---D | C] -- C:\Users\irene\Documents\Fax [2014/10/22 11:01:23 | 000,000,000 | ---D | C] -- C:\Users\irene\AppData\Roaming\Oracle [2014/10/21 16:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free [2014/10/21 16:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BurnAware Free [2014/10/21 16:47:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2014/10/21 16:33:43 | 000,000,000 | ---D | C] -- C:\Users\irene\AppData\Roaming\Nero [2014/10/21 16:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2014/10/21 14:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2014/10/21 14:24:06 | 000,000,000 | ---D | C] -- C:\Users\irene\AppData\Roaming\Canneverbe Limited [2014/10/16 13:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2014/10/13 15:37:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2014/10/13 15:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2014/10/13 15:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2014/10/10 12:16:25 | 000,000,000 | ---D | C] -- C:\Back up Irene Toshiba [2014/09/26 18:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics [2014/09/26 18:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2014/09/26 18:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics [2014/09/26 16:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Duplicate Finder 4 [2014/09/26 16:11:31 | 000,000,000 | ---D | C] -- C:\Users\irene\Documents\EasyDuplicateFinder [2014/09/26 16:11:31 | 000,000,000 | ---D | C] -- C:\Users\irene\AppData\Roaming\EasyDuplicateFinder [2014/09/26 16:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy Duplicate Finder [2014/09/19 11:35:19 | 000,000,000 | ---D | C] -- C:\Users\irene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth [2014/09/12 16:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix [2014/09/12 16:00:53 | 000,000,000 | ---D | C] -- C:\Users\irene\AppData\Local\Citrix [2014/03/14 16:06:01 | 005,052,688 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe [3 C:\Users\irene\AppData\Local\*.tmp files -> C:\Users\irene\AppData\Local\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2014/11/30 17:17:15 | 000,024,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/11/30 17:17:15 | 000,024,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/11/30 17:12:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\irene\Desktop\OTL.exe [2014/11/30 17:09:21 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/11/30 17:09:14 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\SysWow64\drivers\gbpndisrd.sys [2014/11/30 17:09:14 | 000,010,266 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.cat [2014/11/30 17:09:14 | 000,003,641 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.inf [2014/11/30 17:09:14 | 000,001,814 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd_m.inf [2014/11/30 17:09:14 | 000,001,402 | ---- | M] () -- C:\Windows\SysWow64\drivers\gas.cer [2014/11/30 17:09:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/11/30 17:09:05 | 529,682,431 | -HS- | M] () -- C:\hiberfil.sys [2014/11/29 19:54:47 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/11/29 19:41:00 | 000,000,538 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2561684925-1481045400-2583998248-1000.job [2014/11/29 19:29:04 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/11/29 19:29:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/11/29 19:26:54 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/11/27 13:29:18 | 001,643,878 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/11/27 13:29:18 | 000,708,950 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat [2014/11/27 13:29:18 | 000,657,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/11/27 13:29:18 | 000,148,730 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat [2014/11/27 13:29:18 | 000,123,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/11/27 11:27:59 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv [2014/11/14 14:44:29 | 000,001,049 | ---- | M] () -- C:\Users\irene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014/11/14 14:44:12 | 000,001,017 | ---- | M] () -- C:\Users\irene\Desktop\Dropbox.lnk [2014/11/12 10:00:50 | 000,530,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/11/11 10:47:03 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2014/10/21 17:20:21 | 000,000,430 | ---- | M] () -- C:\Users\irene\AppData\Roaming\burnaware.ini [2014/10/21 16:54:09 