Boa Noite! Gsbad

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...LD2TXX62DYCLD2T
O2 - BHO: CrossriderApp0060548 - {11111111-1111-1111-1111-110611051148} - C:\Program Files (x86)\Cinema-Plus-1.2\Cinema-Plus-1.2-bho.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: gooternet - {9be122ba-2b3a-41fd-acf8-7a39b18d3ffe} - C:\Program Files (x86)\gooternet\gooternetbho.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Abra o HijackThis e dê Fix nestas entradas!
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Logo2_zps580bcd78.jpg&key=71530441ef1621c6398a69f0f5fae6f7f5c87897579baf8487ec306c4e109626" alt="AdwCleaner_Logo2_zps580bcd78.jpg" /> > ( ... par Xplode )

Ou daqui: < AdwCleaner >
Ao acessar,clique em "Download Now".

Salve-o no desktop!

< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" /> >

Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/AdwCleaner_Examinar_zps828ed634.jpg&key=ab3daa6c25adcfd393aa42949dcd0177a1c4f1dba193cc7c9704843f6ef97402" alt="AdwCleaner_Examinar_zps828ed634.jpg" />

Ps: Dê início ao scan,clicando em "Examinar".

< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Limpar_zps06005ae9.jpg&key=e03b122437ba41a51aeb80130d87464e234beda92d71d6cab1205ee84e50d78e" alt="AdwCleaner_Limpar_zps06005ae9.jpg" /> >

Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
Copie o log ou clique "Relatório".
Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

A+

Bom dia, segue o log

AdwCleaner v4.001 - Relatório criado 25/10/2014 às 08:20:43

DB v2014-10-23.2

Atualizado 20/10/2014 por Xplode

Sistema Operacional : Windows 8.1 (64 bits)

Usuário : Gustavo - GUSTAVO-NOTE2

Executando de : C:\Users\Gustavo\Desktop\AdwCleaner.exe

Opção : Limpar

*** [ Serviços ] ***

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
Serviço Deletada : IePluginServices

*** [ Arquivos / Pastas ] ***

Pasta Deletada : C:\Users\Gustavo\AppData\Roaming\baidu
[!] Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Users\Gustavo\AppData\Local\globalUpdate
Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\ProgramData\WindowsMangerProtect
Pasta Deletada : C:\Program Files (x86)\Cinema-Plus-1.2
Pasta Deletada : C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\mtobp5xo.default\Extensions\caseyvelez@aol.com
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Arquivo Deletada : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Arquivo Deletada : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

*** [ Tarefas ] ***

Tarefa Deletedo : BonanzaDealsLiveUpdateTaskMachineCore
Tarefa Deletedo : BonanzaDealsLiveUpdateTaskMachineUA
Tarefa Deletedo : BonanzaDealsUpdate
Tarefa Deletedo : globalUpdateUpdateTaskMachineCore
Tarefa Deletedo : globalUpdateUpdateTaskMachineUA
Tarefa Deletedo : MySearchDial
Tarefa Deletedo : 6e99f74b-7a12-4f2d-bc64-8c2d5a985acc-1
Tarefa Deletedo : 6e99f74b-7a12-4f2d-bc64-8c2d5a985acc-10
Tarefa Deletedo : 6e99f74b-7a12-4f2d-bc64-8c2d5a985acc-11
Tarefa Deletedo : 6e99f74b-7a12-4f2d-bc64-8c2d5a985acc-2
Tarefa Deletedo : 6e99f74b-7a12-4f2d-bc64-8c2d5a985acc-3
Tarefa Deletedo : 6e99f74b-7a12-4f2d-bc64-8c2d5a985acc-4
Tarefa Deletedo : 6e99f74b-7a12-4f2d-bc64-8c2d5a985acc-5
Tarefa Deletedo : 6e99f74b-7a12-4f2d-bc64-8c2d5a985acc-5_user
Tarefa Deletedo : 6e99f74b-7a12-4f2d-bc64-8c2d5a985acc-6
Tarefa Deletedo : 6e99f74b-7a12-4f2d-bc64-8c2d5a985acc-7

*** [ Atalhos ] ***

*** [ Registro ] ***

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0

Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

*** [ Navegadores ] ***

-\\ Internet Explorer v11.0.9600.17278

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

-\\ Mozilla Firefox v32.0.2 (x86 pt-BR)

-\\ Google Chrome v37.0.2062.120

*************************

AdwCleaner[R0].txt - [13135 octets] - [25/10/2014 08:15:24]
AdwCleaner[s0].txt - [11832 octets] - [25/10/2014 08:20:43]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11893 octets] ##########

Bom Dia! Gsbad

Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/1268r49.png&key=be85c7a026af0cb092d2f868777759c6b4bd667a01f00e36e91558a667424520" alt="1268r49.png" /> > ( ... by Oleg N. Scherbakov )
Salve-o no desktop!
Desabilite seu antivírus!
Para Windows 7,clique direito em JRT.exe e execute-o ...

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

/applications/core/interface/imageproxy/imageproxy.php?img=http://thisisudax.org/pictures/jrtcmdsm.jpg&key=dafd172ce0394f77bed0bea021bb61d74da53fbf85d19e1129e4d0a98f08edb3" alt="jrtcmdsm.jpg" />

Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8.1 x64
Ran by Gustavo on 25/10/2014 at 13:32:22,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\Users\Gustavo\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Gustavo\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Gustavo\AppData\Roaming\mozilla\firefox\profiles\mtobp5xo.default\prefs.js

user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.__ICM_DOWNLOADS__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.c
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dea
user_pref("extensions.ad55cd0d79f24466095b3188599e8e4f86b2faf04e86f4bcfa878632814acf518com60548.60548.internaldb.__ICM_DOWNLOADS__blacklist_domain.value", "%7B%22SLIDERS%22%3A
user_pref("extensions.ad55cd0d79f24466095b3188599e8e4f86b2faf04e86f4bcfa878632814acf518com60548.60548.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A
user_pref("extensions.crossrider.bic", "147849f59e841c1e17b981fc1bf8c2c8");

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/10/2014 at 13:37:31,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Boa Tarde! Gsbad

Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/FRST_Logo.jpg&key=c15718bb8dd09587f9609594b5c08ed5e52c3c9d1c882702f6697f6f447d11bc" alt="FRST_Logo.jpg" />> ( ... by Farbar )
Para sistemas 32 bit!
Baixe: < Farbar Recovery Scan Tool 64-Bit> (64 bit)
Ou aqui,para sistemas 64bit!
Salve-o no desktop! (Área de trabalho ...)
Execute a ferramenta! Clique "Yes" >> "Scan".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/FRST_Addition_Scan_zpsa9fe21c8.jpg&key=57413e2cacfcda8498eac29552ca9f75b4e4f153241a12d409a31b0737393661" alt="FRST_Addition_Scan_zpsa9fe21c8.jpg" />

Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
Poste o relatório! (FRST.txt + Addition.txt)
Ps: O relatório "Addition.txt" sempre estará disponibilizado na 1ª execução da ferramenta.

