Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

RUY

[Resolvido] Análise de log após aviso do Facebook

Recommended Posts

Recebi um aviso de possível malware e seguindo as instruções do Facebook, baixei o FSecure e executei.

 

Abaixo segue log do Hijack para confirmar se a máquina ficou limpa.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:01:41, on 07/07/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE\updrgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Ivan\Desktop\Backup ivan\ivansc\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
O4 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
O4 - Startup: PalTalk.lnk = C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9761 bytes

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite RUY, eu estarei assumindo o seu caso, por gentileza realize o escaneamento com a ferramenta abaixo:

 

  • Baixe: <ZHPDiag3 ><Nicolas_zpsd607e812.jpg> ( ...Nicolas Coolman)
  • Na página, clique Download_Icon_zps720da3eb.jpg
  • Salve-a no Desktop (Área de trabalho)
  • Dê um duplo clique para executar Icon_zhpdiag3_zpsaigd3wcv.jpg.
  • Para Windows 7, 8 clique direito e depois em run_as_adm1_zps9c608e64.png
  • Clique "Eu"
Zhpdiag_Scanner_zpshjnbdojm.jpg
  • Clique em Scanner
  • Após a Conclusão
Relatoacuterio_Zhpdiag_zps0pigbrby.jpg
  • Clique em Relatório
  • Obs: O relatório por ser extenso deve ser postado em um desses sites:
  • Acesse: <cjoint_zpse4622b2d.jpg>
  • Ou acesse:<logo_zps572d7597_1.gif>
  • Ou anexe-o ao fórum !
Um grande abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites
~ ZHPDiag v2015.7.7.85 Por Nicolas Coolman (2015\07\07)

~ iniciado por Ivan (Administrator) (2015/07/08 00:45:01)



~ Status da versão: Version OK

~ Modo: Scanner

~ Relatório: C:\Users\Ivan\Desktop\ZHPDiag.txt

~ Relatório: C:\Users\Ivan\AppData\Roaming\ZHP\ZHPDiag.txt

~ UAC: Activate

~ Inicialização do sistema: Normal (Normal boot)

~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Navegadores Internet (3) - 0s

GCIE: Google Chrome v43.0.2357.132

MFIE: Mozilla v39.0

MSIE: Internet Explorer v11.0.9600.17843


---\\ Informações sobre os produtos Windows (3) - 7s

~ Windows Server License Manager Script : OK

~ Licence Script File Génération : OK

Windows Activation Technologies : OK


---\\ Softwares de proteçao do sistema (1) - 1s

Avira Antivirus v15.0.11.574


---\\ Softwares de proteçao do sistema (Supérfluo) (1) - 1s

McAfee Security Scan Plus v3.8.150.1


---\\ Softwares d'optimização do sistema (1) - 1s

CCleaner v3.28


---\\ Monitoramento dos softwares (2) - 1s

Adobe Flash Player 18 NPAPI

Adobe Reader XI


---\\ Informações sobre o sistema (6) - 0s

~ Operating System: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel

~ Operating System: 64-bit

~ Boot mode: Normal (Normal boot)

~ Total physical RAM (KB): 4184248

~ System Restore: Activé (Enable)

~ System drive C: has 351 GB free of 476 GB


---\\ Modo de conexão ao sistema (3) - 0s

~ Computer Name: IVAN-PC

~ User Name: Ivan

~ Logged in as Administrator


---\\ Enumeração das unidades dos discos (2) - 6s

~ Drive C: has 351 GB free of 476 GB (System)

~ Drive E: has GB free of 0 GB


---\\ Pesquisa particular de ficheiros genéricos (22) - 1s

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) () -- C:\Windows\Explorer.exe [2871808]

[MD5.DD81D91FF3B0763C392422865C9AC12E] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) () -- C:\Windows\System32\rundll32.exe [45568]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) () -- C:\Windows\System32\Wininit.exe [129024]

[MD5.417F80E4AFBA1AA9EBBD618F1C6D9165] - (.Microsoft Corporation - Internet Extensions para Win32.) () -- C:\Windows\System32\wininet.dll [2426880]

[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) () -- C:\Windows\System32\Winlogon.exe [455168]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) () -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [497152]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) () -- C:\Windows\System32\drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\Windows\System32\drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [261632]

[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) () -- C:\Windows\System32\drivers\ntfs.sys [1684928]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) () -- C:\Windows\System32\drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [129536]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) () -- C:\Windows\System32\drivers\smb.sys [93184]

[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) () -- C:\Windows\System32\drivers\volsnap.sys [295808]


---\\ Processos lançados (9) - 1s

[MD5.1A18EBD87AA9FBF6EFE8CFADA08D0275] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304] [PID.1756]

[MD5.F13B73E932CACDDE5ED825BDF7AA9637] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\SysWOW64\vmnat.exe [437976] [PID.1992]

[MD5.05A869D1B12B08B5601487CA534B5021] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\SysWOW64\vmnetdhcp.exe [359128] [PID.2116]

[MD5.41FAE6618768DC93D98DDAF3F8282D3E] - (.VMware, Inc. - VMware USB Arbitration Service.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [906432] [PID.2136]

[MD5.34084D25BE6F48D072AA54DE630438FD] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896] [PID.2704]

[MD5.05F32020F1687A074E53EA707A585762] - (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files (x86)\Paltalk Messenger\paltalk.exe [8344144] [PID.2740]

[MD5.53C740150C082AAF3C7D21C1D6A9FF98] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552] [PID.3636]

[MD5.7588FCA776183DDDEBFB70BCAE95C85C] - (.ZTE - .) -- C:\Program Files (x86)\Claro 3G\UIMain.exe [10870528] [PID.3284]

[MD5.4BC380F3A7DA81BEE0F954FC9DCE0377] - (...) -- C:\Program Files (x86)\Claro 3G\CMUpdater.exe [680192] [PID.5240]


---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3) (13) - 2s

P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bing.xml

P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\buscape.xml

P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml

P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\google.xml

P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mercadolivre.xml

P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\twitter.xml

P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-br.xml

P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo-br.xml

P2 - EXT: (.Mozilla - Default.) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (.Unity Technologies ApS.) -- C:\Users\Ivan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll

P2 - FPN: [HKLM] [@java.com/DTPlugin,version=11.45.2] - (.Oracle Corporation.) -- C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=11.45.2] - (.Oracle Corporation.) -- C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll


---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4) (15) - 0s

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/

R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer


---\\ Internet Explorer, Gestão do Proxy (R5) (3) - 0s

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll


---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas (3) - 0s

F2 - REG:system.ini: UserInit=C:\Windows\System32\Userinit.exe (.Microsoft Corporation.)

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.)

F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.)


---\\ Redireção do ficheiro Hosts (O1) (1) - 0s

~ Le fichier hôte est sain (The hosts file is clean) (21)


---\\ Browser Helper Objects do navegador (O2) (3) - 0s

O2 - BHO: Skype for Business Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} (Orphean)

O2 - BHO: Java Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Orphean)

O2 - BHO: Java Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} (Orphean)


---\\ Aplicações iniciadas por registo & pastas (O4) (13) - 0s

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [Adobe Reader Synchronizer] . (.Adobe Systems Incorporated - Adobe Collaboration Synchronizer 11.0.) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe

O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run: [Adobe Reader Synchronizer] . (.Adobe Systems Incorporated - Adobe Collaboration Synchronizer 11.0.) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe


---\\ Alteração Dominio/Clientes DNS (017) (8) - 0s

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 200.169.117.221 200.169.117.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 200.169.117.221 200.169.117.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1


---\\ Lista dos serviços NT não Microsoft e não desativados (023) (12) - 1s

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Avira Mail Protection (AntiVirMailService) . (.Avira Operations GmbH & Co. KG - Antivirus MailScanner WFP Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe

O23 - Service: Avira Agendamento (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Service Host (Avira.ServiceHost) . (.Avira Operations GmbH & Co. KG - Avira.ServiceHost.) - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: VMware Authorization Service (VMAuthdService) . (.VMware, Inc. - VMware Authorization Service.) - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) . (...) - C:\Windows\System32\vmnetdhcp.exe (.not file.)

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) . (.VMware, Inc. - VMware USB Arbitration Service.) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

O23 - Service: VMware NAT Service (VMware NAT Service) . (...) - C:\Windows\System32\vmnat.exe (.not file.)


---\\ Tarefas planificadas automaticamente (039) (12) - 0s

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902]

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1066]

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1070]

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\Adobe Acrobat Update Task [3886]

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3840]

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2770]

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3814]

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [4066]

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Ivan-PC-Ivan Ivan-PC [5004]

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\{3B20EE6C-E0E6-4A2D-BDDD-183D79447EE2} [3090]

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\{A89F789C-846C-41F6-944A-800668A6424C} [3180]

O39 - APT:Automatic Planified Task - (...) -- C:\Windows\System32\Tasks\{DFAF1978-31D7-4441-8CAD-C747513E1BB4} [3160]


---\\ Software instalados (042) (76) - 6s

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner

O42 - Logiciel: GIMP 2.8.2 - (.The GIMP Team.) [HKLM][64Bits] -- GIMP-2_is1

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM][64Bits] -- HDMI

O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM][64Bits] -- McAfee Security Scan

O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM][64Bits] -- TeamSpeak 3 Client

O42 - Logiciel: Build Tools Language Resources - amd64 - (.Microsoft Corporation.) [HKLM][64Bits] -- {05198C22-FFCE-374A-B190-9F18CC99DAEA}

O42 - Logiciel: Microsoft Web Platform Installer 4.6 - (.Microsoft Corporation.) [HKLM][64Bits] -- {16C7D2AD-20CA-491E-80BC-8607A9AACED9}

O42 - Logiciel: 7-Zip 9.20 (x64 edition) - (.Igor Pavlov.) [HKLM][64Bits] -- {23170F69-40C1-2702-0920-000001000000}

O42 - Logiciel: Microsoft Web Deploy 3.5 - (.Microsoft Corporation.) [HKLM][64Bits] -- {3674F088-9B90-473A-AAC3-20A00D8D810C}

O42 - Logiciel: Java SE Development Kit 8 Update 11 (64-bit) - (.Oracle Corporation.) [HKLM][64Bits] -- {64A3A4F4-B792-11D6-A78A-00B0D0180110}

O42 - Logiciel: Microsoft Team Foundation Server 2013 Object Model (x64) - (.Microsoft Corporation.) [HKLM][64Bits] -- {65C91666-C3E8-3A42-BDA8-87932DD34F89}

O42 - Logiciel: IIS 8.0 Express - (.Microsoft Corporation.) [HKLM][64Bits] -- {7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: IIS Express Application Compatibility Database for x64 - (...) [HKLM][64Bits] -- {9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb

O42 - Logiciel: Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - EN - (.Microsoft Corporation.) [HKLM][64Bits] -- {C41498FE-0BF8-3B22-9785-231CE53C728E}

O42 - Logiciel: VMware Player - (.VMware, Inc..) [HKLM][64Bits] -- {E452E727-86B8-4233-8CC3-41FD817AFAFF}

O42 - Logiciel: PHP Manager 1.2 for IIS 7 - (. .) [HKLM][64Bits] -- {E851486F-1FE2-44F0-85ED-F969088A68EE}

O42 - Logiciel: Build Tools - amd64 - (.Microsoft Corporation.) [HKLM][64Bits] -- {F74753A3-C93C-34F5-A199-993CAF602B7D}

O42 - Logiciel: IIS Express Application Compatibility Database for x86 - (...) [HKLM][64Bits] -- {fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb

O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe AIR

O42 - Logiciel: Adobe Flash Player 17 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 18 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI

O42 - Logiciel: Adobe Shockwave Player 12.0 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Shockwave Player

O42 - Logiciel: Avira Antivirus v15.0.11.574 - (.Avira Operations GmbH & Co. KG.) [HKLM][64Bits] -- Avira Antivirus

O42 - Logiciel: BurnAware Free 6.4 - (.Burnaware.) [HKLM][64Bits] -- BurnAware Free_is1

O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5

O42 - Logiciel: Firebird 2.5.0.26074 (Win32) - (.Firebird Project.) [HKLM][64Bits] -- FBDBServer_2_5_is1

O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome

O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014

O42 - Logiciel: IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2015

O42 - Logiciel: K-Lite Codec Pack 10.0.0 Full - (...) [HKLM][64Bits] -- KLiteCodecPack_is1

O42 - Logiciel: Mozilla Firefox 39.0 (x86 pt-BR) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 39.0 (x86 pt-BR)

O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService

O42 - Logiciel: Notepad++ - (.Notepad++ Team.) [HKLM][64Bits] -- Notepad++

O42 - Logiciel: Paltalk Messenger 11.6 - (.AVM Software Inc..) [HKLM][64Bits] -- Paltalk Messenger

O42 - Logiciel: VMware Player - (.VMware, Inc.) [HKLM][64Bits] -- VMware_Player

O42 - Logiciel: wc3270 3.3.9ga12 - (.Paul Mattes.) [HKLM][64Bits] -- wc3270_is1

O42 - Logiciel: WinRAR 4.20 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver

O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {0A5B39D2-7ED6-4779-BCC9-37F381139DB3}

O42 - Logiciel: Tools for .Net 3.5 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1690CE56-2231-4E59-9006-A0876D949EA8}

O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}

O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}

O42 - Logiciel: Skype™ 7.1 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}

O42 - Logiciel: Java 8 Update 45 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83218045F0}

O42 - Logiciel: ConvertHelper 2.2 - (.DownloadHelper.) [HKLM][64Bits] -- {27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1

O42 - Logiciel: Prerequisites for SSDT - (.Microsoft Corporation.) [HKLM][64Bits] -- {35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}

O42 - Logiciel: AzureTools.Notifications.VwdExpress - (.Microsoft Corporation.) [HKLM][64Bits] -- {4C4FEB30-6A9F-402F-8E17-6C4C67AB3498}

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}

O42 - Logiciel: Microsoft Web Developer Tools 2013 - Visual Studio Express 2013 for Web - (.Microsoft Corporation.) [HKLM][64Bits] -- {71C8577C-B482-46A0-A89A-2527D5968A6C}

O42 - Logiciel: Avira v1.1.40.29239 - (.Avira Operations GmbH & Co. KG.) [HKLM][64Bits] -- {8467e01f-0496-42ce-b247-88ef205b4880}

O42 - Logiciel: Update for Skype for Business 2015 (KB3054791) 32-Bit Edition - (.Microsoft.) [HKLM][64Bits] -- {90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}

O42 - Logiciel: Microsoft Access MUI (Portuguese (Brazil)) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0015-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Excel MUI (Portuguese (Brazil)) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0016-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft PowerPoint MUI (Portuguese (Brazil)) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0018-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Publisher MUI (Portuguese (Brazil)) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0019-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Outlook MUI (Portuguese (Brazil)) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001A-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Word MUI (Portuguese (Brazil)) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001B-0416-0000-0000000FF1CE}

O42 - Logiciel: Update for Skype for Business 2015 (KB3054791) 32-Bit Edition - (.Microsoft.) [HKLM][64Bits] -- {90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}