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk [2014/10/13 15:37:23 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014/10/01 11:11:16 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014/09/23 15:19:57 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk [2014/09/17 11:47:55 | 000,000,565 | ---- | M] () -- C:\AA Clientes (HMNHD-TIC2LRDocumentsAA Consultoria) (Z) - Atalho.lnk [2014/09/17 10:26:22 | 000,000,326 | ---- | M] () -- C:\Users\irene\Desktop\Ferramentas de diagnóstico da impressora HP.url [2014/09/12 11:17:00 | 001,609,088 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [3 C:\Users\irene\AppData\Local\*.tmp files -> C:\Users\irene\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/11/29 19:26:54 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/11/11 10:47:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2014/11/11 10:47:03 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2014/10/21 16:54:36 | 000,000,430 | ---- | C] () -- C:\Users\irene\AppData\Roaming\burnaware.ini [2014/10/21 16:54:09 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk [2014/09/17 11:47:55 | 000,000,565 | ---- | C] () -- C:\AA Clientes (HMNHD-TIC2LRDocumentsAA Consultoria) (Z) - Atalho.lnk [2014/09/17 10:26:22 | 000,000,326 | ---- | C] () -- C:\Users\irene\Desktop\Ferramentas de diagnóstico da impressora HP.url [2014/09/12 16:01:59 | 000,000,538 | ---- | C] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2561684925-1481045400-2583998248-1000.job [2014/07/02 11:21:48 | 000,815,314 | ---- | C] () -- C:\Users\irene\AppData\Roaming\unins000.exe [2014/07/02 11:21:48 | 000,017,100 | ---- | C] () -- C:\Users\irene\AppData\Roaming\unins000.dat [2014/05/22 13:45:57 | 000,727,182 | ---- | C] () -- C:\Users\irene\AppData\Roaming\unins001.exe [2014/05/22 13:45:57 | 000,016,352 | ---- | C] () -- C:\Users\irene\AppData\Roaming\unins001.dat [2014/04/30 20:47:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2014/04/30 20:47:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2014/04/30 20:47:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2014/04/30 20:47:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2014/04/30 20:47:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2014/04/04 15:05:46 | 000,171,660 | ---- | C] () -- C:\Windows\hpoins29.dat [2014/04/04 15:05:46 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat [2014/04/01 18:30:51 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini [2014/03/31 10:46:22 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2014/03/12 15:23:52 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp [2014/03/10 17:36:10 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv [2014/03/10 17:36:08 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll [2014/03/10 08:54:32 | 000,005,812 | ---- | C] () -- C:\Windows\ws2help.dll [2014/03/10 08:54:32 | 000,000,012 | ---- | C] () -- C:\Windows\explorer.exe.local [2014/03/10 08:07:59 | 001,609,088 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014/03/07 15:43:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2014/03/07 15:32:54 | 000,000,286 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2014/03/07 15:32:54 | 000,000,227 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini ========== ZeroAccess Check ========== [2009/07/14 02:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 00:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 23:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014/06/26 14:44:06 | 000,000,000 | ---D | M] -- C:\Users\irene\AppData\Roaming\Autodesk [2014/07/31 16:09:29 | 000,000,000 | ---D | M] -- C:\Users\irene\AppData\Roaming\br.com.iba.magazinesdesktop [2014/10/21 14:24:06 | 000,000,000 | ---D | M] -- C:\Users\irene\AppData\Roaming\Canneverbe Limited [2014/11/30 17:10:47 | 000,000,000 | ---D | M] -- C:\Users\irene\AppData\Roaming\Dropbox [2014/09/26 16:11:31 | 000,000,000 | ---D | M] -- C:\Users\irene\AppData\Roaming\EasyDuplicateFinder [2014/10/22 11:01:23 | 000,000,000 | ---D | M] -- C:\Users\irene\AppData\Roaming\Oracle [2014/04/01 18:30:51 | 000,000,000 | ---D | M] -- C:\Users\irene\AppData\Roaming\pdf995 [2014/06/27 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\irene\AppData\Roaming\Samsung ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\system32\drivers\*.