A+

Boa tarde DigRam, segue os relatorios:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014
Ran by Gustavo (administrator) on GUSTAVO-NOTE2 on 25-10-2014 14:55:53
Running from C:\Users\Gustavo\Desktop
Loaded Profile: Gustavo (Available profiles: Gustavo)
Platform: Windows 8.1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(GameRanger Technologies) C:\Users\Gustavo\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader.exe [879104 2013-07-25] (Vitzo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x344554E139C9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: gooternet -> {9be122ba-2b3a-41fd-acf8-7a39b18d3ffe} -> C:\Program Files (x86)\gooternet\gooternetbho.dll (gooternet)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1600552 2014-05-06] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1718088 2014-07-11] (Caixa Economica Federal)
Tcpip\Parameters: [DhcpNameServer] 189.6.0.71 189.6.0.76 201.6.4.116

FireFox:
========
FF ProfilePath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\mtobp5xo.default
FF Homepage: www.google.com.br
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Cinema-Plus-1.2) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom [2014-07-25]
CHR Extension: (Google Wallet) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2014-07-02]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh [2013-07-29]
CHR HKCU\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx []
CHR HKCU\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2013-07-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [553272 2014-06-13] (GAS Tecnologia)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-08-21] (IBM Corp.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2014-09-24] (DT Soft Ltd)
S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [5363200 2014-01-30] (Intel Corporation) [File not signed]
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [82816 2014-07-28] (VSO Software) [File not signed]
R1 RapportCerberus_80049; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [768184 2014-09-29] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [444184 2014-08-21] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [294104 2014-08-21] (IBM Corp.)
R3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [428696 2014-09-29] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [536984 2014-08-21] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [563096 2014-08-21] (IBM Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 14:55 - 2014-10-25 14:56 - 00012980 _____ () C:\Users\Gustavo\Desktop\FRST.txt
2014-10-25 14:55 - 2014-10-25 14:55 - 00000000 ____D () C:\FRST
2014-10-25 14:54 - 2014-10-25 14:54 - 02112512 _____ (Farbar) C:\Users\Gustavo\Desktop\FRST64.exe
2014-10-25 13:37 - 2014-10-25 13:37 - 00001853 _____ () C:\Users\Gustavo\Desktop\JRT.txt
2014-10-25 13:31 - 2014-10-25 13:31 - 01706144 _____ (Thisisu) C:\Users\Gustavo\Desktop\JRT.exe
2014-10-25 08:25 - 2014-10-25 08:25 - 00366064 _____ () C:\Users\Gustavo\Downloads\Player Setup.exe
2014-10-25 08:15 - 2014-10-25 08:20 - 00000000 ____D () C:\AdwCleaner
2014-10-25 08:14 - 2014-10-25 08:14 - 01962496 _____ () C:\Users\Gustavo\Downloads\AdwCleaner (1).exe
2014-10-25 08:14 - 2014-10-25 08:14 - 01962496 _____ () C:\Users\Gustavo\Desktop\AdwCleaner.exe
2014-10-24 16:41 - 2014-10-24 16:41 - 00000275 _____ () C:\Users\Gustavo\Desktop\Lentidão extrema. Kero dar uma limpada de rotina - Remoção de Malwares - iMasters Fóruns.URL
2014-09-30 01:55 - 2014-09-02 18:06 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-30 01:55 - 2014-09-02 18:06 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-30 01:20 - 2014-04-14 01:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-09-30 01:09 - 2014-08-16 00:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-30 01:09 - 2014-08-16 00:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-30 01:09 - 2014-08-16 00:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-30 01:09 - 2014-08-16 00:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-30 01:09 - 2014-08-15 23:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-30 01:09 - 2014-08-15 23:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-30 01:09 - 2014-08-15 23:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-30 01:09 - 2014-08-15 23:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-30 01:09 - 2014-08-15 23:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-30 01:09 - 2014-08-15 23:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-30 01:09 - 2014-08-15 23:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-30 01:09 - 2014-08-15 23:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-30 01:09 - 2014-08-15 23:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-30 01:09 - 2014-08-15 23:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-30 01:09 - 2014-08-15 23:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-30 01:09 - 2014-08-15 23:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-30 01:09 - 2014-08-15 23:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-30 01:09 - 2014-08-15 23:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-30 01:09 - 2014-08-15 23:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-30 01:09 - 2014-08-15 23:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-30 01:09 - 2014-08-15 23:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-30 01:09 - 2014-08-15 22:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-30 01:09 - 2014-08-15 22:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-30 01:09 - 2014-08-15 22:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-30 01:09 - 2014-08-15 22:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-30 01:09 - 2014-08-15 22:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-30 01:09 - 2014-08-15 22:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-30 01:09 - 2014-08-15 22:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-30 01:09 - 2014-08-15 22:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-30 01:09 - 2014-08-15 22:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-30 01:09 - 2014-08-15 22:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-30 01:09 - 2014-08-15 22:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-30 01:09 - 2014-08-15 22:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-30 01:09 - 2014-08-15 22:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-30 01:09 - 2014-08-15 22:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-30 01:09 - 2014-05-30 07:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-30 01:09 - 2014-05-30 06:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-30 01:09 - 2014-02-06 09:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-30 01:09 - 2014-02-06 09:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-30 01:09 - 2014-02-06 09:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-30 01:09 - 2014-02-06 09:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-30 01:09 - 2014-02-06 08:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-30 01:09 - 2014-02-06 08:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-30 01:09 - 2014-02-06 08:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-30 01:09 - 2014-02-06 08:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-30 01:09 - 2014-02-06 08:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-30 01:09 - 2014-02-06 08:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-30 01:09 - 2014-02-06 07:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-30 01:09 - 2014-02-06 07:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-30 01:09 - 2014-02-06 07:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-30 01:09 - 2014-02-06 07:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-29 15:12 - 2014-08-21 17:03 - 00536984 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2014-09-29 15:12 - 2014-08-21 17:03 - 00294104 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2014-09-29 15:11 - 2014-09-29 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer
2014-09-29 15:11 - 2014-09-29 15:11 - 00000000 ____D () C:\Program Files (x86)\Trusteer
2014-09-29 15:07 - 2014-09-29 15:07 - 00436504 _____ (IBM Corp.) C:\Users\Gustavo\Downloads\RapportSetup.exe
2014-09-29 03:58 - 2014-03-19 22:53 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-09-29 03:58 - 2014-03-19 22:48 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2014-09-29 03:58 - 2014-03-19 21:55 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-09-29 03:58 - 2014-03-19 21:39 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-09-29 03:58 - 2014-03-19 21:36 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2014-09-29 03:58 - 2014-03-13 10:35 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2014-09-29 03:58 - 2014-03-08 06:33 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2014-09-29 03:58 - 2014-03-08 05:47 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2014-09-29 03:58 - 2014-03-08 05:12 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-29 03:58 - 2014-03-08 05:04 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-09-29 03:58 - 2014-03-08 04:40 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-09-29 03:58 - 2014-03-08 04:31 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-09-29 03:58 - 2014-03-08 04:30 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-09-29 03:58 - 2014-03-08 03:11 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-09-29 03:58 - 2014-03-06 10:51 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-29 03:58 - 2014-03-06 09:19 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-29 03:58 - 2014-03-06 04:23 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-09-29 03:58 - 2014-03-06 04:23 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2014-09-29 03:58 - 2014-03-04 10:14 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-29 03:58 - 2014-03-04 09:10 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-29 03:58 - 2014-03-04 05:00 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2014-09-29 03:58 - 2014-03-04 04:32 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2014-09-29 03:57 - 2014-03-20 02:19 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-09-29 03:57 - 2014-03-20 01:41 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-29 03:57 - 2014-03-20 01:41 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-09-29 03:57 - 2014-03-20 01:40 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-09-29 03:57 - 2014-03-19 05:13 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-09-29 03:57 - 2014-03-19 03:50 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2014-09-29 03:57 - 2014-03-19 03:31 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-29 03:57 - 2014-03-19 03:20 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2014-09-29 03:57 - 2014-03-19 03:08 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-29 03:57 - 2014-03-12 11:45 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-29 03:57 - 2014-03-11 13:18 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-29 03:57 - 2014-03-11 12:28 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-29 03:57 - 2014-03-08 18:38 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2014-09-29 03:57 - 2014-03-08 13:29 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-09-29 03:57 - 2014-03-08 09:34 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2014-09-29 03:57 - 2014-03-08 07:02 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll
2014-09-29 03:57 - 2014-03-08 06:25 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2014-09-29 03:57 - 2014-03-08 06:12 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll
2014-09-29 03:57 - 2014-03-08 05:53 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-29 03:57 - 2014-03-08 05:03 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-09-29 03:57 - 2014-03-08 04:48 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-09-29 03:57 - 2014-03-08 04:37 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-09-29 03:57 - 2014-03-08 03:41 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-09-29 03:57 - 2014-03-06 12:34 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2014-09-29 03:57 - 2014-03-06 12:34 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2014-09-29 03:57 - 2014-03-06 09:19 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2014-09-29 03:57 - 2014-03-06 08:46 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2014-09-29 03:57 - 2014-03-06 07:24 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-09-29 03:57 - 2014-03-06 07:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-29 03:57 - 2014-03-06 07:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-09-29 03:57 - 2014-03-06 07:22 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2014-09-29 03:57 - 2014-03-06 07:22 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-09-29 03:57 - 2014-03-06 07:19 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2014-09-29 03:57 - 2014-03-06 07:19 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2014-09-29 03:57 - 2014-03-06 07:08 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-09-29 03:57 - 2014-03-06 06:41 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2014-09-29 03:57 - 2014-03-06 06:38 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-09-29 03:57 - 2014-03-06 06:10 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2014-09-29 03:57 - 2014-03-06 06:00 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2014-09-29 03:57 - 2014-03-06 05:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-09-29 03:57 - 2014-03-06 05:16 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2014-09-29 03:57 - 2014-03-06 05:02 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2014-09-29 03:57 - 2014-03-06 04:51 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-09-29 03:57 - 2014-03-06 04:31 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-09-29 03:57 - 2014-03-06 04:29 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2014-09-29 03:57 - 2014-03-06 04:27 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-09-29 03:57 - 2014-03-06 04:24 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2014-09-29 03:57 - 2014-03-06 04:21 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2014-09-29 03:57 - 2014-03-06 04:11 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-09-29 03:57 - 2014-03-06 04:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll
2014-09-29 03:57 - 2014-03-06 04:04 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2014-09-29 03:57 - 2014-03-06 04:01 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2014-09-29 03:57 - 2014-03-06 03:51 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2014-09-29 03:57 - 2014-03-06 03:47 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2014-09-29 03:57 - 2014-03-06 03:42 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2014-09-29 03:57 - 2014-03-04 05:16 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-09-29 03:57 - 2014-03-04 05:13 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-09-29 03:57 - 2014-03-04 05:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2014-09-29 03:57 - 2014-03-04 04:56 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2014-09-29 03:57 - 2014-03-04 04:50 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-29 03:57 - 2014-03-04 04:42 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-09-29 03:57 - 2014-03-04 04:39 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2014-09-29 03:57 - 2014-03-04 04:15 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2014-09-29 03:57 - 2014-03-04 04:05 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2014-09-29 03:57 - 2014-03-04 04:03 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-09-29 03:57 - 2014-03-04 04:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-09-29 03:57 - 2014-03-04 03:54 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-09-29 03:57 - 2014-03-04 03:52 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-09-29 03:57 - 2013-12-23 21:28 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2014-09-29 03:57 - 2013-12-23 21:26 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2014-09-29 03:55 - 2014-09-05 00:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-29 03:55 - 2014-09-05 00:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-29 03:55 - 2014-09-04 22:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-29 03:55 - 2014-08-23 05:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-29 03:55 - 2014-08-23 05:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-29 03:55 - 2014-08-23 04:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-29 03:55 - 2014-08-23 03:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-29 03:55 - 2014-08-23 02:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-29 03:55 - 2014-08-23 02:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-29 03:55 - 2014-08-23 02:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-29 03:55 - 2014-08-23 02:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-29 03:55 - 2014-08-23 02:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-29 03:55 - 2014-08-14 22:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-29 03:55 - 2014-07-29 23:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-29 03:55 - 2014-07-29 03:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-29 03:55 - 2014-06-28 05:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-09-29 03:55 - 2014-05-30 01:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-09-29 03:53 - 2014-06-19 23:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-09-29 03:53 - 2014-06-19 21:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-09-29 03:53 - 2014-05-05 02:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-29 03:52 - 2014-08-22 22:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-29 03:52 - 2014-08-07 00:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-09-29 03:52 - 2014-08-02 01:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-09-29 03:52 - 2014-08-01 22:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-29 03:52 - 2014-06-16 20:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-29 03:52 - 2014-06-16 20:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-29 03:52 - 2014-06-12 23:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-09-29 03:52 - 2014-06-12 23:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-09-29 03:52 - 2014-06-12 22:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-09-29 03:52 - 2014-06-06 09:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-09-29 03:52 - 2014-05-29 10:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-09-29 03:52 - 2014-05-29 05:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-09-29 03:52 - 2014-05-29 04:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-09-29 03:52 - 2014-05-29 04:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-29 03:52 - 2014-05-29 03:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-29 03:52 - 2014-05-29 03:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-29 03:52 - 2014-05-10 01:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-09-29 03:52 - 2014-05-10 01:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-09-29 03:52 - 2014-03-24 00:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-09-29 03:52 - 2014-03-13 05:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-09-29 03:52 - 2014-03-13 04:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-09-29 03:52 - 2014-03-06 10:53 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-09-29 03:52 - 2014-03-06 10:51 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-09-29 03:52 - 2014-03-06 10:39 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-09-29 03:52 - 2014-03-06 09:13 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-09-29 03:52 - 2014-03-06 04:09 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-09-29 03:51 - 2014-07-15 16:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-09-29 03:51 - 2014-07-15 06:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-09-29 03:51 - 2014-07-15 06:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-09-29 03:51 - 2014-07-15 06:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-09-29 03:51 - 2014-03-24 00:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-09-29 03:51 - 2014-03-24 00:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-09-29 03:50 - 2014-07-10 02:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-09-29 03:50 - 2014-07-10 02:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-09-29 03:50 - 2014-07-10 01:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-09-29 03:50 - 2014-05-19 04:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-09-29 03:50 - 2014-05-19 04:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-09-29 03:50 - 2014-05-19 03:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-09-29 03:50 - 2014-05-01 03:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-29 03:50 - 2014-04-30 01:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-09-29 03:50 - 2014-04-14 07:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-09-29 03:50 - 2014-04-14 06:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-09-29 03:50 - 2014-04-11 01:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-09-29 03:50 - 2014-04-11 01:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-09-29 03:50 - 2014-04-11 01:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-09-29 03:50 - 2014-04-11 01:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-09-29 03:50 - 2014-04-11 01:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-09-29 03:50 - 2014-04-11 00:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-09-29 03:50 - 2014-04-11 00:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-29 03:50 - 2014-04-11 00:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-29 03:50 - 2014-03-06 07:19 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2014-09-29 03:49 - 2014-05-31 04:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-29 03:49 - 2014-05-13 05:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-09-29 03:49 - 2014-05-13 02:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-09-29 03:49 - 2014-05-13 02:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-09-29 03:49 - 2014-05-13 01:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-09-29 03:49 - 2014-05-03 09:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-09-29 03:49 - 2014-05-03 07:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-09-29 03:49 - 2014-05-03 03:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-09-29 03:49 - 2014-05-03 03:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-09-29 03:49 - 2014-05-03 03:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-09-29 03:49 - 2014-05-03 03:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-09-29 03:49 - 2014-05-03 02:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-09-29 03:49 - 2014-05-03 02:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-09-29 03:49 - 2014-05-03 02:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-09-29 03:49 - 2014-05-02 21:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-09-29 03:49 - 2014-04-30 04:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-09-29 03:49 - 2014-04-30 04:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-09-29 03:49 - 2014-04-30 04:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-09-29 03:49 - 2014-04-30 04:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-09-29 03:49 - 2014-04-30 03:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-09-29 03:49 - 2014-04-30 02:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-09-29 03:49 - 2014-04-30 02:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-09-29 03:49 - 2014-04-30 02:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-09-29 03:49 - 2014-04-30 02:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-09-29 03:49 - 2014-04-30 02:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-09-29 03:49 - 2014-04-30 02:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-09-29 03:49 - 2014-04-30 01:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-09-29 03:49 - 2014-04-30 01:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-09-29 03:49 - 2014-04-30 01:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-09-29 03:49 - 2014-04-30 01:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-09-29 03:49 - 2014-04-30 01:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-09-29 03:49 - 2014-04-28 20:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-09-29 03:49 - 2014-04-26 20:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-29 03:49 - 2014-04-26 18:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-29 03:49 - 2014-04-26 14:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-09-29 03:49 - 2014-04-18 12:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-09-29 03:49 - 2014-04-18 12:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-09-29 03:49 - 2014-04-18 11:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-09-29 03:49 - 2014-04-18 07:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-09-29 03:49 - 2014-04-18 06:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-29 03:49 - 2014-04-18 06:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-29 03:49 - 2014-04-18 06:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-29 03:49 - 2014-04-18 05:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-09-29 03:49 - 2014-04-18 05:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-29 03:49 - 2014-04-14 07:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-09-29 03:49 - 2014-04-14 06:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-09-29 03:49 - 2014-04-14 03:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-09-29 03:49 - 2014-04-11 02:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-09-29 03:49 - 2014-04-11 02:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-09-29 03:49 - 2014-04-11 01:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-29 03:49 - 2014-04-09 09:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-09-29 03:49 - 2014-04-09 04:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-09-29 03:49 - 2014-04-09 04:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-29 03:49 - 2014-04-09 03:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-09-29 03:49 - 2014-04-09 03:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-29 03:49 - 2014-04-09 01:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-09-29 03:49 - 2014-04-08 20:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-09-29 03:49 - 2014-04-08 20:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-09-29 03:49 - 2014-04-08 16:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-09-29 03:49 - 2014-04-08 16:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-09-29 03:49 - 2014-04-08 00:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-09-29 03:49 - 2014-04-06 14:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-09-29 03:49 - 2014-04-06 14:34 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-09-29 03:49 - 2014-04-06 14:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-29 03:49 - 2014-04-06 14:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-29 03:49 - 2014-04-06 14:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-09-29 03:49 - 2014-04-06 14:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-09-29 03:49 - 2014-04-06 14:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-09-29 03:49 - 2014-04-06 14:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-09-29 03:49 - 2014-04-06 14:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-29 03:49 - 2014-04-06 14:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-09-29 03:49 - 2014-04-06 14:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-09-29 03:49 - 2014-04-06 14:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-09-29 03:49 - 2014-04-06 14:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-09-29 03:49 - 2014-04-06 14:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-09-29 03:49 - 2014-04-06 14:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-09-29 03:49 - 2014-04-06 14:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-09-29 03:49 - 2014-04-06 14:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-09-29 03:49 - 2014-04-06 13:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-29 03:49 - 2014-04-06 13:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-29 