O42 - Logiciel: Microsoft InfoPath MUI (Portuguese (Brazil)) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0044-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft DCF MUI (Portuguese (Brazil)) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0090-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft OneNote MUI (Portuguese (Brazil)) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00A1-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Groove MUI (Portuguese (Brazil)) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00BA-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Lync MUI (Portuguese (Brazil)) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-012B-0416-0000-0000000FF1CE}

O42 - Logiciel: Update for Skype for Business 2015 (KB3054791) 32-Bit Edition - (.Microsoft.) [HKLM][64Bits] -- {90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}

O42 - Logiciel: Update for Skype for Business 2015 (KB2889853) 32-Bit Edition - (.Microsoft.) [HKLM][64Bits] -- {90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUS_{B36586AD-3256-47B6-8AE7-FA0D8727D7C2}

O42 - Logiciel: Build Tools Language Resources - x86 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9347889B-C22A-3905-901F-C05D8F73C929}

O42 - Logiciel: Claro 3G - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}

O42 - Logiciel: Avira v1.1.40.29239 - (.Avira Operations GmbH & Co. KG.) [HKLM][64Bits] -- {A4D3E7B8-410D-443A-B6AB-F32CDD4BD28C}

O42 - Logiciel: MSI to redistribute MS VS2005 CRT libraries - (.The Firebird Project.) [HKLM][64Bits] -- {A8D93648-9F7F-407D-915C-62044644C3DA}

O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001802114130}

O42 - Logiciel: Adobe Reader XI (11.0.11) - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AB0000000001}

O42 - Logiciel: Microsoft NuGet - Visual Studio Express 2013 for Web - (.Microsoft Corporation.) [HKLM][64Bits] -- {C4CBD722-258D-4367-B3D7-9D11FBACB44A}

O42 - Logiciel: Update for (KB2504637) - (.Microsoft Corporation.) [HKLM][64Bits] -- {CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637

O42 - Logiciel: Build Tools - x86 - (.Microsoft Corporation.) [HKLM][64Bits] -- {FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}

O42 - Logiciel: Gerenciador de Downloads - (.Level Up! Gerenciador.) [HKCU][64Bits] -- a54e16f5d00985b6

O42 - Logiciel: Unity Web Player - (.Unity Technologies ApS.) [HKCU][64Bits] -- UnityWebPlayer


---\\ HKCU & HKLM Software Keys (71) - 6s

HKLM\SOFTWARE\Wow6432Node\Adobe

HKLM\SOFTWARE\Wow6432Node\AppDataLow

HKLM\SOFTWARE\Wow6432Node\Avira

HKLM\SOFTWARE\Wow6432Node\Claro 3G

HKLM\SOFTWARE\Wow6432Node\Data Fellows

HKLM\SOFTWARE\Wow6432Node\DCoder

HKLM\SOFTWARE\Wow6432Node\DownloadHelper

HKLM\SOFTWARE\Wow6432Node\Firebird Project

HKLM\SOFTWARE\Wow6432Node\GNU

HKLM\SOFTWARE\Wow6432Node\Google

HKLM\SOFTWARE\Wow6432Node\HaaliMkx

HKLM\SOFTWARE\Wow6432Node\Huawei technologies

HKLM\SOFTWARE\Wow6432Node\IM Providers

HKLM\SOFTWARE\Wow6432Node\Intel

HKLM\SOFTWARE\Wow6432Node\JavaSoft

HKLM\SOFTWARE\Wow6432Node\JreMetrics

HKLM\SOFTWARE\Wow6432Node\KLCodecPack

HKLM\SOFTWARE\Wow6432Node\LAV

HKLM\SOFTWARE\Wow6432Node\Macromedia

HKLM\SOFTWARE\Wow6432Node\Mozilla

HKLM\SOFTWARE\Wow6432Node\mozilla.org

HKLM\SOFTWARE\Wow6432Node\MozillaPlugins

HKLM\SOFTWARE\Wow6432Node\Notepad++

HKLM\SOFTWARE\Wow6432Node\NuGet

HKLM\SOFTWARE\Wow6432Node\ODBC

HKLM\SOFTWARE\Wow6432Node\SAM2

HKLM\SOFTWARE\Wow6432Node\Skype

HKLM\SOFTWARE\Wow6432Node\SpacialAudio

HKLM\SOFTWARE\Wow6432Node\ThinPrint

HKLM\SOFTWARE\Wow6432Node\VMware, Inc.

HKLM\SOFTWARE\Wow6432Node\WinRAR

HKLM\SOFTWARE\Wow6432Node\X-AVCSD

HKLM\SOFTWARE\Wow6432Node\ZTEUSBDriverFlag

HKLM\SOFTWARE\Wow6432Node\RegisteredApplications

HKCU\SOFTWARE\7-Zip

HKCU\SOFTWARE\Adobe

HKCU\SOFTWARE\APN PIP =>PUP.Optional.Conduit

HKCU\SOFTWARE\AppDataLow

HKCU\SOFTWARE\Avira

HKCU\SOFTWARE\Gabest

HKCU\SOFTWARE\GNU

HKCU\SOFTWARE\Google

HKCU\SOFTWARE\Haali

HKCU\SOFTWARE\Icaros

HKCU\SOFTWARE\IM Providers

HKCU\SOFTWARE\Intel

HKCU\SOFTWARE\JavaSoft

HKCU\SOFTWARE\Macromedia

HKCU\SOFTWARE\MCAFEE

HKCU\SOFTWARE\MediaInfo

HKCU\SOFTWARE\Mozilla

HKCU\SOFTWARE\MozillaPlugins

HKCU\SOFTWARE\Netscape

HKCU\SOFTWARE\ODBC

HKCU\SOFTWARE\Overwolf

HKCU\SOFTWARE\Paltalk

HKCU\SOFTWARE\Piriform

HKCU\SOFTWARE\pth264

HKCU\SOFTWARE\QtProject

HKCU\SOFTWARE\SimonTatham

HKCU\SOFTWARE\Skype

HKCU\SOFTWARE\Softonic =>PUP.Optional.Softonic

HKCU\SOFTWARE\Trolltech

HKCU\SOFTWARE\Unity

HKCU\SOFTWARE\VMware, Inc.

HKCU\SOFTWARE\WinRAR

HKCU\SOFTWARE\WinRAR SFX

HKCU\SOFTWARE\ZebHelpProcess Helper

HKCU\SOFTWARE\AppDataLow\Software

HKCU\SOFTWARE\AppDataLow\Software\JavaSoft

HKCU\SOFTWARE\AppDataLow\Software\Unity


---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43) (192) - 8s

O43 - CFD: 2013/11/12 09:12:16 - [] D -- C:\Program Files (x86)\Adobe

O43 - CFD: 2015/07/03 17:56:11 - [] D -- C:\Program Files (x86)\Avira

O43 - CFD: 2013/11/12 09:10:55 - [] D -- C:\Program Files (x86)\BurnAware Free

O43 - CFD: 2015/07/07 20:02:51 - [] D -- C:\Program Files (x86)\Claro 3G

O43 - CFD: 2015/05/05 23:48:16 - [] D -- C:\Program Files (x86)\Common Files

O43 - CFD: 2014/01/23 15:27:42 - [] D -- C:\Program Files (x86)\ConvertHelper

O43 - CFD: 2014/06/27 10:45:56 - [] D -- C:\Program Files (x86)\eclipse-SDK-4-2-1-win32-x86_64

O43 - CFD: 2014/02/22 02:08:05 - [] D -- C:\Program Files (x86)\Firebird

O43 - CFD: 2014/06/23 12:43:49 - [] D -- C:\Program Files (x86)\Google

O43 - CFD: 2014/02/06 23:45:36 - [] D -- C:\Program Files (x86)\IIS

O43 - CFD: 2014/02/07 00:27:03 - [] D -- C:\Program Files (x86)\IIS Express

O43 - CFD: 2014/09/22 18:02:48 - [] D -- C:\Program Files (x86)\InstallAffixationInfo

O43 - CFD: 2015/04/14 21:26:55 - [] HD -- C:\Program Files (x86)\InstallJammer Registry

O43 - CFD: 2014/09/22 18:02:12 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD: 2015/06/10 12:29:38 - [] D -- C:\Program Files (x86)\Internet Explorer

O43 - CFD: 2015/05/05 23:46:34 - [] D -- C:\Program Files (x86)\Java

O43 - CFD: 2013/11/12 09:11:08 - [] D -- C:\Program Files (x86)\K-Lite Codec Pack

O43 - CFD: 2013/11/12 10:33:22 - [] D -- C:\Program Files (x86)\Microsoft Analysis Services

O43 - CFD: 2014/02/07 10:35:31 - [] D -- C:\Program Files (x86)\Microsoft ASP.NET

O43 - CFD: 2014/02/06 22:40:16 - [] D -- C:\Program Files (x86)\Microsoft Help Viewer

O43 - CFD: 2013/11/12 10:33:45 - [] D -- C:\Program Files (x86)\Microsoft Office

O43 - CFD: 2014/02/07 15:16:54 - [] D -- C:\Program Files (x86)\Microsoft SDKs

O43 - CFD: 2015/05/12 23:48:48 - [] D -- C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD: 2014/02/07 15:06:01 - [] D -- C:\Program Files (x86)\Microsoft SQL Server

O43 - CFD: 2014/02/06 16:02:19 - [] D -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

O43 - CFD: 2014/02/07 15:41:45 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio 12.0

O43 - CFD: 2014/02/07 00:19:54 - [] D -- C:\Program Files (x86)\Microsoft Web Tools

O43 - CFD: 2014/05/20 16:15:16 - [] D -- C:\Program Files (x86)\Microsoft.NET

O43 - CFD: 2014/09/22 22:51:05 - [] D -- C:\Program Files (x86)\Mobile Partner

O43 - CFD: 2015/07/04 15:44:11 - [] D -- C:\Program Files (x86)\Mozilla Firefox

O43 - CFD: 2015/07/04 15:44:11 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service

O43 - CFD: 2014/02/06 19:29:23 - [] D -- C:\Program Files (x86)\MSBuild

O43 - CFD: 2014/10/16 17:59:25 - [] D -- C:\Program Files (x86)\Notepad++

O43 - CFD: 2014/02/07 00:30:03 - [] D -- C:\Program Files (x86)\NuGet

O43 - CFD: 2013/12/14 17:00:22 - [] D -- C:\Program Files (x86)\Oi

O43 - CFD: 2014/03/18 14:49:04 - [] D -- C:\Program Files (x86)\Overwolf

O43 - CFD: 2015/05/11 16:52:24 - [] D -- C:\Program Files (x86)\Paltalk Messenger

O43 - CFD: 2014/02/06 13:40:07 - [] D -- C:\Program Files (x86)\PHP

O43 - CFD: 2015/04/14 21:26:45 - [] D -- C:\Program Files (x86)\Programas RFB

O43 - CFD: 2009/07/14 02:32:38 - [] D -- C:\Program Files (x86)\Reference Assemblies

O43 - CFD: 2015/02/23 21:38:21 - [] RD -- C:\Program Files (x86)\Skype

O43 - CFD: 2014/02/22 02:08:51 - [] D -- C:\Program Files (x86)\SpacialAudio

O43 - CFD: 2009/07/14 01:57:06 - [0] HD -- C:\Program Files (x86)\Uninstall Information

O43 - CFD: 2014/12/18 15:07:32 - [] D -- C:\Program Files (x86)\VMware

O43 - CFD: 2015/03/02 09:38:41 - [] D -- C:\Program Files (x86)\wc3270

O43 - CFD: 2013/12/20 15:42:48 - [] D -- C:\Program Files (x86)\Windows Defender

O43 - CFD: 2014/02/07 15:31:05 - [] D -- C:\Program Files (x86)\Windows Kits

O43 - CFD: 2013/11/12 15:58:53 - [] D -- C:\Program Files (x86)\Windows Mail

O43 - CFD: 2015/06/10 12:29:56 - [] D -- C:\Program Files (x86)\Windows Media Player

O43 - CFD: 2009/07/14 02:32:38 - [] D -- C:\Program Files (x86)\Windows NT

O43 - CFD: 2013/11/12 15:58:53 - [] D -- C:\Program Files (x86)\Windows Photo Viewer

O43 - CFD: 2013/11/12 15:58:53 - [] D -- C:\Program Files (x86)\Windows Portable Devices

O43 - CFD: 2013/11/12 15:58:53 - [] D -- C:\Program Files (x86)\Windows Sidebar

O43 - CFD: 2013/11/12 09:10:03 - [] D -- C:\Program Files (x86)\WinRAR

O43 - CFD: 2014/06/26 18:33:14 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

O43 - CFD: 2013/11/12 09:03:36 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 2014/02/05 19:25:52 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 2015/07/03 17:56:14 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

O43 - CFD: 2013/11/12 09:10:55 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free

O43 - CFD: 2015/01/23 12:15:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

O43 - CFD: 2014/09/22 18:02:13 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro 3G

O43 - CFD: 2014/02/22 02:08:07 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32)

O43 - CFD: 2013/11/12 09:03:34 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

O43 - CFD: 2013/11/12 09:18:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

O43 - CFD: 2014/08/05 17:11:21 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

O43 - CFD: 2014/09/03 19:08:54 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit

O43 - CFD: 2013/11/12 09:11:15 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

O43 - CFD: 2009/07/14 01:57:09 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 2014/06/10 20:24:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

O43 - CFD: 2015/06/12 02:46:47 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

O43 - CFD: 2015/05/12 23:49:40 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

O43 - CFD: 2014/02/12 13:57:41 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

O43 - CFD: 2015/04/14 21:26:48 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB

O43 - CFD: 2014/02/22 02:08:53 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster

O43 - CFD: 2014/10/03 16:44:20 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

O43 - CFD: 2014/06/10 20:24:40 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 2009/07/14 15:11:46 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC

O43 - CFD: 2013/12/20 19:34:30 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

O43 - CFD: 2014/02/06 23:11:31 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013

O43 - CFD: 2015/03/02 09:38:34 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wc3270

O43 - CFD: 2013/11/12 09:10:03 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