* /90 > [2014/11/30 17:09:14 | 000,001,402 | ---- | M] () -- C:\Windows\system32\drivers\gas.cer [2014/11/30 17:09:14 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\system32\drivers\gbpndisrd.sys [2014/11/30 17:09:14 | 000,010,266 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.cat [2014/11/30 17:09:14 | 000,003,641 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd.inf [2014/11/30 17:09:14 | 000,001,814 | ---- | M] () -- C:\Windows\system32\drivers\ndisrd_m.inf < %systemdrive%\drivers\*.exe > < %SYSTEMDRIVE%\*.* > [2014/09/17 11:47:55 | 000,000,565 | ---- | M] () -- C:\AA Clientes (HMNHD-TIC2LRDocumentsAA Consultoria) (Z) - Atalho.lnk [2009/07/13 23:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2009/12/31 15:25:17 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2014/11/30 17:09:05 | 529,682,431 | -HS- | M] () -- C:\hiberfil.sys [2014/03/31 10:55:50 | 000,000,186 | ---- | M] () -- C:\hpqlb.log [2014/11/30 17:09:07 | 2137,903,103 | -HS- | M] () -- C:\pagefile.sys [2014/11/29 18:47:56 | 000,003,376 | ---- | M] () -- C:\sc-cleaner.txt [2009/12/31 13:11:37 | 000,000,056 | -H-- | M] () -- C:\splash.idx [2014/11/29 07:27:37 | 000,018,756 | ---- | M] () -- C:\ZA-Scan.txt [2014/11/28 11:31:49 | 000,019,408 | ---- | M] () -- C:\zoek-results2014-11-28-133149.log < %LOCALAPPDATA%\*.exe > < %LOCALAPPDATA%\*.txt > [2014/03/07 16:19:10 | 000,000,000 | ---- | M] () -- C:\Users\irene\AppData\Local\AtStart.txt [2014/03/07 16:19:10 | 000,000,000 | ---- | M] () -- C:\Users\irene\AppData\Local\DSwitch.txt [2014/03/07 16:19:10 | 000,000,000 | ---- | M] () -- C:\Users\irene\AppData\Local\QSwitch.txt [3 C:\Users\irene\AppData\Local\*.tmp files -> C:\Users\irene\AppData\Local\*.tmp -> ] < %LOCALAPPDATA%\*.ini > < %LOCALAPPDATA%\*.dll > < %LOCALAPPDATA%\*.dat > [2014/11/12 10:03:20 | 000,151,480 | ---- | M] () -- C:\Users\irene\AppData\Local\GDIPFONTCACHEV1.DAT [3 C:\Users\irene\AppData\Local\*.tmp files -> C:\Users\irene\AppData\Local\*.tmp -> ] < %USERPROFILE%\*.exe > < %USERPROFILE%\*.txt > < %USERPROFILE%\*.ini > [2014/03/07 16:17:28 | 000,000,020 | -HS- | M] () -- C:\Users\irene\ntuser.ini < %USERPROFILE%\*.dll > < %USERPROFILE%\*.dat /30 > [2014/11/30 17:29:40 | 006,815,744 | -HS- | M] () -- C:\Users\irene\NTUSER.DAT < C:\windows\system32\Tasks\*.* /s > [2009/07/14 03:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 03:08:49 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2014/03/13 13:37:42 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2014/06/12 09:54:08 | 000,001,066 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2014/06/12 09:54:08 | 000,001,070 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2014/09/12 16:01:59 | 000,000,538 | ---- | C] () -- C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2561684925-1481045400-2583998248-1000.job < C:\windows\system32\Tasks\*.* /s /64 > [2014/11/26 12:29:53 | 000,003,840 | ---- | M] () -- C:\Windows\SysNative\Tasks\Adobe Flash Player Updater [2014/03/07 15:49:31 | 000,002,824 | ---- | M] () -- C:\Windows\SysNative\Tasks\CapSchedInst [2014/03/07 15:49:31 | 000,002,820 | ---- | M] () -- C:\Windows\SysNative\Tasks\CapSvcInst [2014/03/07 15:49:31 | 000,002,818 | ---- | M] () -- C:\Windows\SysNative\Tasks\CapUninst [2014/03/14 16:42:14 | 000,002,772 | ---- | M] () -- C:\Windows\SysNative\Tasks\CCleanerSkipUAC [2014/03/07 15:48:36 | 000,003,200 | ---- | M] () -- C:\Windows\SysNative\Tasks\CLMLSvc [2014/03/07 15:45:40 | 000,003,164 | ---- | M] () -- C:\Windows\SysNative\Tasks\DVDAgent [2014/10/27 11:49:18 | 000,003,568 | ---- | M] () -- C:\Windows\SysNative\Tasks\G2MUpdateTask-S-1-5-21-2561684925-1481045400-2583998248-1000 [2014/11/14 14:24:24 | 000,003,814 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore [2014/11/14 14:24:25 | 000,004,066 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA [2014/03/26 12:14:26 | 000,003,178 | ---- | M] () -- C:\Windows\SysNative\Tasks\MirageAgent [2014/03/07 15:49:29 | 000,003,170 | ---- | M] () -- C:\Windows\SysNative\Tasks\TVAgent [2014/08/11 19:50:33 | 000,003,140 | ---- | M] () -- C:\Windows\SysNative\Tasks\{558DB41A-28F5-4A44-97B6-3B9E249BA4C1} [2014/04/10 14:21:03 | 000,003,756 | ---- | M] () -- C:\Windows\SysNative\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start [2014/03/31 09:47:40 | 000,003,704 | ---- | M] () -- C:\Windows\SysNative\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask [2014/04/10 14:24:52 | 000,004,290 | ---- | M] () -- C:\Windows\SysNative\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis [2014/04/10 14:24:52 | 000,004,278 | ---- | M] () -- C:\Windows\SysNative\Tasks\Hewlett-Packard\HP Support Assistant\Update Check [2014/11/25 15:48:29 | 000,003,918 | ---- | M] () -- C:\Windows\SysNative\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker [2014/11/30 17:17:28 | 000,003,856 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows Defender\MP Scheduled Scan [2009/07/14 02:53:29 | 000,004,472 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) [2009/07/14 02:53:29 | 000,003,854 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) [2009/07/14 02:54:39 | 000,002,900 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter [2009/07/14 02:54:39 | 000,003,790 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck [2009/07/14 02:54:05 | 000,003,458 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\AitAgent [2014/05/16 11:41:06 | 000,003,636 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser [2014/05/16 11:41:06 | 000,003,982 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater [2009/07/14 02:49:22 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy [2009/07/14 02:57:09 | 000,001,862 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask [2009/07/14 02:53:22 | 000,004,130 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask [2009/07/14 02:53:22 | 000,003,868 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask [2009/07/14 03:09:01 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam [2009/07/14 02:57:09 | 000,002,934 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator [2009/07/14 02:53:33 | 000,003,946 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask [2009/07/14 02:54:08 | 000,003,598 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip [2009/07/14 02:57:12 | 000,003,886 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag [2009/07/14 02:57:07 | 000,004,018 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled [2014/04/14 09:22:51 | 000,003,760 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector [2009/09/06 23:00:57 | 000,002,538 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver [2009/07/14 02:57:13 | 000,003,554 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Location\Notifications [2014/03/07 18:50:23 | 000,004,036 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT [2014/03/07 15:30:11 | 000,002,420 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch [2014/03/07 15:30:10 | 000,002,448 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService [2014/07/28 20:22:01 | 000,003,650 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks [2014/03/07 15:30:09 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ehDRMInit [2014/03/07 15:30:11 | 000,002,546 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\InstallPlayReady [2014/03/07 15:30:12 | 000,002,790 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\mcupdate [2014/07/27 08:30:40 | 000,003,544 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled [2014/03/07 15:30:14 | 000,002,954 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask [2014/03/07 15:30:13 | 000,002,958 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask [2014/03/07 15:30:09 | 000,002,380 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\OCURActivate [2014/03/07 15:30:08 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\OCURDiscovery [2014/03/07 15:30:09 | 000,002,384 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscovery [2014/03/07 15:30:17 | 000,003,226 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 [2014/03/07 15:30:17 | 000,003,228 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 [2014/03/07 15:30:08 | 000,003,822 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry [2014/03/07 15:30:13 | 000,002,926 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask [2014/03/07 15:30:14 | 000,002,918 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask [2014/03/07 15:30:07 | 000,003,078 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\RecordingRestart [2014/03/07 15:30:10 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\RegisterSearch [2014/03/07 15:30:11 | 000,002,432 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot [2014/03/07 15:30:13 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask [2014/07/27 08:30:38 | 000,003,418 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\StartRecording [2014/03/07 15:30:10 | 000,002,736 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath [2009/07/14 02:53:33 