03:49 - 2014-04-06 13:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-09-29 03:49 - 2014-04-06 13:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-09-29 03:49 - 2014-04-06 13:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-29 03:49 - 2014-04-06 13:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-09-29 03:49 - 2014-04-06 13:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-09-29 03:49 - 2014-04-06 13:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-09-29 03:49 - 2014-04-06 13:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-09-29 03:49 - 2014-04-06 13:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-09-29 03:49 - 2014-04-06 13:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-09-29 03:49 - 2014-04-06 10:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-09-29 03:49 - 2014-04-06 10:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-09-29 03:49 - 2014-04-06 10:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-09-29 03:49 - 2014-04-06 10:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-09-29 03:49 - 2014-04-06 10:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-09-29 03:49 - 2014-04-06 09:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-09-29 03:49 - 2014-04-06 09:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-09-29 03:49 - 2014-04-06 09:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-09-29 03:49 - 2014-04-06 08:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-09-29 03:49 - 2014-04-06 08:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-29 03:49 - 2014-04-06 08:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-09-29 03:49 - 2014-04-06 08:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-29 03:49 - 2014-04-06 08:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-09-29 03:49 - 2014-04-06 07:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-09-29 03:49 - 2014-04-03 06:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-09-29 03:49 - 2014-04-03 06:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-09-29 03:49 - 2014-04-03 02:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-09-29 03:49 - 2014-04-03 02:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-09-29 03:49 - 2014-04-03 00:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-29 03:49 - 2014-04-03 00:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-29 03:49 - 2014-04-03 00:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-09-29 03:49 - 2014-04-03 00:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-09-29 03:49 - 2014-04-01 04:23 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-29 03:49 - 2014-03-31 03:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-29 03:49 - 2014-03-30 22:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-29 03:49 - 2014-03-30 21:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-29 03:49 - 2014-03-30 20:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-29 03:49 - 2014-03-30 20:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-29 03:49 - 2014-03-30 20:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-29 03:49 - 2014-03-28 13:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-09-29 03:49 - 2014-03-27 04:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-29 03:49 - 2014-03-27 03:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-09-29 03:49 - 2014-03-27 02:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-29 03:49 - 2014-03-27 02:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-09-29 03:49 - 2014-03-27 02:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-29 03:49 - 2014-03-27 01:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-29 03:49 - 2014-03-27 01:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-09-29 03:49 - 2014-03-27 01:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-09-29 03:49 - 2014-03-20 01:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-29 03:49 - 2014-03-19 22:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-29 03:49 - 2014-03-19 21:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-29 03:49 - 2014-03-19 06:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-09-29 03:49 - 2014-03-19 06:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-29 03:49 - 2014-03-19 05:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-09-29 03:49 - 2014-03-19 05:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-09-29 03:49 - 2014-03-19 04:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-29 03:49 - 2014-03-19 03:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-29 03:49 - 2014-03-19 03:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-29 03:49 - 2014-03-19 03:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-29 03:49 - 2014-03-19 03:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-29 03:49 - 2014-03-19 03:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-29 03:49 - 2014-03-19 03:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-29 03:49 - 2014-03-19 02:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-29 03:49 - 2014-03-19 02:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-29 03:49 - 2014-03-19 02:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-29 03:49 - 2014-03-18 06:19 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-29 03:49 - 2014-03-18 03:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-09-29 03:49 - 2014-03-18 02:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-09-29 03:49 - 2014-03-17 03:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-09-29 03:49 - 2014-03-17 02:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-09-29 03:49 - 2014-03-17 01:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-29 03:49 - 2014-03-17 00:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-29 03:49 - 2014-03-14 04:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-09-29 03:49 - 2014-03-14 04:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-09-29 03:49 - 2014-03-08 18:40 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-09-29 03:49 - 2014-03-08 04:41 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-09-29 03:49 - 2014-03-08 04:25 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-09-29 03:49 - 2014-03-08 04:04 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-09-29 03:49 - 2014-03-08 03:58 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-09-29 03:49 - 2014-03-06 10:42 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-29 03:49 - 2014-03-06 07:19 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2014-09-29 03:49 - 2014-03-06 06:20 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-09-29 03:49 - 2014-01-27 16:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-09-29 03:48 - 2014-07-24 01:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-29 03:48 - 2014-07-24 01:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-29 03:48 - 2014-06-05 12:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-29 03:48 - 2014-06-05 11:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-29 03:48 - 2014-06-02 00:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-09-29 03:48 - 2014-05-31 08:07 - 00467800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-29 03:48 - 2014-05-31 08:07 - 00440664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-09-29 03:48 - 2014-05-31 08:07 - 00419672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-29 03:48 - 2014-05-31 08:07 - 00089944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-09-29 03:48 - 2014-05-31 08:07 - 00027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-09-29 03:48 - 2014-05-31 04:30 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-09-29 03:48 - 2014-05-31 04:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-09-29 03:48 - 2014-05-31 04:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-09-29 03:48 - 2014-05-31 02:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-09-29 03:48 - 2014-05-31 02:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-09-29 03:48 - 2014-05-31 02:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-09-29 03:48 - 2014-05-27 13:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-29 03:48 - 2014-05-27 07:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-09-29 03:48 - 2014-05-27 07:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-09-29 03:48 - 2014-05-17 02:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-29 03:48 - 2014-05-17 02:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-29 03:48 - 2014-04-30 02:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2014-09-29 03:48 - 2014-04-30 02:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2014-09-29 03:48 - 2014-04-30 01:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2014-09-29 03:48 - 2014-03-31 03:35 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-09-29 03:48 - 2014-03-08 18:47 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-09-29 03:47 - 2014-08-02 01:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-09-29 03:47 - 2014-07-12 02:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-09-29 03:47 - 2014-06-06 11:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-09-29 03:47 - 2014-06-06 10:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-09-29 03:47 - 2014-06-04 07:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-09-29 03:47 - 2014-06-04 03:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-09-29 03:47 - 2014-06-04 03:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-09-29 03:47 - 2014-06-04 02:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-09-29 03:47 - 2014-06-04 02:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-09-29 03:47 - 2014-06-04 00:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-29 03:47 - 2014-06-04 00:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-29 03:47 - 2014-05-01 11:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-09-29 03:47 - 2014-05-01 03:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-09-29 03:43 - 2014-05-31 08:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-29 03:43 - 2014-05-31 08:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-09-29 03:43 - 2014-05-31 01:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-29 03:43 - 2014-05-31 01:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-29 03:43 - 2014-05-31 01:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-29 03:43 - 2014-05-31 01:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-29 03:43 - 2014-05-31 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-29 03:43 - 2014-05-31 00:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-29 03:43 - 2014-05-31 00:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-29 03:43 - 2014-05-31 00:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-09-29 03:43 - 2014-05-31 00:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-29 03:43 - 2014-05-31 00:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-09-29 03:43 - 2014-05-31 00:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-29 03:43 - 2014-04-11 06:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-09-29 03:43 - 2014-04-11 04:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-29 03:43 - 2014-04-11 03:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-09-29 03:43 - 2014-04-11 03:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-29 03:43 - 2014-03-11 11:02 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 14:53 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-25 13:40 - 2014-09-24 00:57 - 01349239 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-25 13:38 - 2013-05-15 15:35 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3336594925-1444484530-2665733283-1001
2014-10-25 13:33 - 2013-05-15 15:42 - 00001098 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-25 08:29 - 2014-03-18 08:11 - 01707228 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-25 08:29 - 2014-03-18 07:30 - 00738078 _____ () C:\WINDOWS\system32\prfh0416.dat
2014-10-25 08:29 - 2014-03-18 07:30 - 00150714 _____ () C:\WINDOWS\system32\prfc0416.dat
2014-10-25 08:25 - 2013-05-15 15:42 - 00001094 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-25 08:23 - 2014-09-24 23:58 - 00000000 ___RD () C:\Users\Gustavo\OneDrive
2014-10-25 08:22 - 2013-08-22 12:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-25 08:21 - 2014-07-25 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-25 08:21 - 2014-03-18 03:57 - 00002658 _____ () C:\WINDOWS\PFRO.log
2014-10-25 08:21 - 2013-08-22 11:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-25 08:20 - 2013-05-21 14:46 - 00000000 ____D () C:\Users\Gustavo\AppData\Roaming\BitTorrent
2014-10-25 08:16 - 2013-06-19 03:11 - 00000964 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA.job
2014-10-25 08:14 - 2013-07-29 12:09 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-10-25 08:14 - 2013-07-29 12:09 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-10-25 08:04 - 2012-07-26 05:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-24 16:28 - 2013-11-13 19:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-24 16:26 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-30 22:53 - 2013-05-15 18:02 - 00000902 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-30 03:16 - 2013-06-19 03:11 - 00000942 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core.job
2014-09-30 02:22 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-30 01:53 - 2013-08-22 12:44 - 05105712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-30 01:48 - 2014-07-14 22:39 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-30 01:48 - 2014-03-18 07:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ___RD () C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ___RD () C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-30 01:48 - 2013-08-22 13:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-30 01:48 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-30 01:47 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-30 01:47 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-09-29 15:10 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-09-29 15:05 - 2013-06-03 18:34 - 00842752 ___SH () C:\Users\Gustavo\Desktop\Thumbs.db
2014-09-25 21:43 - 2014-09-24 00:40 - 00000000 ___DC () C:\WINDOWS\Panther