O43 - CFD: 2014/09/06 00:34:13 - [] D -- C:\ProgramData\.mono

O43 - CFD: 2013/12/13 18:51:07 - [] D -- C:\ProgramData\Adobe

O43 - CFD: 2009/07/14 02:08:56 - [0] SHD -- C:\ProgramData\Application Data

O43 - CFD: 2015/06/16 20:19:12 - [] D -- C:\ProgramData\Avira

O43 - CFD: 2013/11/12 09:06:26 - [0] SHD -- C:\ProgramData\Dados de aplicativos

O43 - CFD: 2009/07/14 02:08:56 - [0] SHD -- C:\ProgramData\Desktop

O43 - CFD: 2013/11/12 09:06:26 - [0] SHD -- C:\ProgramData\Documentos

O43 - CFD: 2009/07/14 02:08:56 - [0] SHD -- C:\ProgramData\Documents

O43 - CFD: 2015/07/07 19:36:35 - [] D -- C:\ProgramData\F-Secure

O43 - CFD: 2009/07/14 02:08:56 - [0] SHD -- C:\ProgramData\Favorites

O43 - CFD: 2013/11/12 09:06:26 - [0] SHD -- C:\ProgramData\Favoritos

O43 - CFD: 2014/05/25 21:39:02 - [] D -- C:\ProgramData\firebird

O43 - CFD: 2014/06/23 12:43:52 - [] D -- C:\ProgramData\Google

O43 - CFD: 2014/12/15 09:21:50 - [] D -- C:\ProgramData\levelup downloader

O43 - CFD: 2013/12/14 16:56:59 - [] D -- C:\ProgramData\LightComm

O43 - CFD: 2014/02/12 18:54:36 - [] D -- C:\ProgramData\McAfee

O43 - CFD: 2014/06/10 20:24:40 - [] D -- C:\ProgramData\McAfee Security Scan

O43 - CFD: 2013/11/12 09:06:26 - [0] SHD -- C:\ProgramData\Menu Iniciar

O43 - CFD: 2015/04/13 17:02:57 - [] SD -- C:\ProgramData\Microsoft

O43 - CFD: 2015/06/12 02:47:26 - [] D -- C:\ProgramData\Microsoft Help

O43 - CFD: 2013/11/12 09:06:26 - [0] SHD -- C:\ProgramData\Modelos

O43 - CFD: 2013/12/26 10:20:55 - [] D -- C:\ProgramData\Mozilla

O43 - CFD: 2014/02/07 00:30:03 - [] D -- C:\ProgramData\NuGet

O43 - CFD: 2015/05/05 23:53:33 - [] D -- C:\ProgramData\Oracle

O43 - CFD: 2014/02/05 12:13:46 - [] D -- C:\ProgramData\Overwolf

O43 - CFD: 2015/07/03 17:56:22 - [] D -- C:\ProgramData\Package Cache

O43 - CFD: 2014/02/06 13:45:08 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft

O43 - CFD: 2015/02/23 21:38:15 - [] D -- C:\ProgramData\Skype

O43 - CFD: 2009/07/14 02:08:56 - [0] SHD -- C:\ProgramData\Start Menu

O43 - CFD: 2014/02/15 12:32:43 - [] D -- C:\ProgramData\Sun

O43 - CFD: 2009/07/14 02:08:56 - [0] SHD -- C:\ProgramData\Templates

O43 - CFD: 2015/07/07 13:32:32 - [] D -- C:\ProgramData\VMware

O43 - CFD: 2014/09/06 22:22:00 - [] D -- C:\Program Files (x86)\Common Files\Adobe

O43 - CFD: 2013/11/12 09:11:59 - [] D -- C:\Program Files (x86)\Common Files\Adobe AIR

O43 - CFD: 2013/11/12 10:34:00 - [] D -- C:\Program Files (x86)\Common Files\DESIGNER

O43 - CFD: 2015/05/05 23:48:16 - [] D -- C:\Program Files (x86)\Common Files\Java

O43 - CFD: 2014/05/20 16:14:50 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD: 2014/03/18 14:49:04 - [0] D -- C:\Program Files (x86)\Common Files\Overwolf

O43 - CFD: 2009/07/14 00:20:08 - [] D -- C:\Program Files (x86)\Common Files\Services

O43 - CFD: 2014/10/03 16:44:18 - [] D -- C:\Program Files (x86)\Common Files\Skype

O43 - CFD: 2009/07/14 00:20:08 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD: 2013/12/20 15:42:55 - [] D -- C:\Program Files (x86)\Common Files\System

O43 - CFD: 2014/12/18 15:07:32 - [] D -- C:\Program Files (x86)\Common Files\VMware

O43 - CFD: 2014/09/06 00:34:13 - [] D -- C:\Users\Ivan\AppData\Roaming\.mono

O43 - CFD: 2014/12/11 13:29:05 - [] D -- C:\Users\Ivan\AppData\Roaming\Adobe

O43 - CFD: 2015/04/07 11:27:38 - [] D -- C:\Users\Ivan\AppData\Roaming\Avira

O43 - CFD: 2015/04/16 15:22:56 - [] D -- C:\Users\Ivan\AppData\Roaming\gtk-2.0

O43 - CFD: 2013/11/12 09:07:09 - [] D -- C:\Users\Ivan\AppData\Roaming\Identities

O43 - CFD: 2014/10/22 13:36:21 - [] D -- C:\Users\Ivan\AppData\Roaming\KompoZer

O43 - CFD: 2013/11/12 09:11:51 - [] D -- C:\Users\Ivan\AppData\Roaming\Macromedia

O43 - CFD: 2009/07/14 15:11:46 - [0] D -- C:\Users\Ivan\AppData\Roaming\Media Center Programs

O43 - CFD: 2015/06/18 14:32:25 - [] D -- C:\Users\Ivan\AppData\Roaming\Media Player Classic

O43 - CFD: 2015/06/15 11:52:59 - [] SD -- C:\Users\Ivan\AppData\Roaming\Microsoft

O43 - CFD: 2013/12/26 10:21:11 - [] D -- C:\Users\Ivan\AppData\Roaming\Mozilla

O43 - CFD: 2014/10/17 15:32:33 - [] D -- C:\Users\Ivan\AppData\Roaming\Notepad++

O43 - CFD: 2014/02/10 11:50:31 - [] D -- C:\Users\Ivan\AppData\Roaming\NuGet

O43 - CFD: 2015/05/11 16:58:23 - [] D -- C:\Users\Ivan\AppData\Roaming\Paltalk

O43 - CFD: 2014/04/07 19:02:50 - [] D -- C:\Users\Ivan\AppData\Roaming\SecondLife

O43 - CFD: 2015/03/09 15:59:12 - [] D -- C:\Users\Ivan\AppData\Roaming\Skype

O43 - CFD: 2015/07/04 23:33:55 - [] D -- C:\Users\Ivan\AppData\Roaming\TS3Client

O43 - CFD: 2013/12/20 20:31:26 - [] D -- C:\Users\Ivan\AppData\Roaming\Unity

O43 - CFD: 2014/12/23 20:06:23 - [0] D -- C:\Users\Ivan\AppData\Roaming\VMware

O43 - CFD: 2014/11/03 10:24:43 - [0] D -- C:\Users\Ivan\AppData\Roaming\wc3270

O43 - CFD: 2013/11/12 09:19:25 - [] D -- C:\Users\Ivan\AppData\Roaming\WinRAR

O43 - CFD: 2015/07/08 00:45:24 - [] D -- C:\Users\Ivan\AppData\Roaming\ZHP

O43 - CFD: 2015/06/20 19:00:11 - [] D -- C:\Users\Ivan\AppData\Local\Adobe

O43 - CFD: 2014/08/30 20:23:20 - [] D -- C:\Users\Ivan\AppData\Local\Apps

O43 - CFD: 2014/02/12 12:47:52 - [] D -- C:\Users\Ivan\AppData\Local\assembly

O43 - CFD: 2014/08/16 16:46:16 - [] D -- C:\Users\Ivan\AppData\Local\Chat Republic Games

O43 - CFD: 2013/11/12 09:06:38 - [0] SHD -- C:\Users\Ivan\AppData\Local\Dados de aplicativos

O43 - CFD: 2015/03/02 17:07:10 - [0] D -- C:\Users\Ivan\AppData\Local\Deployment

O43 - CFD: 2014/09/14 14:24:46 - [0] D -- C:\Users\Ivan\AppData\Local\Diagnostics

O43 - CFD: 2014/01/15 13:23:08 - [0] D -- C:\Users\Ivan\AppData\Local\ElevatedDiagnostics

O43 - CFD: 2014/11/18 18:00:11 - [] SHD -- C:\Users\Ivan\AppData\Local\EmieBrowserModeList

O43 - CFD: 2014/04/22 23:14:37 - [] SHD -- C:\Users\Ivan\AppData\Local\EmieSiteList

O43 - CFD: 2014/04/22 23:14:38 - [] SHD -- C:\Users\Ivan\AppData\Local\EmieUserList

O43 - CFD: 2014/04/19 19:15:08 - [] D -- C:\Users\Ivan\AppData\Local\fontconfig

O43 - CFD: 2014/04/19 19:15:06 - [] D -- C:\Users\Ivan\AppData\Local\gegl-0.2

O43 - CFD: 2013/11/12 09:18:58 - [] D -- C:\Users\Ivan\AppData\Local\Google

O43 - CFD: 2015/06/05 21:42:33 - [] D -- C:\Users\Ivan\AppData\Local\GWX

O43 - CFD: 2013/11/12 09:06:38 - [0] SHD -- C:\Users\Ivan\AppData\Local\Histórico

O43 - CFD: 2014/12/15 09:22:06 - [] D -- C:\Users\Ivan\AppData\Local\IsolatedStorage

O43 - CFD: 2014/02/12 21:09:35 - [] D -- C:\Users\Ivan\AppData\Local\Macromedia

O43 - CFD: 2015/06/15 11:52:59 - [] D -- C:\Users\Ivan\AppData\Local\Microsoft

O43 - CFD: 2014/08/09 22:03:33 - [] D -- C:\Users\Ivan\AppData\Local\Microsoft Games

O43 - CFD: 2015/06/15 21:53:14 - [] D -- C:\Users\Ivan\AppData\Local\Microsoft Help

O43 - CFD: 2013/12/26 10:21:11 - [] D -- C:\Users\Ivan\AppData\Local\Mozilla

O43 - CFD: 2014/03/18 13:10:24 - [] D -- C:\Users\Ivan\AppData\Local\Overwolf

O43 - CFD: 2013/11/12 09:10:31 - [] D -- C:\Users\Ivan\AppData\Local\Programs

O43 - CFD: 2014/03/18 14:36:05 - [] D -- C:\Users\Ivan\AppData\Local\Purplizer

O43 - CFD: 2014/04/07 19:03:55 - [] D -- C:\Users\Ivan\AppData\Local\SingularityViewer64

O43 - CFD: 2014/03/14 19:58:52 - [] D -- C:\Users\Ivan\AppData\Local\Skype

O43 - CFD: 2015/07/08 00:44:57 - [] D -- C:\Users\Ivan\AppData\Local\Temp

O43 - CFD: 2013/11/12 09:06:38 - [0] SHD -- C:\Users\Ivan\AppData\Local\Temporary Internet Files

O43 - CFD: 2014/09/03 20:43:22 - [] D -- C:\Users\Ivan\AppData\Local\Unity

O43 - CFD: 2015/07/07 20:01:37 - [] D -- C:\Users\Ivan\AppData\Local\VirtualStore

O43 - CFD: 2014/12/23 20:06:31 - [0] D -- C:\Users\Ivan\AppData\Local\VMware

O43 - CFD: 2014/04/19 20:40:57 - [] D -- C:\Users\Ivan\AppData\Local\webkit

O43 - CFD: 2009/07/14 01:54:32 - [] RD -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 2015/03/10 21:37:53 - [] RD -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 2014/10/03 17:31:18 - [] D -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

O43 - CFD: 2015/02/06 16:37:52 - [] D -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Level up

O43 - CFD: 2014/12/15 09:21:16 - [] D -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Level Up! Gerenciador

O43 - CFD: 2009/07/14 01:49:38 - [] RD -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 2014/02/12 13:57:41 - [0] D -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

O43 - CFD: 2015/05/11 16:52:27 - [] D -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger

O43 - CFD: 2015/04/14 21:25:54 - [] D -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014

O43 - CFD: 2015/04/14 21:26:14 - [] D -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2015

O43 - CFD: 2015/05/11 16:52:27 - [] RD -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 2014/08/16 16:46:22 - [] D -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Superstar Racing

O43 - CFD: 2013/11/12 09:10:03 - [] D -- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR


---\\ Lista dos drivers do sistema (SDL) (O58) (64) - 4s

O58 - SDL:2009/07/13 22:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088]

O58 - SDL:2009/07/13 22:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536]

O58 - SDL:2009/07/13 22:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864]

O58 - SDL:2009/07/13 22:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440]

O58 - SDL:2011/03/11 03:41:12 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904]

O58 - SDL:2009/07/13 22:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128]

O58 - SDL:2011/03/11 03:41:12 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008]

O58 - SDL:2009/07/13 22:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632]

O58 - SDL:2009/07/13 22:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856]

O58 - SDL:2005/03/29 00:30:38 A . (. - ATK0110 ACPI Utility.) -- C:\Windows\System32\drivers\ASACPI.sys [8192]

O58 - SDL:2015/06/18 21:41:33 A . (.Avira Operations GmbH & Co. KG - Avira Minifilter Driver.) -- C:\Windows\System32\drivers\avgntflt.sys [153256]

O58 - SDL:2015/06/18 21:41:33 A . (.Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement.) -- C:\Windows\System32\drivers\avipbb.sys [132656]

O58 - SDL:2013/12/13 14:11:18 A . (.Avira Operations GmbH & Co. KG - Avira Manager Driver.) -- C:\Windows\System32\drivers\avkmgr.sys [28600]

O58 - SDL:2015/03/10 09:18:52 A . (.Avira Operations GmbH & Co. KG - Avira WFP Network Driver.) -- C:\Windows\System32\drivers\avnetflt.sys [44088]

O58 - SDL:2009/06/10 17:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848]

O58 - SDL:2009/06/10 17:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432]

O58 - SDL:2009/06/10 17:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704]

O58 - SDL:2009/07/13 22:19:07 A . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720]

O58 - SDL:2009/06/10 17:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104]

O58 - SDL:2009/06/10 17:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976]

O58 - SDL:2009/06/10 17:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720]

O58 - SDL:2009/06/10 17:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480]

O58 - SDL:2009/07/13 22:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488]

O58 - SDL:2009/07/13 22:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496]

O58 - SDL:2009/06/10 17:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016]

O58 - SDL:2014/02/27 17:40:32 A . (.VMware, Inc. - VMware USB monitor.) -- C:\Windows\System32\drivers\hcmon.sys [54464]

O58 - SDL:2009/06/10 17:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232]

O58 - SDL:2010/11/20 04:33:36 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720]

O58 - SDL:2011/03/11 03:41:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496]

O58 - SDL:2009/09/23 18:23:02 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd64.sys [6180832]

O58 - SDL:2009/07/13 22:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112]

O58 - SDL:2009/07/13 22:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752]

O58 - SDL:2009/07/13 22:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560]

O58 - SDL:2009/07/13 22:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600]

O58 - SDL:2009/07/13 22:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776]

O58 - SDL:2011/08/29 11:42:56 A . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\drivers\massfilter.sys [11776]

O58 - SDL:2009/07/13 22:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392]

O58 - SDL:2009/07/13 22:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736]

O58 - SDL:2009/07/13 22:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264]

O58 - SDL:2011/03/11 03:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352]

O58 - SDL:2011/03/11 03:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272]

O58 - SDL:2009/07/13 22:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816]

O58 - SDL:2009/07/13 22:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592]

O58 - SDL:2009/06/10 17:35:42 A . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 64-bit Dr.) -- C:\Windows\System32\drivers\Rt64win7.sys [187392]

O58 - SDL:2009/06/10 17:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040]

O58 - SDL:2009/07/13 22:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584]

O58 - SDL:2009/07/13 22:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464]

O58 - SDL:2009/06/10 18:01:14 A . (.Motorola Inc. - Motorola SM56 Modem WDM Driver.) -- C:\Windows\System32\drivers\SmSerl64.sys [1227776]

O58 - SDL:2009/07/13 22:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656]