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector [2009/07/14 02:53:33 | 000,003,510 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector [2009/09/06 23:00:58 | 000,003,576 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MobilePC\HotStart [2009/07/14 02:54:22 | 000,003,168 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MUI\LPRemove [2009/07/14 02:57:07 | 000,002,602 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService [2009/07/14 02:54:39 | 000,002,044 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo [2014/03/07 16:17:07 | 000,004,180 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Offline Files\Background Synchronization [2014/03/07 15:29:54 | 000,003,058 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization [2009/07/14 02:55:03 | 000,002,832 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor [2009/07/14 02:53:47 | 000,003,752 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem [2009/07/14 02:57:07 | 000,004,370 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RAC\RacTask [2009/07/14 02:49:35 | 000,003,052 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Ras\MobilityManager [2009/07/14 02:54:36 | 000,003,956 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Registry\RegIdleBackup [2009/07/14 02:57:09 | 000,004,596 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask [2009/07/14 02:57:07 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControls [2009/07/14 03:09:03 | 000,003,912 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration [2014/03/07 15:30:05 | 000,003,784 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\AutoWake [2014/03/07 15:30:06 | 000,003,612 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\GadgetManager [2014/03/07 15:32:03 | 000,003,698 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\SessionAgent [2014/03/07 15:32:18 | 000,003,792 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SideShow\SystemDataProviders [2009/07/14 02:49:17 | 000,003,942 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask [2009/07/14 03:01:13 | 000,003,506 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SystemRestore\SR [2009/07/14 02:53:50 | 000,002,614 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Task Manager\Interactive [2009/07/14 02:53:21 | 000,003,950 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 [2009/07/14 02:53:21 | 000,004,066 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 [2009/07/14 02:53:46 | 000,002,978 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor [2009/07/14 02:49:48 | 000,003,388 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime [2009/07/14 02:49:26 | 000,001,730 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig [2009/07/14 02:53:37 | 000,003,420 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask [2009/07/14 02:49:24 | 000,002,682 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WDI\ResolutionHost [2014/09/12 13:47:09 | 000,004,364 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask [2014/09/12 13:47:09 | 000,004,362 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline [2009/07/14 02:49:16 | 000,003,048 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting [2009/07/14 02:49:42 | 000,003,290 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange [2009/07/14 02:57:13 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary [2009/09/06 23:06:50 | 000,004,330 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification [2009/07/14 03:09:01 | 000,003,532 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader [2014/03/13 11:14:42 | 000,003,540 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Wininet\CacheTask [2014/03/10 10:21:23 | 000,004,414 | ---- | M] () -- C:\Windows\SysNative\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask [2014/10/17 09:24:33 | 000,004,478 | ---- | M] () -- C:\Windows\SysNative\Tasks\WPD\SqmUpload_S-1-5-21-2561684925-1481045400-2583998248-1000 < %windir%\tasks\*.