Some content of TEMP:
====================
C:\Users\Gustavo\AppData\Local\Temp\Quarantine.exe
C:\Users\Gustavo\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-24 00:41

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-10-2014
Ran by Gustavo at 2014-10-25 14:57:31
Running from C:\Users\Gustavo\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34026 - BitTorrent Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.65.1074 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Delete Doctor 2.3 (HKLM-x32\...\Delete Doctor) (Version: 2.3 - )
Enterprise (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
GameRanger (HKCU\...\GameRanger) (Version: - GameRanger Technologies)
GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.9.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Officejet 4500 G510a-f Series Corporate Edition 14.0 (HKLM\...\{B584612D-3743-495A-AB28-98C44C1E2648}) (Version: 14.0 - HP)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 pt-BR)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1403.78 - Trusteer)
Rapport (x32 Version: 3.5.1403.78 - Trusteer) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VDownloader 3.9.1539 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)

==================== Restore Points =========================

29-09-2014 17:10:43 Installed Rapport

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 03:26 - 2014-07-06 12:08 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {102ACFC3-AA76-4A6E-82A2-5F8515906133} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2A1A5415-E3A5-4EA1-89B5-3F7A0CE96AAF} - System32\Tasks\{51A60A61-9F08-4C3D-8CA4-2E3B37B9412E} => Chrome.exe [http://ui.skype.com/ui/0/6.6.0.106/pt/abandoninstall?source=lightinstaller&page=tsInstall](http://ui.skype.com/ui/0/6.6.0.106/pt/abandoninstall?source=lightinstaller&page=tsInstall)

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3BF0019C-DB4C-4D11-9017-6B44751E7047} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19] (Facebook Inc.)

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8FE066B4-1DD9-4557-8DCC-A3EF31AEBF81} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)

Task: {9A004D28-FA78-465D-B66D-119706465862} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {9DBE27FD-F588-4BDD-98AB-77119A64C618} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15] (Google Inc.)

Task: {D71154FC-E47B-46A4-99E8-C71EB3E83330} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {FD152951-68B6-4E4F-B217-6CCD05E778D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core.job => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA.job => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-18 13:24 - 2012-06-18 13:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-03-23 18:04 - 2014-03-23 18:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2012-12-07 12:16 - 2012-12-07 12:16 - 22224096 _____ () C:\Users\Gustavo\AppData\Roaming\GameRanger\GameRanger Prefs\Components\libcef.dll
2014-07-25 19:41 - 2014-10-24 16:28 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Gustavo\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrador (S-1-5-21-3336594925-1444484530-2665733283-500 - Administrator - Disabled)
Convidado (S-1-5-21-3336594925-1444484530-2665733283-501 - Limited - Disabled)
Gustavo (S-1-5-21-3336594925-1444484530-2665733283-1001 - Administrator - Enabled) => C:\Users\Gustavo
HomeGroupUser$ (S-1-5-21-3336594925-1444484530-2665733283-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2014 01:39:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GUSTAVO-NOTE2)
Description: Falha na ativação do aplicativo WinStore_cw5n1h2txyewy!Windows.Store com o erro: -2144927151. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

System errors:
=============
Error: (10/25/2014 02:56:22 PM) (Source: DCOM) (EventID: 10010) (User: GUSTAVO-NOTE2)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (10/25/2014 02:55:52 PM) (Source: DCOM) (EventID: 10010) (User: GUSTAVO-NOTE2)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (10/25/2014 02:55:22 PM) (Source: DCOM) (EventID: 10010) (User: GUSTAVO-NOTE2)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-10-25 08:22:17.705
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-24 12:38:28.198
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-30 21:46:08.459
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-30 10:26:22.887
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-30 00:53:16.259
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\igdkmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-06 11:07:33.579
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU B830 @ 1.80GHz
Percentage of memory in use: 28%
Total physical RAM: 3909.28 MB
Available physical RAM: 2796.13 MB
Total Pagefile: 4613.28 MB
Available Pagefile: 3489.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.13 GB) (Free:160.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C98F7C0D)

Partition: GPT Partition Type.

==================== End Of Log ============================

Boa Tarde! Gsbad

Copie estas informações que estão em vermelho,para o Bloco de Notas.
Salve-a com o nome fixlist.txt.
Salve-a no desktop! ( Área de trabalho ... ) ( C:\Users\Gustavo\Desktop )

start

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

CHR Extension: (Cinema-Plus-1.2) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom [2014-07-25]

2014-10-25 08:15 - 2014-10-25 08:20 - 00000000 ____D () C:\AdwCleaner

2014-10-25 08:14 - 2014-10-25 08:14 - 01962496 _____ () C:\Users\Gustavo\Downloads\AdwCleaner (1).exe

2014-10-25 08:14 - 2014-10-25 08:14 - 01962496 _____ () C:\Users\Gustavo\Desktop\AdwCleaner.exe

2014-10-25 13:40 - 2014-09-24 00:57 - 01349239 _____ () C:\WINDOWS\WindowsUpdate.log

2014-10-25 08:21 - 2014-03-18 03:57 - 00002658 _____ () C:\WINDOWS\PFRO.log

2014-10-25 08:16 - 2013-06-19 03:11 - 00000964 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA.job

Task: {3BF0019C-DB4C-4D11-9017-6B44751E7047} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19] (Facebook Inc.)