O58 - SDL:2011/12/05 10:39:50 A . (.MediaTek Inc. - MediaTek USB to Com Port Driver.) -- C:\Windows\System32\drivers\usb2ser.sys [43128]

O58 - SDL:2009/07/13 22:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488]

O58 - SDL:2013/10/08 17:21:06 A . (.VMware, Inc. - VMware PCI VMCI Bus Device.) -- C:\Windows\System32\drivers\vmci.sys [85584]

O58 - SDL:2014/06/12 17:21:58 A . (.VMware, Inc. - VMware keyboard filter driver (64-bit).) -- C:\Windows\System32\drivers\VMkbd.sys [33496]

O58 - SDL:2014/06/12 17:22:02 A . (.VMware, Inc. - VMware virtual network driver (64-bit).) -- C:\Windows\System32\drivers\vmnet.sys [24656]

O58 - SDL:2014/06/12 17:22:02 A . (.VMware, Inc. - VMware virtual network adapter driver (64-b.) -- C:\Windows\System32\drivers\vmnetadapter.sys [20560]

O58 - SDL:2014/06/12 17:22:02 A . (.VMware, Inc. - VMware bridge driver (64-bit).) -- C:\Windows\System32\drivers\vmnetbridge.sys [46160]

O58 - SDL:2014/06/12 17:22:50 A . (.VMware, Inc. - VMware network application interface driver.) -- C:\Windows\System32\drivers\vmnetuserif.sys [31448]

O58 - SDL:2014/06/12 17:22:42 A . (.VMware, Inc. - VMware parallel port driver.) -- C:\Windows\System32\drivers\VMparport.sys [32472]

O58 - SDL:2014/06/12 17:23:04 A . (.VMware, Inc. - VMware kernel driver.) -- C:\Windows\System32\drivers\vmx86.sys [64728]

O58 - SDL:2009/07/13 22:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872]

O58 - SDL:2013/10/08 17:21:10 A . (.VMware, Inc. - VMware vSockets Service.) -- C:\Windows\System32\drivers\vsock.sys [73296]

O58 - SDL:2011/08/29 11:42:56 A . (.ZTE Incorporated - ZTE Incorporated.) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys [123264]

O58 - SDL:2011/08/29 11:42:56 A . (.ZTE Incorporated - ZTE Incorporated.) -- C:\Windows\System32\drivers\ZTEusbnmea.sys [123264]

O58 - SDL:2011/08/29 11:42:56 A . (.ZTE Incorporated - ZTE Incorporated.) -- C:\Windows\System32\drivers\ZTEusbser6k.sys [123264]


---\\ Últimos ficheiros alterados ou criados (Utilizador) (061) (1) - 148s

O61 - LFC: 2015/07/08 00:33:15 A . (..) -- C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]


---\\ Associações Shell Spawning (O67) (9) - 0s

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S


---\\ Menu de inicialização Internet (068) (12) - 1s

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe


---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069) (1) - 5s

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/


---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83) (32) - 2s

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [72192]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [80384]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [80384]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\system32\srvsvc.dll [236032]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [777728]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [859648]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [680960]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acess.) -- C:\Windows\System32\rasauto.dll [99328]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [344064]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [97792]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistem.) -- C:\Windows\System32\Sens.dll [64512]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [359424]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windo.) -- C:\Windows\System32\tapisrv.dll [316928]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor.) -- C:\Windows\System32\termsrv.dll [683520]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [2553856]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de pla.) -- C:\Windows\System32\qmgr.dll [849920]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [370688]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em u.) -- C:\Windows\System32\iphlpsvc.dll [569344]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [30720]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [70144]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\system32\iscsiexe.dll [156672]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\system32\mmcss.dll [67584]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [242688]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho.) -- C:\Windows\System32\SessEnv.dll [121856]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [136704]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [111104]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\system32\schedsvc.dll [1110016]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\system32\kmsvc.dll [90624]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [84480]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [210432]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\system32\themeservice.dll [44544]

O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [100864]


---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados) (17) - 10s

SR - Auto [2014/12/19 07:48:18] [ 81088] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SS - Demand [2015/06/23 23:51:48] [ 268976] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - Auto [2015/06/18 20:48:55] [ 827184] Avira Mail Protection (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe

SR - Auto [2015/06/18 21:06:30] [ 450808] Avira Agendamento (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

SR - Auto [2015/06/18 20:47:10] [ 450808] Avira Real-Time Protection (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

SS - Disabled [2015/06/18 20:51:19] [ 1188360] Avira Web Protection (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

SR - Auto [2015/06/02 17:14:58] [ 217280] Avira Service Host (Avira.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

SR - Auto [2010/09/17 11:14:50] [ 98304] Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe

SR - Demand [2010/09/17 11:14:42] [ 3735552] Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe

SS - Auto [2013/11/12 09:17:33] [ 116648] Serviço do Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - Demand [2013/11/12 09:17:33] [ 116648] Serviço do Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - Demand [2014/06/23 12:43:48] [ 194032] Google Software Updater (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

SS - Demand [2014/04/09 10:13:48] [ 289256] McAfee Security Scan Component Host Service (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe

SS - Demand [2015/07/02 22:45:24] [ 148136] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - Auto [2015/01/02 19:45:12] [ 315488] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SS - Auto [2014/06/12 16:22:10] [ 86744] VMware Authorization Service (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

SR - Auto [2014/02/27 17:40:46] [ 906432] VMware USB Arbitration Service (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe


---\\ Scâner Aditional (088) (2) - 0s

HKCU\SOFTWARE\APN PIP =>PUP.Optional.Conduit

HKCU\SOFTWARE\Softonic =>PUP.Optional.Softonic


---\\ Sumário das deteções encontradas na sua estação (2) - 0s


http://www.nicolascoolman.fr/blog =>PUP.Optional.Softonic


~ End of the scan, 125005 items in 216 seconds (648)(0)()

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite RUY, você já possui instalado o Avira Antivirus v15.0.11.574, portanto desinstale os programas de proteção abaixo:

McAfee Security Scan Plus v3.8.150.1

F-Secure

Baixe: <ZHPFix_Icon_zpsokw8gsh4.jpg>
Estando na página,clique: Download_Icon_zps720da3eb.jpg
Salve na Desktop, instale a ferramenta.
Execute este script na ferramenta ZHPFix.
Copie estas informações que estão em verde para o Bloco de notas.
Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
À seguir, minimize o Bloco de notas.
Script ZHPFix
SysRestore
Proxyfix
P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\buscape.xml
P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mercadolivre.xml
P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-br.xml
P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo-br.xml
O2 - BHO: Skype for Business Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} (Orphean)
O2 - BHO: Java™ Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Orphean)
O2 - BHO: Java™ Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} (Orphean)
HKCU\SOFTWARE\APN PIP =>PUP.Optional.Conduit
HKCU\SOFTWARE\Softonic =>PUP.Optional.Softonic
HKCU\SOFTWARE\APN PIP =>PUP.Optional.Conduit
HKCU\SOFTWARE\Softonic =>PUP.Optional.Softonic
EmptyClsid
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
Abra a ferramenta ZHPFix. <ZHPFix_zps88a4bb81.jpg>
Clique em IMPORTAÇÃO > OK
Clique "GO".
Poste o Relatório!

Um grande abraço.
hi9K69W_zpsewgin980.gif Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.
Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue relatório.

 

Obrigado.

 

Rapport de ZHPFix 2015.7.7.6 par Nicolas Coolman, Update du 07/07/2015
Fichier d'export Registre :
Run by Ivan at 09/07/2015 21:27:33
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 08s)
Prefetcher vazio
========== Chaves do Registo ==========
ELIMINÉ: CLSID BHO: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
ELIMINÉ: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
ELIMINÉ: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
ELIMINÉ: HKCU\SOFTWARE\APN PIP
ELIMINÉ: HKCU\SOFTWARE\Softonic
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (50)
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (71) (10.841.707 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
7 : Chaves do Registo
8 : Valores do Registo
3 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 56s
========== Caminho do ficheiro do relatório ==========
C:\Users\Ivan\AppData\Roaming\ZHP\ZHPFix[R1].txt - 09/07/2015 21:27:44 [1645]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite RUY,

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.
  • Baixe: <adwcleaner_zps702dd724.png> (...par Xplode)
  • Salve-a na sua Desktop (área de trabalho).
  • Feche todos os programas e navegadores de internet abertos.
  • Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
Administrador_zpsd2d1d317.jpg
AdwCleanerexaminar_zpsd5f3cfb4.jpg
  • Clique em Examinar, para iniciar o escaneamento!
AdwCleanerlimpar_zpsec0cb5a1.jpg
  • Ao término, clique em limpar
  • Copie o log ou clique "Relatório".
  • Poste: >>C:\AdwCleaner\AdwCleaner [s0].txt<<

  • Baixe:<ZHPCleaner_zpsad937aa4.jpg> (...by Nicolas Coolman)
  • Na página, clique Download_Icon_zps720da3eb.jpg
  • Salve-a na Desktop (Área de trabalho)
  • Execute ZHPCleaner.exe.
  • Clique "Eu"
d7ef32d891247a8f8eb82506abf57bd6_zpsrzb3
  • Clique Scanner.
9g2LW3p_zpseormtr4k.jpg
  • Ao concluir,clique Reparar.
  • Aguarde a Conclusão !
49038bb041103b5091e80efa77a00a0c_zps0qgi
  • Clique Relatório.
  • Poste o Relatório.
Um grande abraço.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log AdwCleaner

# AdwCleaner v4.208 - Relatório criado 10/07/2015 às 20:32:34
# Atualizado 09/07/2015 por Xplode
# Base de dados : 2015-07-09.2 [servidor]
# Sistema operacional : Windows 7 Home Premium Service Pack 1 (x64)
# Usuário : Ivan - Ivan-PC
# Executando de : C:\Users\ivan\Desktop\AdwCleaner.exe
# Opção : Verificar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Encontrado : C:\Users\Ivan\Documents\radio
***** [ Tarefas agendadas ] *****
***** [ Atalhos ] *****
Atalho Infectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Infectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Infectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Infectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Infectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Infectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Infectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Infectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Infectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v39.0 (x86 pt-BR)
-\\ Google Chrome v43.0.2357.132
*************************
AdwCleaner[R0].txt - [2334 bytes] - [10/07/2015 20:32:34]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2393 bytes] ##########


Log ZHPCleaner


~ ZHPCleaner v2015.7.10.293 by Nicolas Coolman (2015/07/10)
~ Run by ivan (Administrator) (10/07/2015 21:06:58)
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Ivan\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Ivan\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)
---\\ Serviços (0)
~ Nenhum ítem malicioso foi encontrado.
---\\ Navegadores de Internet (0)
~ Nenhum ítem malicioso foi encontrado.
---\\ Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)
---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso foi encontrado.
---\\ Explorer ( Arquivos, Pastas) (179)
MOVIDO pasta: C:\Users\Ivan\Downloads\SoftonicDownloader_para_eclipse.exe [softonic - Softonic Downloader] (PUP.Optional.Softonic)
MOVIDO pasta: C:\Users\Ivan\Downloads\SoftonicDownloader_para_portabletor.exe [softonic - Softonic Downloader] (PUP.Optional.Softonic)
MOVIDO arquivo: C:\Windows\Installer\MSI101C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1033.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI10A6.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI10C9.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI10EF.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1121.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI11EE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1202.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1238.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1289.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI12F5.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI138E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1435.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI148A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI14D2.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI151.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1559.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1769.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1854.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI18BD.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI19EC.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1B82.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1C0C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2063.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI22C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2332.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI24D8.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI259E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI25AA.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2662.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI26C7.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI26DC.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI27B2.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI29F4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2ADF.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2CB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2E1.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI31DE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI347E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI35F3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI387C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI38B2.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI3FB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4231.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4BF3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4C3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI501.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI506.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI515E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI544E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI56EB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI5836.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI590E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI5B3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI5B60.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI5BAF.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI5E2E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI60CE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6267.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI63A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI63E0.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6651.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI66.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI694F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6AA7.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6AD1.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6CC6.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6D2.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6DB4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6F85.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7286.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI744B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7536.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI761B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7764.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI77A7.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI78AD.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI79AB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7DDC.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7FD6.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI80DD.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI811C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI81CB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8302.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI831A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI840C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI85A3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI867D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI867E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI86D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8B7E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8D53.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8E3E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8F0A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8FE6.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI906B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI90B9.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI914D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI91D3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9281.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI930E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9457.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9689.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9717.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI97B4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI989F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI993C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9A08.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9B1.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA1A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA3AE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA3B9.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA4E2.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA60D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA782.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA7C4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIABA7.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB164.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB625.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIBDAA.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIBEAC.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIC0C3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIC208.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIC41A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIC58.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIC7D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICA60.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICA83.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICAFD.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICC08.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICCC4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICD80.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICF35.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICFA3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID07E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID0CA.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID13A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID215.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID33F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID449.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID534.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID72.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDA6.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDC5.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDDDD.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDEB9.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE094.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE262.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE39B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE762.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE7C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE81E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE82.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE976.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIEA32.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIEAAF.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIED3F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIEDB3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIEE1B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF38.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF3D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF51.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF526.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF65F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF697.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF77A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF817.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFA88.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFADD.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFB63.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFB93.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFCCB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFD0D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFD28.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFE13.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFE71.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFF3C.tmp- (Empty)
---\\ Registro ( Chaves, Valores, Dados ) (0)
~ Nenhum ítem malicioso foi encontrado.
---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Google Chrome)
~ Este navegador está faltando ! (Opera Software)
---\\ Estatísticas
~ Items scan : 1553
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 179
End of clean at 21:07:25
===================
ZHPCleaner-[R]-10072015-21_07_25.txt
ZHPCleaner--10072015-21_06_29.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
Relatório correto

# AdwCleaner v4.208 - Relatório criado 10/07/2015 às 20:50:18
# Atualizado 09/07/2015 por Xplode
# Base de dados : 2015-07-10.1 [servidor]
# Sistema operacional : Windows 7 Home Premium Service Pack 1 (x64)
# Usuário : Ivan - IVAN-PC
# Executando de : C:\Users\Ivan\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Excluído : C:\Users\Ivan\Documents\radio
***** [ Tarefas agendadas ] *****
***** [ Atalhos ] *****
Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v39.0 (x86 pt-BR)
-\\ Google Chrome v43.0.2357.132
*************************
AdwCleaner[R0].txt - [2472 bytes] - [10/07/2015 20:32:34]
AdwCleaner[R1].txt - [2531 bytes] - [10/07/2015 20:46:33]
AdwCleaner[s0].txt - [2474 bytes] - [10/07/2015 20:50:18]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2533 bytes] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites
# AdwCleaner v4.208 - Relatório criado 10/07/2015 às 20:50:18

# Atualizado 09/07/2015 por Xplode

# Base de dados : 2015-07-10.1 [servidor]

# Sistema operacional : Windows 7 Home Premium Service Pack 1 (x64)

# Usuário : Ivan - IVAN-PC

# Executando de : C:\Users\Ivan\Desktop\AdwCleaner.exe

# Opção : Limpar


***** [ Serviços ] *****



***** [ Arquivos / Pastas ] *****


Pasta Excluído : C:\Users\Ivan\Documents\radio


***** [ Tarefas agendadas ] *****



***** [ Atalhos ] *****


Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\ivansc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Atalho Desinfectado : C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\Administrador\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk


***** [ Registro ] *****



***** [ Navegadores ] *****


-\\ Internet Explorer v11.0.9600.17840



-\\ Mozilla Firefox v39.0 (x86 pt-BR)



-\\ Google Chrome v43.0.2357.132



*************************


AdwCleaner[R0].txt - [2472 bytes] - [10/07/2015 20:32:34]

AdwCleaner[R1].txt - [2531 bytes] - [10/07/2015 20:46:33]

AdwCleaner[s0].txt - [2474 bytes] - [10/07/2015 20:50:18]


########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2533 bytes] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite RUY,

  • Baixe:<FRST_zpsc32f1d93.gif> <(...by Farbar)>
  • Salve-a na Área de trabalho !
  • Execute a ferramenta ! Clique "Yes" >> "Scan".
FRST_Scan_zps9fkenpwf.jpg
  • Verifique se as caixinhas em "Whitelist" estão assinaladas.
  • Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
  • Marque também a checkbox 90 Days Files
  • Será gerado o relatório! (FRST.txt)
  • Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
  • Acesse: <cjoint_zpse4622b2d.jpg>
  • Ou acesse:<logo_zps572d7597_1.gif>
  • Ou anexe-o ao fórum.
  • Maiores informações:<Link> << Hospedagem !
ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Ivan (administrator) on IVAN-PC on 13-07-2015 22:38:18
Running from C:\Users\Ivan\Desktop
Loaded Profiles: Ivan (Available Profiles: Ivan & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
() C:\Program Files (x86)\Claro 3G\UIMain.exe
() C:\Program Files (x86)\Claro 3G\CMUpdater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2015-05-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {07e7543c-c70a-11e3-b6dd-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {07e75442-c70a-11e3-b6dd-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {159d0521-f8af-11e3-ad2d-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {193604c4-4d4a-11e3-a847-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {19e84295-ccb7-11e3-a5f0-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {19e8429b-ccb7-11e3-a5f0-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1b5eeaba-217c-11e4-aad2-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1b5eeac0-217c-11e4-aad2-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1bacb505-b430-11e3-8e00-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1bacb50e-b430-11e3-8e00-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {36ff097e-4d46-11e3-938a-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {4429fedb-696f-11e3-9e9b-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {4db834ac-aec9-11e3-adbe-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {4db834ae-aec9-11e3-adbe-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9cccf9-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9cccfb-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd03-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd07-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd09-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd0d-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd0f-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {627a7a26-a926-11e3-990e-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {64bb57a2-a4c3-11e3-add2-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {64bb57a7-a4c3-11e3-add2-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {684402d8-aec6-11e3-8084-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {684402dd-aec6-11e3-8084-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6bf2cc7f-85d1-11e3-8e04-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6c32cd41-1d60-11e4-9896-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6c32cd57-1d60-11e4-9896-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6fe376f2-6647-11e3-a2dc-00248cd00264} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6fe376f6-6647-11e3-a2dc-00248cd00264} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {7ec99124-4ca6-11e3-8cc1-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {7ec99143-4ca6-11e3-8cc1-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {8e5c945d-6838-11e3-a83d-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {9f77dfcd-426c-11e4-989e-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {9f77dfd2-426c-11e4-989e-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a22ba801-fd39-11e3-8e4e-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a3b3cddc-429a-11e4-a996-00248cd00264} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a40f5e3f-e6ad-11e3-b685-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a40f5e44-e6ad-11e3-b685-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a6558883-bb83-11e3-8e13-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a6558893-bb83-11e3-8e13-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {aca10495-4c7c-11e3-9f28-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {aca10499-4c7c-11e3-9f28-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {b404fdbd-41c8-11e4-b6b3-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {b404fdcb-41c8-11e4-b6b3-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {bd96ee5a-219e-11e4-992a-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {beef1c1b-6967-11e3-a4bb-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {beefb902-696d-11e3-947c-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c0c16841-4b97-11e3-ba2f-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c4246656-219c-11e4-9d3c-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c462d889-6434-11e3-a823-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c462d892-6434-11e3-a823-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c462d896-6434-11e3-a823-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c8445320-ccc4-11e3-ade1-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c8445327-ccc4-11e3-ade1-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {cfd73058-c19c-11e3-9c94-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {cfd7305e-c19c-11e3-9c94-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d36cbdc3-ec07-11e3-bc24-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d36cbdc8-ec07-11e3-bc24-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d3969f2e-64d8-11e3-92f5-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d3969f32-64d8-11e3-92f5-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56aa-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56ae-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56b0-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56b3-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d4e098dd-3437-11e4-9a51-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d7b51dac-3063-11e4-aa66-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d7b51db1-3063-11e4-aa66-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {e22c68a0-ccb9-11e3-aa2e-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {e22c68a6-ccb9-11e3-aa2e-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {e395ff1c-696e-11e3-af29-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {f8af15e2-e6af-11e3-851a-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {f8af15f3-e6af-11e3-851a-00248cd00264} - E:\AutoRun.exe
Startup: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2013-12-27]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{29A9EFF4-50E9-457C-BB2A-FD98BD5ACFD4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9409F66E-80AD-4114-A5D6-6D0E60E50B28}: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\lxqp4ukn.default
FF Homepage: www.netvibes.com/ivansc
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1793361252-1642306814-3946400002-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ivan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-24] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2014-07-22]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-07-22]
FF Extension: Avira Browser Safety - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\lxqp4ukn.default\Extensions\abs@avira.com [2015-07-02]
FF Extension: Print pages to PDF - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\lxqp4ukn.default\Extensions\printPages2Pdf@reinhold.ripper [2015-05-29]
FF Extension: web2pdf - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\lxqp4ukn.default\Extensions\jid1-Y5yNCPQbxaTICw@jetpack.xpi [2014-07-28]
FF Extension: printpdf - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\lxqp4ukn.default\Extensions\printpdf@pavlov.net.xpi [2014-07-28]
FF Extension: LeechBlock - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\lxqp4ukn.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-02-10]
FF Extension: Video DownloadHelper - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\lxqp4ukn.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-16]
FF Extension: Adblock Plus - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\lxqp4ukn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-10]
FF Extension: Web2PDF converter - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\lxqp4ukn.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2014-07-28]
Chrome:
=======
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2014-10-04]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apboafhkiegglekeafbckfjldecefkhn [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20]
CHR Extension: (McAfee Security Scan+) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-25]
CHR Extension: (Adblock Plus) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-25]
CHR Extension: (Wireframe.cc) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ckdndemedapacbnpapaickknpmojjpmn [2014-04-29]
CHR Extension: (Block Story) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmeafgdapgpfjaboggonddfadfkkabaa [2014-10-17]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20]
CHR Extension: (ToolUx) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cpbdjakihiefljkahjcmegbekgipagbn [2014-04-25]
CHR Extension: (Chromebleed) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-20]
CHR Extension: (Bookmark Manager) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-04-25]
CHR Extension: (Battlestar Galactica Online) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb [2014-10-17]
CHR Extension: (PIX Image Viewer) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jhiefdhfagmopanfdhcboijgjacllafi [2014-08-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]
CHR Extension: (Google Wallet) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20]
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-02]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2015-05-04]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-02]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apboafhkiegglekeafbckfjldecefkhn [2015-05-04]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-02]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-02]
CHR Extension: (Adblock Plus) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-02]
CHR Extension: (Wireframe.cc) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ckdndemedapacbnpapaickknpmojjpmn [2015-05-04]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-02]
CHR Extension: (ToolUx) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cpbdjakihiefljkahjcmegbekgipagbn [2015-05-04]
CHR Extension: (Chromebleed) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-05-04]
CHR Extension: (Google Sheets) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-02]
CHR Extension: (Avira Browser Safety) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-02]
CHR Extension: (Bookmark Manager) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-02]
CHR Extension: (Battlestar Galactica Online) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb [2015-05-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-02]
CHR Extension: (Google Wallet) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-02]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-02]
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-07]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-07]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-07]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-07]
CHR Extension: (Adblock Plus) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-08]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-07]
CHR Extension: (Google Sheets) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-07]
CHR Extension: (Avira Browser Safety) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-07]
CHR Extension: (Bookmark Manager) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-07]
CHR Extension: (Google Wallet) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-07]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-07]
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Adblock Plus) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-11]
CHR Extension: (Avira Browser Safety) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-10]
CHR Extension: (Bookmark Manager) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-10]
CHR Extension: (Google Wallet) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-10]
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2015-05-13]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-12]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apboafhkiegglekeafbckfjldecefkhn [2015-05-13]
CHR Extension: (Adblock Plus) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-13]
CHR Extension: (Wireframe.cc) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ckdndemedapacbnpapaickknpmojjpmn [2015-05-13]
CHR Extension: (ToolUx) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\cpbdjakihiefljkahjcmegbekgipagbn [2015-05-13]
CHR Extension: (Chromebleed) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-05-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-13]
CHR Extension: (Battlestar Galactica Online) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb [2015-05-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-14]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-18] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-13] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [43128 2011-12-05] (MediaTek Inc.) [File not signed]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 22:38 - 2015-07-13 22:38 - 00033431 _____ C:\Users\Ivan\Desktop\FRST.txt
2015-07-13 22:38 - 2015-07-13 22:38 - 00000000 ____D C:\FRST
2015-07-13 22:36 - 2015-07-13 22:36 - 02133504 _____ (Farbar) C:\Users\Ivan\Desktop\FRST64.exe
2015-07-11 17:59 - 2015-07-11 17:59 - 00001013 _____ C:\Users\Ivan\Desktop\AdwCleaner[s1] - Atalho.lnk
2015-07-10 21:06 - 2015-07-10 21:07 - 00012010 _____ C:\Users\Ivan\Desktop\ZHPCleaner.txt
2015-07-10 20:57 - 2015-07-10 20:57 - 01845248 _____ C:\Users\Ivan\Desktop\ZHPCleaner.exe
2015-07-10 20:29 - 2015-07-11 17:55 - 00000000 ____D C:\AdwCleaner
2015-07-10 20:26 - 2015-07-10 20:27 - 02248704 _____ C:\Users\Ivan\Desktop\AdwCleaner.exe
2015-07-09 21:27 - 2015-07-09 21:27 - 00001724 _____ C:\Users\Ivan\Desktop\ZHPFixReport.txt
2015-07-09 21:24 - 2015-07-09 21:26 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2015-07-09 21:24 - 2015-07-09 21:24 - 00001853 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2015-07-09 21:24 - 2015-07-09 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-07-09 21:23 - 2015-07-09 21:08 - 03522334 _____ (Nicolas Coolman ) C:\Users\Ivan\Desktop\ZHPFix.exe
2015-07-09 21:07 - 2015-07-09 21:08 - 03522334 _____ (Nicolas Coolman ) C:\Users\Ivan\Downloads\ZHPFix.exe
2015-07-08 00:48 - 2015-07-08 00:48 - 00067891 _____ C:\Users\Ivan\Desktop\ZHPDiag.txt
2015-07-08 00:44 - 2015-07-10 21:07 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\ZHP
2015-07-08 00:43 - 2015-07-08 00:43 - 01836032 _____ C:\Users\Ivan\Downloads\ZHPDiag3.exe
2015-07-08 00:43 - 2015-07-08 00:43 - 01836032 _____ C:\Users\Ivan\Desktop\ZHPDiag3.exe
2015-07-07 19:36 - 2015-07-07 19:36 - 00000000 ____D C:\Users\Todos os Usuários\F-Secure
2015-07-07 19:36 - 2015-07-07 19:36 - 00000000 ____D C:\ProgramData\F-Secure
2015-07-03 17:56 - 2015-07-03 17:56 - 00001120 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-02 22:45 - 2015-07-04 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-20 18:58 - 2015-06-20 18:59 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Ivan\Downloads\flashplayer18au_gd_install.exe
2015-06-16 20:19 - 2015-07-13 21:34 - 00002072 _____ C:\Windows\setupact.log
2015-06-16 20:19 - 2015-07-10 16:24 - 00002382 _____ C:\Windows\PFRO.log
2015-06-16 20:19 - 2015-06-16 20:19 - 00000000 _____ C:\Windows\setuperr.log
2015-06-15 21:36 - 2015-06-15 21:36 - 00009216 ___SH C:\Users\Ivan\Thumbs.db
2015-06-15 16:18 - 2015-06-15 16:18 - 00131404 _____ C:\Users\Ivan\Documents\cc_20150615_161833.reg
2015-06-10 01:42 - 2015-06-01 16:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 01:42 - 2015-06-01 15:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 01:42 - 2015-05-27 11:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 01:42 - 2015-05-27 11:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 01:42 - 2015-05-23 00:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 01:42 - 2015-05-23 00:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 01:42 - 2015-05-23 00:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 01:42 - 2015-05-23 00:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 01:42 - 2015-05-23 00:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 01:42 - 2015-05-23 00:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 01:42 - 2015-05-23 00:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 01:42 - 2015-05-23 00:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 01:42 - 2015-05-23 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 01:42 - 2015-05-23 00:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 01:42 - 2015-05-23 00:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 01:42 - 2015-05-23 00:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 01:42 - 2015-05-23 00:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 01:42 - 2015-05-22 23:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 01:42 - 2015-05-22 23:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 01:42 - 2015-05-22 23:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 01:42 - 2015-05-22 23:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 01:42 - 2015-05-22 23:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 01:42 - 2015-05-22 23:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 01:42 - 2015-05-22 23:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 01:42 - 2015-05-22 23:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 01:42 - 2015-05-22 23:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 01:42 - 2015-05-22 23:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 01:42 - 2015-05-22 23:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 01:42 - 2015-05-22 23:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 01:42 - 2015-05-22 23:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 01:42 - 2015-05-22 16:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 01:42 - 2015-05-22 16:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 01:42 - 2015-05-22 16:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 01:42 - 2015-05-22 16:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 01:42 - 2015-05-22 16:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 01:42 - 2015-05-22 16:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 01:42 - 2015-05-22 16:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 01:42 - 2015-05-22 15:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 01:42 - 2015-05-22 15:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 01:42 - 2015-05-22 15:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 01:42 - 2015-05-22 15:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 01:42 - 2015-05-22 15:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 01:42 - 2015-05-22 15:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 01:42 - 2015-05-22 15:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 01:42 - 2015-05-22 15:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 01:42 - 2015-05-22 15:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 01:42 - 2015-05-22 15:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 01:42 - 2015-05-22 15:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 01:42 - 2015-05-22 15:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 01:42 - 2015-05-22 15:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 01:42 - 2015-05-22 15:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 01:42 - 2015-05-22 15:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 01:42 - 2015-05-22 15:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 01:42 - 2015-05-22 15:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 01:42 - 2015-05-22 15:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 01:42 - 2015-05-22 15:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 01:42 - 2015-05-22 14:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 01:42 - 2015-05-22 14:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 01:42 - 2015-05-22 14:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 01:42 - 2015-05-22 14:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 00:42 - 2015-05-22 15:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 00:42 - 2015-05-22 15:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 00:42 - 2015-05-22 15:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 00:42 - 2015-05-22 15:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 00:42 - 2015-05-22 15:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 00:42 - 2015-05-22 15:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 00:42 - 2015-05-22 15:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 00:42 - 2015-05-21 10:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 00:42 - 2015-04-29 15:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 00:42 - 2015-04-29 15:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 00:42 - 2015-04-29 15:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 00:42 - 2015-04-29 15:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 00:42 - 2015-04-29 15:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 00:42 - 2015-04-29 15:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 00:42 - 2015-04-29 15:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 00:42 - 2015-04-29 15:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 00:42 - 2015-04-29 15:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 00:42 - 2015-04-29 15:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 00:37 - 2015-05-25 15:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 00:37 - 2015-05-25 15:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 00:37 - 2015-05-25 15:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 00:37 - 2015-05-25 15:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 00:37 - 2015-05-25 15:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 00:37 - 2015-05-25 15:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 00:37 - 2015-05-25 15:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 00:37 - 2015-05-25 15:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 00:37 - 2015-05-25 15:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 00:37 - 2015-05-25 15:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 00:37 - 2015-05-25 15:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 00:37 - 2015-05-25 15:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 00:37 - 2015-05-25 15:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 00:37 - 2015-05-25 15:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 00:37 - 2015-05-25 15:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 00:37 - 2015-05-25 15:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 00:37 - 2015-05-25 15:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 00:37 - 2015-05-25 15:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 00:37 - 2015-05-25 15:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 00:37 - 2015-05-25 15:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 15:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 00:37 - 2015-05-25 15:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 00:37 - 2015-05-25 15:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 00:37 - 2015-05-25 15:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 00:37 - 2015-05-25 15:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 00:37 - 2015-05-25 15:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 00:37 - 2015-05-25 15:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 00:37 - 2015-05-25 15:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 00:37 - 2015-05-25 15:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 00:37 - 2015-05-25 15:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 00:37 - 2015-05-25 15:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 00:37 - 2015-05-25 14:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 00:37 - 2015-05-25 14:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 00:37 - 2015-05-25 14:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 00:37 - 2015-05-25 14:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 00:37 - 2015-05-25 14:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 00:37 - 2015-05-25 14:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 14:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 00:37 - 2015-05-25 13:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 00:37 - 2015-05-25 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 00:37 - 2015-05-25 13:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 13:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 13:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 00:37 - 2015-05-25 13:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 00:27 - 2015-04-24 15:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 00:27 - 2015-04-24 14:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 23:29 - 2015-05-25 14:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 23:19 - 2015-04-11 00:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-05 21:42 - 2015-06-05 21:42 - 00000000 ____D C:\Users\Ivan\AppData\Local\GWX
2015-05-15 23:42 - 2015-05-15 23:43 - 01081072 _____ (Unity Technologies ApS) C:\Users\Ivan\Downloads\UnityWebPlayer (2).exe
2015-05-12 23:50 - 2015-05-01 10:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:50 - 2015-05-01 10:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:20 - 2015-04-18 00:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:20 - 2015-04-17 23:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:15 - 2015-04-13 00:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:14 - 2015-04-20 00:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:14 - 2015-04-20 00:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:14 - 2015-04-19 23:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:14 - 2015-04-08 00:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:14 - 2015-04-08 00:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:14 - 2015-04-08 00:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 21:00 - 2015-01-29 00:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:00 - 2015-01-29 00:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 20:45 - 2015-02-18 04:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 20:45 - 2015-02-18 04:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 20:30 - 2015-03-04 01:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 20:30 - 2015-03-04 01:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 20:30 - 2015-03-04 01:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 20:30 - 2015-03-04 01:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 20:30 - 2015-03-04 01:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 20:30 - 2015-03-04 01:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 20:30 - 2015-03-04 01:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-11 22:19 - 2015-05-11 22:19 - 00304541 _____ C:\Users\Ivan\Downloads\NPF102-4.xls
2015-05-11 16:52 - 2015-05-11 16:52 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2015-05-05 23:41 - 2015-05-05 23:41 - 00561248 _____ (Oracle Corporation) C:\Users\Ivan\Downloads\jxpiinstall(2).exe
2015-05-05 23:40 - 2015-05-05 23:40 - 00561248 _____ (Oracle Corporation) C:\Users\Ivan\Downloads\jxpiinstall.exe
2015-05-05 23:40 - 2015-05-05 23:40 - 00561248 _____ (Oracle Corporation) C:\Users\Ivan\Downloads\jxpiinstall(1).exe
2015-05-04 17:37 - 2015-05-04 17:47 - 60939952 _____ (Microsoft Corporation) C:\Users\Ivan\Downloads\VSCodeSetup.exe
2015-05-01 02:19 - 2015-06-16 20:19 - 00289792 ___SH C:\Users\Ivan\Desktop\Thumbs.db
2015-04-17 16:54 - 2015-04-17 16:54 - 00000000 ____D C:\Users\Ivan\Downloads\certificado
2015-04-15 02:01 - 2015-03-25 00:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 02:01 - 2015-03-25 00:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 02:01 - 2015-03-25 00:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 02:01 - 2015-03-25 00:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 02:01 - 2015-03-25 00:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 02:01 - 2015-03-25 00:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 02:01 - 2015-03-25 00:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 02:01 - 2015-03-25 00:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 02:01 - 2015-03-25 00:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 02:01 - 2015-03-25 00:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 02:01 - 2015-03-25 00:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 02:01 - 2015-03-25 00:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 02:01 - 2015-03-25 00:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 02:01 - 2015-03-25 00:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 02:01 - 2015-03-25 00:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 02:01 - 2015-03-25 00:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 01:58 - 2015-03-05 02:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 01:58 - 2015-03-05 01:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 01:53 - 2015-03-10 00:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 01:53 - 2015-03-10 00:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 01:53 - 2015-03-10 00:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 01:53 - 2015-03-10 00:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 01:32 - 2015-02-25 00:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 01:25 - 2015-03-04 01:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 01:25 - 2015-03-04 01:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 01:25 - 2015-03-04 01:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 22:09 - 2015-04-14 22:09 - 00003180 _____ C:\Windows\System32\Tasks\{A89F789C-846C-41F6-944A-800668A6424C}
2015-04-14 21:50 - 2015-04-14 22:09 - 00000000 ____D C:\Users\Ivan\.receitanet
2015-04-14 21:26 - 2015-04-14 21:26 - 00000176 _____ C:\Windows\REC-NET.INI
2015-04-14 21:26 - 2015-04-14 21:26 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2015
2015-04-14 21:26 - 2015-04-14 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB
2015-04-14 21:26 - 2015-04-14 21:26 - 00000000 ____D C:\Program Files (x86)\Programas RFB
2015-04-14 21:25 - 2015-04-14 21:26 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2015-04-14 21:25 - 2015-04-14 21:26 - 00000000 ____D C:\Arquivos de Programas RFB
2015-04-14 21:25 - 2015-04-14 21:25 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
2015-04-14 21:14 - 2015-07-02 18:55 - 00005004 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Ivan-PC-Ivan Ivan-PC
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 21:50 - 2009-07-14 01:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 21:50 - 2009-07-14 01:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 21:46 - 2014-02-12 18:54 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 21:45 - 2013-11-12 09:03 - 01310452 _____ C:\Windows\WindowsUpdate.log
2015-07-13 21:42 - 2013-11-12 09:17 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 21:35 - 2014-12-18 15:07 - 00000000 ____D C:\Users\Todos os Usuários\VMware
2015-07-13 21:35 - 2014-12-18 15:07 - 00000000 ____D C:\ProgramData\VMware
2015-07-13 21:35 - 2014-03-11 21:35 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-13 21:35 - 2013-11-12 09:17 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 21:34 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 11:03 - 2009-07-14 14:55 - 00771824 _____ C:\Windows\system32\prfh0416.dat
2015-07-13 11:03 - 2009-07-14 14:55 - 00170442 _____ C:\Windows\system32\prfc0416.dat
2015-07-13 11:03 - 2009-07-14 02:13 - 01810598 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 23:49 - 2015-04-05 02:47 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-12 23:49 - 2015-04-05 02:47 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-11 23:06 - 2013-12-20 19:35 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\TS3Client
2015-07-11 17:43 - 2013-12-14 18:16 - 00154112 _____ C:\Users\Ivan\Desktop\Despesas 2013-2014-2015.xls
2015-07-10 21:50 - 2013-12-26 22:34 - 00000000 ____D C:\Users\Ivan\dwhelper
2015-07-09 17:24 - 2014-06-10 20:24 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-07-08 22:55 - 2014-02-12 18:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 22:55 - 2014-02-12 18:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 22:55 - 2014-02-12 18:54 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 13:39 - 2014-09-22 18:02 - 00000000 ____D C:\Program Files (x86)\Claro 3G
2015-07-07 20:01 - 2013-11-12 09:06 - 00000000 ____D C:\Users\Ivan\AppData\Local\VirtualStore
2015-07-04 15:44 - 2013-12-26 10:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 17:56 - 2014-02-06 13:45 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2015-07-03 17:56 - 2014-02-06 13:45 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-03 17:56 - 2013-12-20 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-03 17:56 - 2013-12-20 17:17 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-23 13:30 - 2013-11-12 09:25 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-20 19:00 - 2014-06-28 11:11 - 00000000 ____D C:\Users\Ivan\AppData\Local\Adobe
2015-06-18 21:41 - 2013-12-20 17:17 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-18 21:41 - 2013-12-20 17:17 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-18 14:32 - 2013-12-16 23:43 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Media Player Classic
2015-06-16 20:19 - 2013-12-20 17:17 - 00000000 ____D C:\Users\Todos os Usuários\Avira
2015-06-16 20:19 - 2013-12-20 17:17 - 00000000 ____D C:\ProgramData\Avira
2015-06-15 21:53 - 2013-11-12 10:32 - 00000000 ____D C:\Users\Ivan\AppData\Local\Microsoft Help
2015-06-15 21:36 - 2013-11-12 09:06 - 00000000 ____D C:\Users\Ivan
2015-06-15 11:34 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\tracing
==================== Files in the root of some directories =======
2014-08-18 17:19 - 2014-08-18 17:30 - 0000386 _____ () C:\Users\Ivan\AppData\Roaming\burnaware.ini
2014-10-29 19:19 - 2015-03-30 13:35 - 0000600 _____ () C:\Users\Ivan\AppData\Local\PUTTY.RND
2014-12-23 20:53 - 2014-12-23 20:53 - 0003487 _____ () C:\Users\Ivan\AppData\Local\recently-used.xbel
2013-12-16 10:16 - 2014-12-01 16:25 - 0007602 _____ () C:\Users\Ivan\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\Ivan\AppData\Local\Temp\avgnt.exe
C:\Users\Ivan\AppData\Local\Temp\Quarantine.exe
C:\Users\Ivan\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-16 11:32