* /s > [2014/11/30 17:29:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/11/29 19:41:00 | 000,000,538 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2561684925-1481045400-2583998248-1000.job [2014/11/30 17:09:21 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/11/30 17:29:36 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/11/30 17:09:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2014/06/23 15:37:09 | 000,032,534 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009/06/10 18:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.com > [2009/07/14 03:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009/07/14 03:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/14 03:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009/07/14 03:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\*.scr > < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections > "DefaultConnectionSettings" = 46 00 00 00 3E 0E 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 95 91 D9 D0 B8 3E CF 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FB 30 E1 0F 71 44 F8 84 4A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data over 200 bytes] "SavedLegacySettings" = 46 00 00 00 73 11 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 95 91 D9 D0 B8 3E CF 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FB 30 E1 0F 71 44 F8 84 4A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data over 200 bytes] < End of report > 2) Extras.txt Em anexo Extras.Txt
  12. Boa tarde Ciro, obrigada pelas orientações. Um dos programas era para rodar com os navegadores fechados, mas só vi depois de começar. Não sabia que tipo de consequência poderia ter 'parar' e 'reiniciar', então fechei o navegador mas não interrompi o processo. Seguem: 1) Shortcut Cleaner No anexo. 2) AdwCleaner # AdwCleaner v4.102 - Relatório criado 29/11/2014 às 18:53:59 # Atualizado 23/11/2014 por Xplode # Database : 2014-11-27.1 [Live] # Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits) # Usuário : irene - IRENE-PC # Executando de : C:\Users\irene\Desktop\ZAScan\adwcleaner_4.102.exe # Opção : Limpar ***** [ Serviços ] ***** Serviço Deletada : WindowsMangerProtect ***** [ Arquivos / Pastas ] ***** Pasta Deletada : C:\ProgramData\WindowsMangerProtect Pasta Deletada : C:\Program Files (x86)\iMesh Applications Pasta Deletada : C:\Program Files\ZooToolbar Pasta Deletada : C:\Users\irene\AppData\Local\SearchProtect Pasta Deletada : C:\Users\irene\AppData\LocalLow\HPAppData Pasta Deletada : C:\Users\irene\AppData\Roaming\baidu Pasta Deletada : C:\Users\irene\AppData\Roaming\webssearches Arquivo Deletada : C:\END Arquivo Deletada : C:\Windows\System32\log\iSafeKrnlCall.log ***** [ Tarefas ] ***** ***** [ Atalhos ] ***** ***** [ Registro ] ***** Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A} Chave Deletedo : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Chave Deletedo : HKCU\Software\InstallCore Chave Deletedo : HKCU\Software\Myfree Codec Chave Deletedo : HKCU\Software\simplytech Chave Deletedo : HKCU\Software\AppDataLow\Software\simplytech Chave Deletedo : HKLM\SOFTWARE\delta-homesSoftware Chave Deletedo : HKLM\SOFTWARE\Myfree Codec Chave Deletedo : HKLM\SOFTWARE\supWindowsMangerProtect Chave Deletedo : HKLM\SOFTWARE\Vittalia Chave Deletedo : HKLM\SOFTWARE\webssearchesSoftware Chave Deletedo : HKLM\SOFTWARE\WindowsMangerProtect Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect ***** [ Navegadores ] ***** -\\ Internet Explorer v10.0.9200.17148 Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [search Page] Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] -\\ Mozilla Firefox v33.1 (x86 pt-BR) [2w1abo5l.default\prefs.js] - Linha deletada : user_pref("searchreset.backup.browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?type=nt&ts=1415788607&from=wpm11123&uid=ST9500420AS_5VJ7PMSP"); ************************* AdwCleaner[R0].txt - [7376 octets] - [29/11/2014 18:52:02] AdwCleaner[s0].txt - [5753 octets] - [29/11/2014 18:53:59] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5813 octets] ########## 3) Junkware Removal Tool (JRT). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Professional x64 Ran by irene on 29/11/2014 at 19:08:00,02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\pc1data" Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec" ~~~ FireFox Emptied folder: C:\Users\irene\AppData\Roaming\mozilla\firefox\profiles\2w1abo5l.default\minidumps [25 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29/11/2014 at 19:13:18,35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4) Malwarebytes' Anti-Malware (MBAM) Reiniciou o computador uma vez. Malwarebytes Anti-Malware www.malwarebytes.org Data da Verificação: 29/11/2014 Hora da Verificação: 19:31:00 Arquivo de Log: Malwarebytes.txt Administrador: Sim Versão: 2.00.3.1025 Base de Dados de Malware: v2014.11.29.08 Base de Dados