Task: {FD152951-68B6-4E4F-B217-6CCD05E778D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19] (Facebook Inc.)

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core.job => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA.job => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Users\Gustavo\AppData\Local\Temp\Quarantine.exe

C:\Users\Gustavo\AppData\Local\Temp\sqlite3.dll

end

Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
Poste o relatório! (Fixlog.txt)

A+

Opa, segue o fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-10-2014
Ran by Gustavo at 2014-10-25 16:52:42 Run:1
Running from C:\Users\Gustavo\Desktop
Loaded Profile: Gustavo (Available profiles: Gustavo)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Task: {3BF0019C-DB4C-4D11-9017-6B44751E7047} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19] (Facebook Inc.)
Task: {FD152951-68B6-4E4F-B217-6CCD05E778D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core.job => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA.job => C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Gustavo\Downloads\AdwCleaner (1).exe => Moved successfully.
C:\Users\Gustavo\Desktop\AdwCleaner.exe => Moved successfully.
Could not move "C:\WINDOWS\WindowsUpdate.log" => Scheduled to move on reboot.
C:\WINDOWS\PFRO.log => Moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BF0019C-DB4C-4D11-9017-6B44751E7047}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BF0019C-DB4C-4D11-9017-6B44751E7047}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD152951-68B6-4E4F-B217-6CCD05E778D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD152951-68B6-4E4F-B217-6CCD05E778D8}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core" => Key deleted successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core.job => Moved successfully.

C:\Users\Gustavo\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Gustavo\AppData\Local\Temp\sqlite3.dll => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-25 17:04:07)<=

C:\WINDOWS\WindowsUpdate.log => Is moved successfully.

==== End of Fixlog ====

Bom Dia! Gsbad

Baixe: < Adware Removal Tool > ( ... by techsupportall.com )
Salve-a no desktop!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/AdwareRemovalTool_Logo_zpsbb2fdbf0.jpg&key=efeb293980df88dbc8d17e13cb76540ed3c0f497796a173212e91b600a50d674" alt="AdwareRemovalTool_Logo_zpsbb2fdbf0.jpg" />

Execute o arquivo Adware-Removal-Tool-v3.9.1.exe <<

/applications/core/interface/imageproxy/imageproxy.php?img=http://4.t.imgbox.com/v5hX1ok8.jpg&key=cc8da5336d434a15b84daa3cc8014d3ab9cbee09872128080d9d5281612356ee" alt="v5hX1ok8.jpg" />

Dê início a verificação,clicando em Scan.

/applications/core/interface/imageproxy/imageproxy.php?img=http://6.t.imgbox.com/UdVradaM.jpg&key=5f7f6d4ac9cc4da179217908f3882a2077fdf49932070d62fb9710d948def7c4" alt="UdVradaM.jpg" />

Ao concluir seu prescan,clique OK.
Ps: Cada guia irá mostrar o que será removido!

/applications/core/interface/imageproxy/imageproxy.php?img=http://2.t.imgbox.com/ceke2xP1.jpg&key=7ca9a037e39fb35fd6005171b6b9fa8c37407e0595c2c2928379126d5bc1abdf" alt="ceke2xP1.jpg" />

Clique "Next" >> Aguarde!

< Computador >> Windows (C:) >> Program Files >> Adware-Removal-Tool >> Reports >> Repair_Logs_2014_10_dia_h_min_seg.txt <<

Poste o relatório!

Abs!

Bom dia Digram, segue o relatorio

Adware Removal Tool v3.9
Time: 2014_10_26_07_36_44
OS: Windows 8 - 64 Bit
Account Name: Gustavo
U0L0S34

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy:apppath
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16d43705-be10-4e02-a30a-c22d886d3c16}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16d43705-be10-4e02-a30a-c22d886d3c16}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C5C850D-69CB-4DA5-B24D-D4487FE8AC8B}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30192361-6A1B-4185-ACA5-8262EDDAD9B2}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3240ECDA-2192-46EB-86F5-9B768D928648}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56A8B5D-914C-4C39-A3AD-28C59B8A22A0}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{600AB563-3E13-4F67-8482-F5487A75B110}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612A819-3856-4B15-B95E-CC7449959193}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65DEFF9-C89B-4C9C-94B4-529236C48BC3}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{686FAC56-7CD1-418C-A845-2DD2C3B707B}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{696A2171-D069-45EF-891D-C4352D1B124}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70C4493B-33E5-48EA-A777-B4553B993B8}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{735B0A4-A6AB-4218-B22D-BCCADAC88665}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{873E4A5-D291-401F-ACFC-B4FC26F3189E}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90089640-1D79-40A0-87F6-78DAFCA2861}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9219E5D-A9F3-46C5-831C-6161942F43D}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB6D8C70-72F4-4C2C-9E34-7CBB88A1E850}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2CBBC9B-C7A6-4ACF-91DF-79E99A31FEF4}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E70E96D9-B2C7-459B-9022-F566DCBE7E8}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0753CB6-E7F0-4E17-A167-D160E354579A}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FCF72AB2-3BC4-4A88-B7F6-2FB9E874E1B}:appname
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE:Conduit
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished

Bom Dia! Gsbad

Vamos remover as ferramentas que foram utilizadas na desinfecção!
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/delfix_108_zps75ef8ba4.jpg&key=b39e23e6b61919a1a815c38e03726a9072afe4f3d0095f800f63e2e4ac1f671e" alt="delfix_108_zps75ef8ba4.jpg" /> > ( ... de Xplode )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/DelFix_Download_zpsb5d944c7.jpg&key=c11cd63c68a67a8bcd0443a3fe0e716fc51d8e7a80122a3b6bf3a92bc1cfea40" alt="DelFix_Download_zpsb5d944c7.jpg" />

Estando na página,clique em Download Now.
Salve-a em um local conveniente! ( desktop! )
Feche aplicativos que estejam abertos.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_RCL_zpscdf4940b.jpg&key=445a21c4b466a62330035b9f4c21e594031045c85368f309c5eb1deb786c08f9" alt="DelFix_RCL_zpscdf4940b.jpg" />

Remover ferramentas de desinfecção
Criar backup do registro
Limpar pontos da restauração do sistema
Com estas caixinhas marcadas,clique Executar!
Reinicie o computador!
Tudo Ok?

A+

Apareceu um websearches na pagina inicial, acho q fiz alguma besteira, segue um ultimo log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:07:36, on 26/10/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1414342929&from=bxk1&uid=TOSHIBAXMK3259GSXP_62DYCLD2TXX62DYCLD2T
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1414342929&from=bxk1&uid=TOSHIBAXMK3259GSXP_62DYCLD2TXX62DYCLD2T&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1414342929&from=bxk1&uid=TOSHIBAXMK3259GSXP_62DYCLD2TXX62DYCLD2T&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1414342929&from=bxk1&uid=TOSHIBAXMK3259GSXP_62DYCLD2TXX62DYCLD2T
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1414342929&from=bxk1&uid=TOSHIBAXMK3259GSXP_62DYCLD2TXX62DYCLD2T
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1414342929&from=bxk1&uid=TOSHIBAXMK3259GSXP_62DYCLD2TXX62DYCLD2T&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1414342929&from=bxk1&uid=TOSHIBAXMK3259GSXP_62DYCLD2TXX62DYCLD2T&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1414342929&from=bxk1&uid=TOSHIBAXMK3259GSXP_62DYCLD2TXX62DYCLD2T
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: gooternet - {9be122ba-2b3a-41fd-acf8-7a39b18d3ffe} - C:\Program Files (x86)\gooternet\gooternetbho.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [mbot_br_191] "C:\Program Files (x86)\mbot_br_191\mbot_br_191.exe"
O4 - HKLM\..\Run: [baidu PC Faster 4.0.0.0] "C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe" -auto -start
O4 - HKLM\..\RunOnce: [upmbot_br_191.exe] C:\Users\Gustavo\AppData\Local\mbot_br_191\upmbot_br_191.exe -runonce
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\daemon\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

--
End of file - 9921 bytes

Boa Tarde! Gsbad

Tudo bem! Vamos a uma limpeza mais profunda,resetando seus navegadores.
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://hijackthis.nl/smeenk/Zoek-exe.png&key=258c0a7e2e2a8839d194a8a472a7fac8b2b0a57b6edfe01c0c75632b2d33ae07" alt="Zoek-exe.png" /> > ( ... by Smeenk )

< /applications/core/interface/imageproxy/imageproxy.php?img=http://www.imgdumper.nl/uploads6/51a612a8b2bc1/51a612a8b27e2-Zoek.png&key=b080d87f02699d418b53b08471d428294848da3b0e2385f0657dbc188036baad" alt="51a612a8b27e2-Zoek.png" />zoek.exe >

Salve-o ao desktop!
Desabilite seu antivírus!
Para Windows 7,execute zoek.exe como administrador.

iStartSurf;a
iStartSurf;z

chrdefaults;
emptyCHRcache;
iedefaults;

ffdefaults;
emptytemp;
autoclean;

Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
Clique "Run Script".
Zoek.exe is running now.

Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Zoek_Reboot_zpscf60b3cf.jpg&key=cd3dbc8b6058332b5ca134f03724ff8c45ff51d7f31a8c732301729c7a9e6c94" alt="Zoek_Reboot_zpscf60b3cf.jpg" />

Confirme o reboot!
zoek.hta failed by unknown error.

Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
Poste o relatório,que estará em C:\zoek-results.txt <<

A+

Boa noite DIgram

Zoek.exe v5.0.0.0 Updated 26-10-2014
Tool run by Gustavo on 26/10/2014 at 15:49:44,46.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gustavo\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

26/10/2014 15:50:29 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Oracle deleted successfully
C:\Users\Gustavo\AppData\Roaming\Baidu Security deleted successfully
C:\Users\Gustavo\AppData\Roaming\Opera Software deleted successfully
C:\Users\Gustavo\AppData\Roaming\uTorrent deleted successfully
C:\Users\Gustavo\AppData\Local\Opera Software deleted successfully
C:\Users\Gustavo\AppData\Local\VDownloader deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\mtobp5xo.default\prefs.js:

Added to C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\mtobp5xo.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");

user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~3\boost_interprocess deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\tasks\060184C3-9766-46a0-B258-F4518A0B2633 deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
"C:\PROGRA~2\Windows Portable Devices" deleted

==== Folders Found ======================

==== Files Found ======================

==== Registry Search Results for "iStartSurf" ======================

No instances of string "iStartSurf" found.

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [20/09/2014 20:53]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox

• Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\mtobp5xo.default
B0ADE55ACE2B4EC8C821D54464F54112 - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Gustavo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
B52EFEC8EEF9A7809376795ED3699826 - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
7B448B2B45428218D0D87376A2FF9FC2 - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil
EAF8BBB88F9785622403499D9BCEE610 - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal

==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[24/05/2014 10:30]

GBBD Caixa Economica Federal - Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
GBBD Banco do Brasil - Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Chromium Fix ======================

C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Reset Google Chrome ======================

C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nnjbodopomfddehlalfilheomcahbpei deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gustavo\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Gustavo\AppData\Local\Mozilla\Firefox\Profiles\mtobp5xo.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=9 folders=6 234475 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gustavo\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Gustavo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 26/10/2014 at 21:21:34,95 ======================

Boa Noite! Gsbad

Baixe: < ZHPDiag2.exe > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" /> > ( ... de Nicolas Coolman )
Salve-o no disco local! ( C ou D )
Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pergaminho2_zps6e758639.jpg&key=6ea716e3ff0c1e80fdbb9b821ab86cbec4d10a8ec6466840625e1b7577bb9e18" alt="ZHPDiag_Pergaminho2_zps6e758639.jpg" />

Execute o ícone do pergaminho. ( ZHPDiag )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiagCompleta_zpse85ea35b.jpg&key=32059d48f2d322104f1cb762d37015d71684e7a50868f2c84da3ff60600282cc" alt="ZHPDiagCompleta_zpse85ea35b.jpg" />

Clique "COMPLETA" e aguarde a conclusão!
Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
Ps: Como o log será extenso,envie-o à Pjjoint.malekal.
Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >
Maiores informações: < |Link| >

A+

Nao esta aparecendo a opçao "Completa". Somente configurar e importaçao =/

Nao esta aparecendo a opçao "Completa". Somente configurar e importaçao =/

Olá!

É que vc acionou a ferramenta errada! ( ZHPFix )

A+

Consigui

http://pjjoint.malekal.com/files.php?id=20141027_i108r9m9q8

Bom Dia! Gsbad

Execute este script na ferramenta ZHPFix.
Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
[MD5.00000000000000000000000000000000] [APT] [{8839606F-C3F0-4922-A57D-7C61566A0B80}] (...) -- C:\Program Files (x86)\Cinema-Plus-1.2\Uninstall.exe (.not file.) [0]
O2 - BHO: gooternet [64Bits] - {9be122ba-2b3a-41fd-acf8-7a39b18d3ffe} . (.gooternet - gooternet.) -- C:\Program Files (x86)\gooternet\gooternetbho.dll
O23 - Service: Wajam Web Enhancer (Wajam Web Enhancer) . (...) - C:\Program Files\Wajam Web Enhancer\wajam_64.exe (.not file.)
O43 - CFD: 25/07/2014 - 19:13:44 - [] ----D C:\Program Files (x86)\gooternet
O44 - LFC:[MD5.6CA568D42835DC245767AFA01C3BA8E0] - 26/10/2014 - 20:21:34 ---A- . (...) -- C:\zoek-results.log [10126]
O45 - LFCP:[MD5.4C6FC8EC1AFC65DEB38E453153797720] - 26/10/2014 - 14:13:44 ---A- - C:\Windows\Prefetch\WAJAM.EXE-ED598E42.pf
O58 - SDL:26/05/2014 - 09:59:35 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\Bnba---.sys [91616]
O58 - SDL:26/05/2014 - 09:59:47 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\Bndef.sys [70912]
SS - | Auto 10/07/1658 0 | (Wajam Web Enhancer) . (...) - C:\Program Files\Wajam Web Enhancer\wajam_64.exe
[HKLM\SYSTEM\CurrentControlSet\Services\Wajam Web Enhancer]
[HKCU\Software\gooternet]
[HKLM\Software\Wow6432Node\gooternet]
[HKCU\Software\Baidu Security]
[HKLM\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Baixaki]
[HKCU\Software\Facebook]
[HKCU\Software\gooternet]
[HKLM\Software\swearware]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
C:\Windows\System32\Drivers\Bnba---.sys
C:\Windows\System32\Drivers\Bndef.sys
ServiceStop:Bnba---
ServiceStop:Bnba---

Abra a ferramenta ZHPFix. < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_logo2_zpsea0f2aa4.jpg&key=d5542cfa8c2927966334db1e22757054447548c1fa99304069314737b6934181" alt="ZHPFix_logo2_zpsea0f2aa4.jpg" /> >
Clique IMPORTAÇÃO >> OK.
Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
Clique "GO".
Poste o relatório!

A+

Bom dia, segue o log:

Rapport de ZHPFix 2014.10.24.11 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by Gustavo at 27/10/2014 11:58:02
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 24s)
Prefetcher vazio