================================================

Compartilhar este post


Link para o post
Compartilhar em outros sites
Addition.txt



Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015

Ran by Ivan at 2015-07-13 22:39:23

Running from C:\Users\Ivan\Desktop

Boot Mode: Normal

==========================================================



==================== Accounts: =============================


Administrador (S-1-5-21-1793361252-1642306814-3946400002-500 - Administrator - Disabled)

Convidado (S-1-5-21-1793361252-1642306814-3946400002-501 - Limited - Disabled)

Ivan (S-1-5-21-1793361252-1642306814-3946400002-1000 - Administrator - Enabled) => C:\Users\Ivan


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)

Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)

AzureTools.Notifications.VwdExpress (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden

Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

BurnAware Free 6.4 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)

CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)

Claro 3G (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )

ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)

Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project)

Gerenciador de Downloads (HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\a54e16f5d00985b6) (Version: 0.9.3.123 - Level Up! Gerenciador)

GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )

IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2014) (Version: 1.6 - Receita Federal do Brasil)

IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.2 - Receita Federal do Brasil)

Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Java SE Development Kit 8 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)

K-Lite Codec Pack 10.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio Express 2013 for Web - ENU (HKLM-x32\...\{3e544097-53d1-4252-98a6-93cc12a6d487}) (Version: 12.0.21005.13 - Microsoft Corporation)

Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)

Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)

Mozilla Firefox 39.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pt-BR)) (Version: 39.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)

Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)

Paltalk Messenger 11.6 (HKLM-x32\...\Paltalk Messenger) (Version: 11.6.607.17218 - AVM Software Inc.)

PHP Manager 1.2 for IIS 7 (HKLM\...\{E851486F-1FE2-44F0-85ED-F969088A68EE}) (Version: 1.2.0 - )

Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)

Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados)

Revisores de Texto do Microsoft Office 2013 – Português do Brasil (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)

Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)

Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)

Unity Web Player (HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)

Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUS_{B36586AD-3256-47B6-8AE7-FA0D8727D7C2}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3054791) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUS_{04ADDEC1-208F-4295-AA61-16789EA56814}) (Version: - Microsoft)

VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)

VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden

wc3270 3.3.9ga12 (HKLM-x32\...\wc3270_is1) (Version: - Paul Mattes)

WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== Restore Points =========================


11-06-2015 01:08:14 Windows Update

12-06-2015 02:44:27 Windows Update

17-06-2015 16:02:35 Windows Update

23-06-2015 21:32:20 Windows Update

30-06-2015 23:43:36 Windows Update

07-07-2015 18:41:05 Windows Update

09-07-2015 21:26:52 ZHPFix Restore System Point

12-07-2015 23:48:57 Windows Update


==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {01D57A2E-D727-4424-8797-95EFED78F596} - System32\Tasks\{A89F789C-846C-41F6-944A-800668A6424C} => pcalua.exe -a "C:\Arquivos de Programas RFB\IRPF2015\IRPF2015.exe" -d "C:\Arquivos de Programas RFB\IRPF2015"

Task: {14BE1C41-212D-46E0-8BB4-DA309E8DFB0F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)

Task: {211986DB-DBA1-47A3-A248-3C08B1C8F9E4} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => C:\Office Activation Technologies\Install.cmd [2016-08-14] ()

Task: {5509F5D9-8D2B-4B67-A9B2-4935F02F54BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {60166314-1DFF-4DC3-9B01-A3D77E856930} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Ivan-PC-Ivan Ivan-PC => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)

Task: {60896297-F226-4319-8F74-503ACA3928A7} - System32\Tasks\{DFAF1978-31D7-4441-8CAD-C747513E1BB4} => Iexplore.exe http://ui.skype.com/ui/0/6.7.0.102/pt/go/help.faq.installer?source=lightinstaller&LastError=1618

Task: {64177631-9678-436D-8C50-14930D90CC9E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)

Task: {6D03D49A-0512-409A-B6E6-D6C35223B6A3} - System32\Tasks\{3B20EE6C-E0E6-4A2D-BDDD-183D79447EE2} => pcalua.exe -a "C:\Program Files (x86)\Mobile Partner\uninst.exe"

Task: {6D24B6EA-06C2-41EC-BF1C-E0AA5C050E0B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

Task: {7962E69E-DFFF-4ABC-9747-967B7D8A7150} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)

Task: {7F5ED2B7-E379-44F1-B5ED-8164F040A58B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)

Task: {85160301-7DD4-4F44-B566-42E05CB94885} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-12] (Google Inc.)