de Rootkit: v2014.11.29.01 Licença: Grátis Proteção de Malware: Desabilitado Proteção de Site Malicioso: Desabilitado Auto-Proteção: Desabilitado SO: Windows 7 Service Pack 1 Processador: x64 Sistema de Arquivos: NTFS Usuário: irene Tipo da Verificação: Verificar Ameaça Resultado: Terminado Objetos Verificados: 349450 Tempo Decorrido: 17 min, 14 seg Memória: Habilitado Inicialização: Habilitado Sistema de Arquivos: Habilitado Arquivos Compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado Processos: 0 (Nenhum item malicioso detectado) Módulos: 0 (Nenhum item malicioso detectado) Chaves de Registro: 0 (Nenhum item malicioso detectado) Valores de Registro: 0 (Nenhum item malicioso detectado) Dados de Registro: 0 (Nenhum item malicioso detectado) Pastas: 0 (Nenhum item malicioso detectado) Arquivos: 21 PUP.Optional.Koyote.A, C:\$Recycle.Bin\S-1-5-21-2561684925-1481045400-2583998248-1000\$RRNW7DQ.exe, Quarentena, [c1caba87c1bb91a5cfbb4219f60bc53b], PUP.Optional.OneFloorApp, C:\$Recycle.Bin\S-1-5-21-2561684925-1481045400-2583998248-1000\$RHD5YE7.exe, Quarentena, [2f5c1031e09c7bbbe5e2d3605baa936d], PUP.Optional.OneFloorApp, C:\$Recycle.Bin\S-1-5-21-2561684925-1481045400-2583998248-1000\$RYXKTAQ.rar, Quarentena, [96f53a07384464d22e9960d3a560ee12], PUP.Optional.Bandoo.A, C:\$Recycle.Bin\S-1-5-21-2561684925-1481045400-2583998248-1000\$RE1FS8X.exe, Quarentena, [62298cb5daa2d75f11f6eb5e35cc659b], PUP.Optional.Onekit.A, C:\Users\irene\AppData\Local\Temp\instloffer.exe, Quarentena, [b4d72b16b1cbc27426aa42f824dd9967], PUP.Optional.PersonalCleaner, C:\Users\irene\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe, Quarentena, [06853b061e5e16207f0e3a9341c3f60a], PUP.Optional.Vittalia, C:\Users\irene\AppData\Local\Temp\ICReinstall_installer_codec_pack_Portuguese.exe, Quarentena, [e2a948f9dca078bec2347e469e630bf5], PUP.Optional.Vittalia, C:\Users\irene\AppData\Local\Temp\installer_codec_pack_Portuguese.exe, Quarentena, [02892c1599e38fa73eb89e2629d8b050], PUP.Optional.VOPackage.Gen, C:\Users\irene\AppData\Local\Temp\n2129\VOPackage.exe, Quarentena, [abe00e33f68636009bb0a44291709769], PUP.Optional.LiMo, C:\Users\irene\AppData\Local\Temp\n6688\webssearches_BX_1310-cf760fc2.exe, Quarentena, [c9c25ae72953f343ccd724245ca99868], PUP.Optional.Conduit.A, C:\Users\irene\AppData\Local\Temp\6a5cde05-6a85-4e46-ac5f-17ff5a86a883\spidentifierimpl.exe, Quarentena, [37545fe2ef8d0d296d2bf3ac88799f61], PUP.Optional.Bandoo.A, C:\Users\irene\Downloads\iMeshSetup-r1616-w-bf.exe, Quarentena, [ff8c43fe710bb87e40c769e044bd04fc], PUP.Optional.OneKit, C:\Users\irene\Downloads\installer_adobe_flash_player_Portuguese(1).exe, Quarentena, [e0ab8fb2bcc096a00df22b8233ce1ce4], PUP.Optional.Onekit.A, C:\Users\irene\Downloads\installer_adobe_flash_player_Portuguese.exe, Quarentena, [157671d009736acceacd0b2c847d46ba], PUP.Optional.Vittalia, C:\Users\irene\Downloads\installer_codec_pack_Portuguese.exe, Quarentena, [f695f74aa1dbc4720aec7f45df22c838], PUP.Optional.Solimba, C:\Users\irene\Downloads\CDBurnerXP.exe, Quarentena, [b7d4b28f96e6e2548b5a16c1df22d729], PUP.Optional.PersonalCleaner, C:\Users\irene\Downloads\DownloadManagerSetup.exe, Quarentena, [7318ab9699e30135aae312bb877dc739], PUP.Optional.DomaIQ, C:\Users\irene\Downloads\Setup_v2_1.exe, Quarentena, [701b340d8fed4fe75ca80f4e936d8080], PUP.Optional.InstallCore, C:\Users\irene\Downloads\adobe_flash_setup.exe, Quarentena, [a4e7ff42d4a82a0c4f59c98427de1be5], PUP.Optional.Delta.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml, Quarentena, [eaa150f1ec9086b09b102a356e954bb5], PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, Quarentena, [701b91b0314bde586e7b76fd2dd617e9], Setores Físicos: 0 (Nenhum item malicioso detectado) (end) sc-cleaner.txt
  13. Obrigada Ciro por sua atenção! Segue novo log da ZA-scan. ZA-Scan(1).txt
  14. Bom dia! Meu antivirus (kaspersky) identificou como ameaça o ProtectWindowsManager.exe e a "neutralizou". Supostamente um 'adware'. Gostaria que vericassem, por favor, se meu computador está limpo. Muito obrigada! FSS.txt MbrScan.log ZA-Scan.txt
  15. Vocês tem razão quando dizem que estar aqui é um "privilégio" nosso. Muito obrigada por nos conceder este privilégio! Em especial ao Ciro que com sua paciência e competência resolveu nao só o problema principal, mas também outros que fui enumerando durante o processo. Muito obrigada "Linha Defensiva" e um especial obrigada a você, Ciro, por sua impagável ajuda!