========== Estado dos serviços ==========
Bnba--- Parado

========== Chaves do Registo ==========
ELIMINÉ: CLSID BHO: {9be122ba-2b3a-41fd-acf8-7a39b18d3ffe}
ELIMINÉ: Service: Wajam Web Enhancer
ELIMINÉ: HKCU\Software\gooternet
ELIMINÉ: HKLM\Software\Wow6432Node\gooternet
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\Baixaki
ELIMINÉ: HKCU\Software\Facebook
ELIMINÉ:* HKLM\Software\swearware
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Domain) : {9E3D57FC-7C37-4424-9352-4831E97D029D}
ELIMINÉ: FirewallRaz (Domain) : {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}
ELIMINÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope
ELIMINÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
ELIMINÉ: FirewallRaz (None) : NetPres-WSD-In-UDP
ELIMINÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP
ELIMINÉ: FirewallRaz (Public) : NetPres-In-TCP
ELIMINÉ: FirewallRaz (Public) : NetPres-Out-TCP
ELIMINÉ: FirewallRaz (None) : MCX-Prov-Out-TCP
ELIMINÉ: FirewallRaz (None) : MCX-McrMgr-Out-TCP
ELIMINÉ: FirewallRaz (Private) : {BACE181C-57F0-4024-8092-E02EDB41B53B}
ELIMINÉ: FirewallRaz (Private) : {A8007DBE-0503-4CA1-9ACE-761154255E88}
ELIMINÉ: FirewallRaz (Domain) : {1EF74ACD-E025-4A83-97CE-9D5F72331FCD}
ELIMINÉ: FirewallRaz (Domain) : {EA5D62BD-539D-4D0B-8348-289A31DE8726}
ELIMINÉ: FirewallRaz (None) : {50BDE0CF-E37A-4593-A1D7-8BAC9A913096}
ELIMINÉ: FirewallRaz (Private) : UDP Query User{3BBDB2CC-1B97-452C-8D85-CA42C410FEE0}C:\users\gustavo\downloads\bittorrent.exe
ELIMINÉ: FirewallRaz (Private) : TCP Query User{88126AA1-6EE7-46CB-8847-9DE9D87908DD}C:\users\gustavo\downloads\bittorrent.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{BE7D3351-779F-4CD8-B83E-554B8C9F8130}C:\users\gustavo\downloads\bittorrent.exe
ELIMINÉ: FirewallRaz (Public) : TCP Query User{07D55855-2BF5-49EE-BD69-B34093888478}C:\users\gustavo\downloads\bittorrent.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{DFB58EA6-8EA3-49AE-A15C-E20D972AD023}C:\users\gustavo\appdata\roaming\gameranger\gameranger\gameranger.exe
ELIMINÉ: FirewallRaz (Public) : TCP Query User{26DDD509-F0C5-4660-8FDD-8043AA425D7A}C:\users\gustavo\appdata\roaming\gameranger\gameranger\gameranger.exe

========== Pastas ==========
ELIMINÉ Temporários windows (6)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\Program Files (x86)\gooternet

========== Ficheiros ==========
ELIMINÉ Temporários windows (5) (143.170.830 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\program files (x86)\gooternet\gooternetbho.dll
ELIMINÉ: c:\zoek-results.log
ELIMINÉ: c:\windows\prefetch\wajam.exe-ed598e42.pf
ELIMINA REINICIAR: c:\windows\system32\drivers\bndef.sys
ELIMINÉ: C:\Windows\System32\Drivers\Bndef.sys

========== Tarefa planificada ==========
ELIMINÉ: {8839606F-C3F0-4922-A57D-7C61566A0B80}

========== Recapitulativo ==========
11 : Chaves do Registo
23 : Valores do Registo
3 : Pastas
7 : Ficheiros
1 : Estado dos serviços
1 : Tarefa planificada

End of clean in 00mn 37s

========== Caminho do ficheiro do relatório ==========
C:\Users\Gustavo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/10/2014 11:58:28 [3552]

Boa Tarde! Gsbad

Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Logo2_zps580bcd78.jpg&key=71530441ef1621c6398a69f0f5fae6f7f5c87897579baf8487ec306c4e109626" alt="AdwCleaner_Logo2_zps580bcd78.jpg" /> > ( ... par Xplode )

Ou daqui: < AdwCleaner >
Ao acessar,clique em "Download Now".

Salve-o no desktop!

< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" /> >

Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/AdwCleaner_Examinar_zps828ed634.jpg&key=ab3daa6c25adcfd393aa42949dcd0177a1c4f1dba193cc7c9704843f6ef97402" alt="AdwCleaner_Examinar_zps828ed634.jpg" />

Ps: Dê início ao scan,clicando em "Examinar".

< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Limpar_zps06005ae9.jpg&key=e03b122437ba41a51aeb80130d87464e234beda92d71d6cab1205ee84e50d78e" alt="AdwCleaner_Limpar_zps06005ae9.jpg" /> >

Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
Copie o log ou clique "Relatório".
Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

A+

AdwCleaner v4.002 - Relatório criado 27/10/2014 às 14:09:47

DB v2014-10-26.6

Atualizado 27/10/2014 por Xplode

Sistema Operacional : Windows 8.1 (64 bits)

Usuário : Gustavo - GUSTAVO-NOTE2

Executando de : C:\Users\Gustavo\Downloads\adwcleaner_4.002.exe

Opção : Limpar

*** [ Serviços ] ***

*** [ Arquivos / Pastas ] ***

*** [ Tarefas ] ***

*** [ Atalhos ] ***

*** [ Registro ] ***

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

*** [ Navegadores ] ***

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v32.0.2 (x86 pt-BR)

-\\ Google Chrome v37.0.2062.120

*************************

AdwCleaner[R1].txt - [904 octets] - [27/10/2014 13:48:37]
AdwCleaner[s1].txt - [808 octets] - [27/10/2014 14:09:47]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [867 octets] ##########

Boa Tarde! Gsbad

/applications/core/interface/imageproxy/imageproxy.php?img=http://6.t.imgbox.com/zx4ZII3H.jpg&key=e48cfe69cd36ea0ea8381b99470389d90831091a3843c6fbb427cbc6b322f7e7" alt="zx4ZII3H.jpg" />

Abra a ferramenta AdwCleaner e clique em "Desinstalar".
Confirme a solicitação!

Baixe: < Adware Removal Tool > ( ... by techsupportall.com )
Salve-a no desktop!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/AdwareRemovalTool_Logo_zpsbb2fdbf0.jpg&key=efeb293980df88dbc8d17e13cb76540ed3c0f497796a173212e91b600a50d674" alt="AdwareRemovalTool_Logo_zpsbb2fdbf0.jpg" />

Execute o arquivo Adware-Removal-Tool-v3.9.1.exe <<

/applications/core/interface/imageproxy/imageproxy.php?img=http://4.t.imgbox.com/v5hX1ok8.jpg&key=cc8da5336d434a15b84daa3cc8014d3ab9cbee09872128080d9d5281612356ee" alt="v5hX1ok8.jpg" />

Dê início a verificação,clicando em Scan.

/applications/core/interface/imageproxy/imageproxy.php?img=http://6.t.imgbox.com/UdVradaM.jpg&key=5f7f6d4ac9cc4da179217908f3882a2077fdf49932070d62fb9710d948def7c4" alt="UdVradaM.jpg" />

Ao concluir seu prescan,clique OK.
Ps: Cada guia irá mostrar o que será removido!

/applications/core/interface/imageproxy/imageproxy.php?img=http://2.t.imgbox.com/ceke2xP1.jpg&key=7ca9a037e39fb35fd6005171b6b9fa8c37407e0595c2c2928379126d5bc1abdf" alt="ceke2xP1.jpg" />

Clique "Next" >> Aguarde!

< Computador >> Windows (C:) >> Program Files >> Adware-Removal-Tool >> Reports >> Repair_Logs_2014_10_dia_h_min_seg.txt <<

Poste o relatório!

A+

Adware Removal Tool v3.9
Time: 2014_10_27_23_44_37
OS: Windows 8 - 64 Bit
Account Name: Gustavo
U0L0S0

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

-- No objects found

\\ Finished

Bom Dia! Gsbad

Vamos remover as ferramentas que foram utilizadas na desinfecção!
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/delfix_108_zps75ef8ba4.jpg&key=b39e23e6b61919a1a815c38e03726a9072afe4f3d0095f800f63e2e4ac1f671e" alt="delfix_108_zps75ef8ba4.jpg" /> > ( ... de Xplode )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/DelFix_Download_zpsb5d944c7.jpg&key=c11cd63c68a67a8bcd0443a3fe0e716fc51d8e7a80122a3b6bf3a92bc1cfea40" alt="DelFix_Download_zpsb5d944c7.jpg" />

Estando na página,clique em Download Now.
Salve-a em um local conveniente! ( desktop! )
Feche aplicativos que estejam abertos.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_RCL_zpscdf4940b.jpg&key=445a21c4b466a62330035b9f4c21e594031045c85368f309c5eb1deb786c08f9" alt="DelFix_RCL_zpscdf4940b.jpg" />

Remover ferramentas de desinfecção
Criar backup do registro
Limpar pontos da restauração do sistema
Com estas caixinhas marcadas,clique Executar!
Reinicie o computador!
Tudo Ok?

A+