Task: {E7B98416-A630-459A-A306-538A746F5551} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-12] (Google Inc.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


==================== Loaded Modules (Whitelisted) ==============


2014-09-22 18:02 - 2013-04-25 12:55 - 10870528 _____ () C:\Program Files (x86)\Claro 3G\UIMain.exe

2014-09-22 18:02 - 2013-04-25 12:55 - 00680192 _____ () C:\Program Files (x86)\Claro 3G\CMUpdater.exe

2014-06-28 12:32 - 2014-07-03 12:25 - 38713856 _____ () C:\Program Files (x86)\Paltalk Messenger\libcef.dll

2013-11-11 21:49 - 2015-04-21 22:12 - 02220032 _____ () C:\Program Files (x86)\Paltalk Messenger\Images.dll

2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll

2014-09-22 18:02 - 2012-09-24 16:01 - 01177424 _____ () C:\Program Files (x86)\Claro 3G\WAITINGFORM.DLL

2014-09-22 18:02 - 2013-04-25 12:54 - 01180928 _____ () C:\Program Files (x86)\Claro 3G\DLL_NETCARD_R.DLL

2009-07-13 18:03 - 2009-07-13 22:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

2014-09-22 18:02 - 2010-12-10 12:42 - 00238928 _____ () C:\Program Files (x86)\Claro 3G\UICommonDlg.dll

2014-09-22 18:02 - 2010-12-10 12:42 - 00349520 _____ () C:\Program Files (x86)\Claro 3G\UISkin.dll

2014-09-22 18:02 - 2010-12-10 12:42 - 00165712 _____ () C:\Program Files (x86)\Claro 3G\BIXml.dll

2014-09-22 18:02 - 2010-12-10 12:42 - 00617808 _____ () C:\Program Files (x86)\Claro 3G\UpdateAgent.dll

2015-03-04 14:04 - 2014-02-10 11:44 - 04592128 _____ () C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2015-03-04 14:04 - 2014-02-10 11:44 - 00112128 _____ () C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)



==================== Safe Mode (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



==================== EXE Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)



==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)



==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: Media is not connected to internet.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)



==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{E95EE1D5-EA99-47AB-B04C-6CB8A7AD4FE5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{3D3D20BB-CD69-4C88-9F87-CEEE610EE2F8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe

FirewallRules: [{24BC3941-B637-4F21-B9FF-43DC1F16B01D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe

FirewallRules: [{7F7C1768-CBF4-4D67-B32A-5132C73B9415}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{DD22D721-A34D-476A-8F69-D094C08FADBC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [TCP Query User{1B7ED2FD-D801-4AE8-85D9-D68BBE043EE7}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe

FirewallRules: [uDP Query User{A0ED3BA6-9F8A-453F-BBB3-B7C599C3FE62}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe

FirewallRules: [TCP Query User{6F27820B-54DF-4641-9F30-902AAD0BE97C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [uDP Query User{B263243F-8ED1-4188-8A1B-5434E6C6ACDA}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [TCP Query User{8CA82824-0CB7-4AD4-88AF-8726D6505665}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe

FirewallRules: [uDP Query User{BCF27B4B-2062-4E25-87EC-76075EBEE855}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe

FirewallRules: [TCP Query User{3EA8CBCB-96E6-40D3-92A6-43D116758E13}C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_025a6ac6eaeb9448\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Block) C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_025a6ac6eaeb9448\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe

FirewallRules: [uDP Query User{940752C4-EA29-403C-ACBF-C6C5563F9B67}C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_025a6ac6eaeb9448\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Block) C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_025a6ac6eaeb9448\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe

FirewallRules: [{36F3AB7D-C0FF-42BA-A699-3F92BD859365}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

FirewallRules: [{7371C823-E1AF-4E41-B76E-EEEE81AD1BF7}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

FirewallRules: [TCP Query User{AF813AFC-52FD-41B6-AD46-2AE7558693F3}C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_1feaa37cbf125788\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Block) C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_1feaa37cbf125788\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe

FirewallRules: [uDP Query User{34F04954-3F08-432C-8C55-AF5A50CEB8AD}C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_1feaa37cbf125788\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Block) C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_1feaa37cbf125788\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe

FirewallRules: [{7736D09C-21AD-4AB4-85CB-2DB6D0888294}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{B423ECA4-6D65-4348-94BF-CF10F3B55632}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{3F0170D4-B642-46D1-B9CB-3D628078FD8F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [uDP Query User{341B29CB-F830-44EC-8CAF-45FF1D7B5772}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [{D7F8338F-1605-4823-A441-F929DE12FBA4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Faulty Device Manager Devices =============


Name: USB VCom Port

Description: USB VCom Port

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Name: Dispositivo Periférico Bluetooth

Description: Dispositivo Periférico Bluetooth

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Name: Dispositivo Periférico Bluetooth

Description: Dispositivo Periférico Bluetooth

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Name: Dispositivo Periférico Bluetooth

Description: Dispositivo Periférico Bluetooth

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.



==================== Event log errors: =========================


Application errors:

==================

Error: (07/12/2015 11:48:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome de aplicativo com falha: UIMain.exe, versão: 1.0.0.0, carimbo de hora: 0x00000000

Nome do módulo de falhas: KERNELBASE.dll, versão: 6.1.7601.18869, carimbo de hora: 0x556363bc

Código de exceção: 0x0eedfade

Deslocamento com falha: 0x0000c42d

Identificação do processo com falha: 0x470

Hora de início do aplicativo com falha: 0xUIMain.exe0

Caminho do aplicativo com falha: UIMain.exe1

FCaminho do módulo de falhas: UIMain.exe2

Identificação do Relatório: UIMain.exe3


Error: (07/11/2015 05:55:45 PM) (Source: FirebirdGuardianDefaultInstance) (EventID: 281) (User: )

Description: Abnormal Termination: "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe": terminated abnormally (4294967295)


Error: (07/11/2015 01:21:17 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome de aplicativo com falha: UIMain.exe, versão: 1.0.0.0, carimbo de hora: 0x00000000

Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18869, carimbo de hora: 0x55636317

Código de exceção: 0xc0000005

Deslocamento com falha: 0x000330dd

Identificação do processo com falha: 0x4a8

Hora de início do aplicativo com falha: 0xUIMain.exe0

Caminho do aplicativo com falha: UIMain.exe1

FCaminho do módulo de falhas: UIMain.exe2

Identificação do Relatório: UIMain.exe3


Error: (07/10/2015 08:58:23 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:.

Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


Error: (07/10/2015 08:50:17 PM) (Source: FirebirdGuardianDefaultInstance) (EventID: 281) (User: )

Description: Abnormal Termination: "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe": terminated abnormally (4294967295)


Error: (07/10/2015 08:34:46 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome de aplicativo com falha: UIMain.exe, versão: 1.0.0.0, carimbo de hora: 0x00000000

Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de hora: 0x00000000

Código de exceção: 0xc0000005

Deslocamento com falha: 0x444e4545

Identificação do processo com falha: 0x630

Hora de início do aplicativo com falha: 0xUIMain.exe0

Caminho do aplicativo com falha: UIMain.exe1

FCaminho do módulo de falhas: UIMain.exe2

Identificação do Relatório: UIMain.exe3


Error: (07/10/2015 08:34:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome de aplicativo com falha: UIMain.exe, versão: 1.0.0.0, carimbo de hora: 0x00000000

Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de hora: 0x00000000

Código de exceção: 0xc0000005

Deslocamento com falha: 0x444e4545

Identificação do processo com falha: 0x630

Hora de início do aplicativo com falha: 0xUIMain.exe0

Caminho do aplicativo com falha: UIMain.exe1

FCaminho do módulo de falhas: UIMain.exe2

Identificação do Relatório: UIMain.exe3


Error: (07/10/2015 12:59:49 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome de aplicativo com falha: UIMain.exe, versão: 1.0.0.0, carimbo de hora: 0x00000000

Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18869, carimbo de hora: 0x55636317

Código de exceção: 0xc0000005

Deslocamento com falha: 0x0002df40

Identificação do processo com falha: 0xfc0

Hora de início do aplicativo com falha: 0xUIMain.exe0

Caminho do aplicativo com falha: UIMain.exe1

FCaminho do módulo de falhas: UIMain.exe2

Identificação do Relatório: UIMain.exe3


Error: (07/09/2015 12:47:14 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: O programa UIMain.exe versão 1.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.


ID de Processo: e00


Hora de Início: 01d0b9d9e56edc87


Hora de Término: 14


Caminho do Aplicativo: C:\Program Files (x86)\Claro 3G\UIMain.exe


Id do Relatório: 2c6dc328-25ed-11e5-9884-00158307c667


Error: (07/09/2015 12:46:53 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome de aplicativo com falha: UIMain.exe, versão: 1.0.0.0, carimbo de hora: 0x00000000

Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de hora: 0x00000000

Código de exceção: 0xc0000005

Deslocamento com falha: 0x0000000c

Identificação do processo com falha: 0xe00

Hora de início do aplicativo com falha: 0xUIMain.exe0

Caminho do aplicativo com falha: UIMain.exe1

FCaminho do módulo de falhas: UIMain.exe2

Identificação do Relatório: UIMain.exe3



System errors:

=============

Error: (07/11/2015 05:56:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço Serviço de Compartilhamento de Rede do Windows Media Player devido ao seguinte erro:

%%1069


Error: (07/11/2015 05:56:16 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: O serviço WMPNetworkSvc não pôde fazer logon como NT AUTHORITY\NetworkService com a senha configurada atualmente devido ao seguinte erro:

%%50


Para verificar se o serviço está configurado corretamente, use o snap-in de Serviços do Console de Gerenciamento Microsoft.


Error: (07/11/2015 05:56:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço Windows Search devido ao seguinte erro:

%%1069


Error: (07/11/2015 05:56:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: O serviço WSearch não pôde fazer logon como NT AUTHORITY\SYSTEM com a senha configurada atualmente devido ao seguinte erro:

%%50


Para verificar se o serviço está configurado corretamente, use o snap-in de Serviços do Console de Gerenciamento Microsoft.


Error: (07/11/2015 05:55:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: O serviço Firebird Server - DefaultInstance foi encerrado inesperadamente. Isso aconteceu 2 vez(es).


Error: (07/11/2015 05:55:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: O serviço VMware NAT Service foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar o serviço.


Error: (07/11/2015 05:55:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: O serviço Firebird Guardian - DefaultInstance foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.


Error: (07/11/2015 05:55:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: O serviço Instalador de Módulos do Windows foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço.


Error: (07/11/2015 05:55:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: O serviço Microsoft .NET Framework NGEN v4.0.30319_X64 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço.


Error: (07/11/2015 05:55:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.



Microsoft Office:

=========================

Error: (07/12/2015 11:48:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: UIMain.exe1.0.0.000000000KERNELBASE.dll6.1.7601.18869556363bc0eedfade0000c42d47001d0bce63e466dd9C:\Program Files (x86)\Claro 3G\UIMain.exeC:\Windows\syswow64\KERNELBASE.dllaa4fe5e4-2909-11e5-a9fd-00158307c667


Error: (07/11/2015 05:55:45 PM) (Source: FirebirdGuardianDefaultInstance) (EventID: 281) (User: )

Description: Abnormal Termination: "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe": terminated abnormally (4294967295)


Error: (07/11/2015 01:21:17 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: UIMain.exe1.0.0.000000000ntdll.dll6.1.7601.1886955636317c0000005000330dd4a801d0bb6b92f1136fC:\Program Files (x86)\Claro 3G\UIMain.exeC:\Windows\SysWOW64\ntdll.dll45b7d376-2784-11e5-a210-00158307c667


Error: (07/10/2015 08:58:23 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Ivan\Downloads\SoftonicDownloader_para_portabletor.exe


Error: (07/10/2015 08:50:17 PM) (Source: FirebirdGuardianDefaultInstance) (EventID: 281) (User: )

Description: Abnormal Termination: "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe": terminated abnormally (4294967295)


Error: (07/10/2015 08:34:46 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: UIMain.exe1.0.0.000000000unknown0.0.0.000000000c0000005444e454563001d0bb65f487737cC:\Program Files (x86)\Claro 3G\UIMain.exeunknown3f0a3272-275c-11e5-99a9-00158307c667


Error: (07/10/2015 08:34:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: UIMain.exe1.0.0.000000000unknown0.0.0.000000000c0000005444e454563001d0bb65f487737cC:\Program Files (x86)\Claro 3G\UIMain.exeunknown3c3eabe8-275c-11e5-99a9-00158307c667


Error: (07/10/2015 12:59:49 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: UIMain.exe1.0.0.000000000ntdll.dll6.1.7601.1886955636317c00000050002df40fc001d0ba8395565992C:\Program Files (x86)\Claro 3G\UIMain.exeC:\Windows\SysWOW64\ntdll.dll1bca391d-26b8-11e5-9991-00158307c667


Error: (07/09/2015 12:47:14 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: UIMain.exe1.0.0.0e0001d0b9d9e56edc8714C:\Program Files (x86)\Claro 3G\UIMain.exe2c6dc328-25ed-11e5-9884-00158307c667


Error: (07/09/2015 12:46:53 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: UIMain.exe1.0.0.000000000unknown0.0.0.000000000c00000050000000ce0001d0b9d9e56edc87C:\Program Files (x86)\Claro 3G\UIMain.exeunknown22f85bf3-25ed-11e5-9884-00158307c667



==================== Memory info ===========================


Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz

Percentage of memory in use: 42%

Total physical RAM: 4086.18 MB

Available physical RAM: 2349.54 MB

Total Virtual: 8170.57 MB

Available Virtual: 6006.69 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:465.66 GB) (Free:342.69 GB) NTFS

Drive e: (ZTEMODEM) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS


==================== MBR & Partition Table ==================


========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CB93B4AD)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)


==================== End of log ============================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia RUY, foi você quem configurou o item abaixo:

 

Tcpip\..\Interfaces\{29A9EFF4-50E9-457C-BB2A-FD98BD5ACFD4}: [DhcpNameServer] 192.168.42.129

 

  • Copie estas informações que estão em vermelho,para o Bloco de Notas.
  • Salve-a com o nome fixlist.txt
  • Salve-a no mesmo local em que se encontra a FRST
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {07e7543c-c70a-11e3-b6dd-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {07e75442-c70a-11e3-b6dd-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {159d0521-f8af-11e3-ad2d-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {193604c4-4d4a-11e3-a847-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {19e84295-ccb7-11e3-a5f0-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {19e8429b-ccb7-11e3-a5f0-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1b5eeaba-217c-11e4-aad2-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1b5eeac0-217c-11e4-aad2-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1bacb505-b430-11e3-8e00-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1bacb50e-b430-11e3-8e00-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {36ff097e-4d46-11e3-938a-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {4429fedb-696f-11e3-9e9b-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {4db834ac-aec9-11e3-adbe-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {4db834ae-aec9-11e3-adbe-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9cccf9-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9cccfb-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd03-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd07-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd09-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd0d-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd0f-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {627a7a26-a926-11e3-990e-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {64bb57a2-a4c3-11e3-add2-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {64bb57a7-a4c3-11e3-add2-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {684402d8-aec6-11e3-8084-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {684402dd-aec6-11e3-8084-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6bf2cc7f-85d1-11e3-8e04-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6c32cd41-1d60-11e4-9896-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6c32cd57-1d60-11e4-9896-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6fe376f2-6647-11e3-a2dc-00248cd00264} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6fe376f6-6647-11e3-a2dc-00248cd00264} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {7ec99124-4ca6-11e3-8cc1-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {7ec99143-4ca6-11e3-8cc1-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {8e5c945d-6838-11e3-a83d-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {9f77dfcd-426c-11e4-989e-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {9f77dfd2-426c-11e4-989e-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a22ba801-fd39-11e3-8e4e-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a3b3cddc-429a-11e4-a996-00248cd00264} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a40f5e3f-e6ad-11e3-b685-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a40f5e44-e6ad-11e3-b685-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a6558883-bb83-11e3-8e13-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a6558893-bb83-11e3-8e13-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {aca10495-4c7c-11e3-9f28-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {aca10499-4c7c-11e3-9f28-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {b404fdbd-41c8-11e4-b6b3-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {b404fdcb-41c8-11e4-b6b3-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {bd96ee5a-219e-11e4-992a-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {beef1c1b-6967-11e3-a4bb-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {beefb902-696d-11e3-947c-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c0c16841-4b97-11e3-ba2f-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c4246656-219c-11e4-9d3c-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c462d889-6434-11e3-a823-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c462d892-6434-11e3-a823-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c462d896-6434-11e3-a823-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c8445320-ccc4-11e3-ade1-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c8445327-ccc4-11e3-ade1-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {cfd73058-c19c-11e3-9c94-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {cfd7305e-c19c-11e3-9c94-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d36cbdc3-ec07-11e3-bc24-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d36cbdc8-ec07-11e3-bc24-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d3969f2e-64d8-11e3-92f5-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d3969f32-64d8-11e3-92f5-00158307c667} - F:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56aa-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56ae-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56b0-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56b3-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d4e098dd-3437-11e4-9a51-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d7b51dac-3063-11e4-aa66-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d7b51db1-3063-11e4-aa66-00158307c667} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {e22c68a0-ccb9-11e3-aa2e-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {e22c68a6-ccb9-11e3-aa2e-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {e395ff1c-696e-11e3-af29-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {f8af15e2-e6af-11e3-851a-00248cd00264} - E:\AutoRun.exe
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {f8af15f3-e6af-11e3-851a-00248cd00264} - E:\AutoRun.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
2015-07-07 19:36 - 2015-07-07 19:36 - 00000000 ____D C:\Users\Todos os Usuários\F-Secure
2015-07-07 19:36 - 2015-07-07 19:36 - 00000000 ____D C:\ProgramData\F-Secure
2015-07-09 17:24 - 2014-06-10 20:24 - 00000000 ____D C:\Program Files\McAfee Security Scan
C:\Users\Ivan\AppData\Local\Temp\avgnt.exe
C:\Users\Ivan\AppData\Local\Temp\Quarantine.exe
C:\Users\Ivan\AppData\Local\Temp\sqlite3.dll
C:\Users\Bruno\AppData\Local\Temp\avgnt.exe
HOSTS:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
  • Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
  • Poste o relatório! (Fixlog.txt)
Um grande abraço.
hi9K69W_zpsewgin980.gif Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.
Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015

Ran by Ivan at 2015-07-17 02:07:40 Run:1

Running from C:\Users\Ivan\Desktop

Loaded Profiles: Ivan & DefaultAppPool (Available Profiles: Ivan & Classic .NET AppPool & DefaultAppPool)

Boot Mode: Normal

==============================================


fixlist content:

*****************

start

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: E - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: F - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {07e7543c-c70a-11e3-b6dd-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {07e75442-c70a-11e3-b6dd-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {159d0521-f8af-11e3-ad2d-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {193604c4-4d4a-11e3-a847-806e6f6e6963} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {19e84295-ccb7-11e3-a5f0-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {19e8429b-ccb7-11e3-a5f0-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1b5eeaba-217c-11e4-aad2-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1b5eeac0-217c-11e4-aad2-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1bacb505-b430-11e3-8e00-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {1bacb50e-b430-11e3-8e00-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {36ff097e-4d46-11e3-938a-00158307c667} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {4429fedb-696f-11e3-9e9b-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {4db834ac-aec9-11e3-adbe-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {4db834ae-aec9-11e3-adbe-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9cccf9-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9cccfb-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd03-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd07-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd09-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd0d-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {5c9ccd0f-b67a-11e3-9cda-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {627a7a26-a926-11e3-990e-806e6f6e6963} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {64bb57a2-a4c3-11e3-add2-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {64bb57a7-a4c3-11e3-add2-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {684402d8-aec6-11e3-8084-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {684402dd-aec6-11e3-8084-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6bf2cc7f-85d1-11e3-8e04-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6c32cd41-1d60-11e4-9896-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6c32cd57-1d60-11e4-9896-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6fe376f2-6647-11e3-a2dc-00248cd00264} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {6fe376f6-6647-11e3-a2dc-00248cd00264} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {7ec99124-4ca6-11e3-8cc1-806e6f6e6963} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {7ec99143-4ca6-11e3-8cc1-00158307c667} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {8e5c945d-6838-11e3-a83d-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {9f77dfcd-426c-11e4-989e-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {9f77dfd2-426c-11e4-989e-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a22ba801-fd39-11e3-8e4e-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a3b3cddc-429a-11e4-a996-00248cd00264} - E:\Windows/AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a40f5e3f-e6ad-11e3-b685-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a40f5e44-e6ad-11e3-b685-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a6558883-bb83-11e3-8e13-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a6558893-bb83-11e3-8e13-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {aca10495-4c7c-11e3-9f28-00158307c667} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {aca10499-4c7c-11e3-9f28-00158307c667} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {b404fdbd-41c8-11e4-b6b3-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {b404fdcb-41c8-11e4-b6b3-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {bd96ee5a-219e-11e4-992a-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {beef1c1b-6967-11e3-a4bb-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {beefb902-696d-11e3-947c-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c0c16841-4b97-11e3-ba2f-00158307c667} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c4246656-219c-11e4-9d3c-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c462d889-6434-11e3-a823-00158307c667} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c462d892-6434-11e3-a823-00158307c667} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c462d896-6434-11e3-a823-00158307c667} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c8445320-ccc4-11e3-ade1-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {c8445327-ccc4-11e3-ade1-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {cfd73058-c19c-11e3-9c94-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {cfd7305e-c19c-11e3-9c94-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d36cbdc3-ec07-11e3-bc24-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d36cbdc8-ec07-11e3-bc24-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d3969f2e-64d8-11e3-92f5-00158307c667} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d3969f32-64d8-11e3-92f5-00158307c667} - F:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56aa-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56ae-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56b0-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d41b56b3-215a-11e4-bca8-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d4e098dd-3437-11e4-9a51-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d7b51dac-3063-11e4-aa66-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {d7b51db1-3063-11e4-aa66-00158307c667} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {e22c68a0-ccb9-11e3-aa2e-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {e22c68a6-ccb9-11e3-aa2e-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {e395ff1c-696e-11e3-af29-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {f8af15e2-e6af-11e3-851a-00248cd00264} - E:\AutoRun.exe

HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {f8af15f3-e6af-11e3-851a-00248cd00264} - E:\AutoRun.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

2015-07-07 19:36 - 2015-07-07 19:36 - 00000000 ____D C:\Users\Todos os Usuários\F-Secure

2015-07-07 19:36 - 2015-07-07 19:36 - 00000000 ____D C:\ProgramData\F-Secure

2015-07-09 17:24 - 2014-06-10 20:24 - 00000000 ____D C:\Program Files\McAfee Security Scan

C:\Users\Ivan\AppData\Local\Temp\avgnt.exe

C:\Users\Ivan\AppData\Local\Temp\Quarantine.exe

C:\Users\Ivan\AppData\Local\Temp\sqlite3.dll

C:\Users\Bruno\AppData\Local\Temp\avgnt.exe

HOSTS:

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

emptytemp:

end

*****************


Restore point was successfully created.

Processes closed successfully.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07e7543c-c70a-11e3-b6dd-00248cd00264}" => key removed successfully

HKCR\CLSID\{07e7543c-c70a-11e3-b6dd-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07e75442-c70a-11e3-b6dd-00248cd00264}" => key removed successfully

HKCR\CLSID\{07e75442-c70a-11e3-b6dd-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{159d0521-f8af-11e3-ad2d-00248cd00264}" => key removed successfully

HKCR\CLSID\{159d0521-f8af-11e3-ad2d-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{193604c4-4d4a-11e3-a847-806e6f6e6963}" => key removed successfully

HKCR\CLSID\{193604c4-4d4a-11e3-a847-806e6f6e6963} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19e84295-ccb7-11e3-a5f0-00248cd00264}" => key removed successfully

HKCR\CLSID\{19e84295-ccb7-11e3-a5f0-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19e8429b-ccb7-11e3-a5f0-00248cd00264}" => key removed successfully

HKCR\CLSID\{19e8429b-ccb7-11e3-a5f0-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b5eeaba-217c-11e4-aad2-00248cd00264}" => key removed successfully

HKCR\CLSID\{1b5eeaba-217c-11e4-aad2-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b5eeac0-217c-11e4-aad2-00248cd00264}" => key removed successfully

HKCR\CLSID\{1b5eeac0-217c-11e4-aad2-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bacb505-b430-11e3-8e00-00248cd00264}" => key removed successfully

HKCR\CLSID\{1bacb505-b430-11e3-8e00-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bacb50e-b430-11e3-8e00-00248cd00264}" => key removed successfully

HKCR\CLSID\{1bacb50e-b430-11e3-8e00-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36ff097e-4d46-11e3-938a-00158307c667}" => key removed successfully

HKCR\CLSID\{36ff097e-4d46-11e3-938a-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4429fedb-696f-11e3-9e9b-00248cd00264}" => key removed successfully

HKCR\CLSID\{4429fedb-696f-11e3-9e9b-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4db834ac-aec9-11e3-adbe-00248cd00264}" => key removed successfully

HKCR\CLSID\{4db834ac-aec9-11e3-adbe-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4db834ae-aec9-11e3-adbe-00248cd00264}" => key removed successfully

HKCR\CLSID\{4db834ae-aec9-11e3-adbe-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c9cccf9-b67a-11e3-9cda-00158307c667}" => key removed successfully

HKCR\CLSID\{5c9cccf9-b67a-11e3-9cda-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c9cccfb-b67a-11e3-9cda-00158307c667}" => key removed successfully

HKCR\CLSID\{5c9cccfb-b67a-11e3-9cda-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c9ccd03-b67a-11e3-9cda-00158307c667}" => key removed successfully

HKCR\CLSID\{5c9ccd03-b67a-11e3-9cda-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c9ccd07-b67a-11e3-9cda-00158307c667}" => key removed successfully

HKCR\CLSID\{5c9ccd07-b67a-11e3-9cda-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c9ccd09-b67a-11e3-9cda-00158307c667}" => key removed successfully

HKCR\CLSID\{5c9ccd09-b67a-11e3-9cda-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c9ccd0d-b67a-11e3-9cda-00158307c667}" => key removed successfully

HKCR\CLSID\{5c9ccd0d-b67a-11e3-9cda-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c9ccd0f-b67a-11e3-9cda-00158307c667}" => key removed successfully

HKCR\CLSID\{5c9ccd0f-b67a-11e3-9cda-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{627a7a26-a926-11e3-990e-806e6f6e6963}" => key removed successfully

HKCR\CLSID\{627a7a26-a926-11e3-990e-806e6f6e6963} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64bb57a2-a4c3-11e3-add2-00248cd00264}" => key removed successfully

HKCR\CLSID\{64bb57a2-a4c3-11e3-add2-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64bb57a7-a4c3-11e3-add2-00248cd00264}" => key removed successfully

HKCR\CLSID\{64bb57a7-a4c3-11e3-add2-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{684402d8-aec6-11e3-8084-00158307c667}" => key removed successfully

HKCR\CLSID\{684402d8-aec6-11e3-8084-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{684402dd-aec6-11e3-8084-00158307c667}" => key removed successfully

HKCR\CLSID\{684402dd-aec6-11e3-8084-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bf2cc7f-85d1-11e3-8e04-00248cd00264}" => key removed successfully

HKCR\CLSID\{6bf2cc7f-85d1-11e3-8e04-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c32cd41-1d60-11e4-9896-00158307c667}" => key removed successfully

HKCR\CLSID\{6c32cd41-1d60-11e4-9896-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c32cd57-1d60-11e4-9896-00158307c667}" => key removed successfully

HKCR\CLSID\{6c32cd57-1d60-11e4-9896-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fe376f2-6647-11e3-a2dc-00248cd00264}" => key removed successfully

HKCR\CLSID\{6fe376f2-6647-11e3-a2dc-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fe376f6-6647-11e3-a2dc-00248cd00264}" => key removed successfully

HKCR\CLSID\{6fe376f6-6647-11e3-a2dc-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ec99124-4ca6-11e3-8cc1-806e6f6e6963}" => key removed successfully

HKCR\CLSID\{7ec99124-4ca6-11e3-8cc1-806e6f6e6963} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ec99143-4ca6-11e3-8cc1-00158307c667}" => key removed successfully

HKCR\CLSID\{7ec99143-4ca6-11e3-8cc1-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e5c945d-6838-11e3-a83d-00248cd00264}" => key removed successfully

HKCR\CLSID\{8e5c945d-6838-11e3-a83d-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f77dfcd-426c-11e4-989e-00248cd00264}" => key removed successfully

HKCR\CLSID\{9f77dfcd-426c-11e4-989e-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f77dfd2-426c-11e4-989e-00248cd00264}" => key removed successfully

HKCR\CLSID\{9f77dfd2-426c-11e4-989e-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a22ba801-fd39-11e3-8e4e-00248cd00264}" => key removed successfully

HKCR\CLSID\{a22ba801-fd39-11e3-8e4e-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3b3cddc-429a-11e4-a996-00248cd00264}" => key removed successfully

HKCR\CLSID\{a3b3cddc-429a-11e4-a996-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a40f5e3f-e6ad-11e3-b685-00158307c667}" => key removed successfully

HKCR\CLSID\{a40f5e3f-e6ad-11e3-b685-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a40f5e44-e6ad-11e3-b685-00158307c667}" => key removed successfully

HKCR\CLSID\{a40f5e44-e6ad-11e3-b685-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6558883-bb83-11e3-8e13-00248cd00264}" => key removed successfully

HKCR\CLSID\{a6558883-bb83-11e3-8e13-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6558893-bb83-11e3-8e13-00248cd00264}" => key removed successfully

HKCR\CLSID\{a6558893-bb83-11e3-8e13-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aca10495-4c7c-11e3-9f28-00158307c667}" => key removed successfully

HKCR\CLSID\{aca10495-4c7c-11e3-9f28-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aca10499-4c7c-11e3-9f28-00158307c667}" => key removed successfully

HKCR\CLSID\{aca10499-4c7c-11e3-9f28-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b404fdbd-41c8-11e4-b6b3-00248cd00264}" => key removed successfully

HKCR\CLSID\{b404fdbd-41c8-11e4-b6b3-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b404fdcb-41c8-11e4-b6b3-00248cd00264}" => key removed successfully

HKCR\CLSID\{b404fdcb-41c8-11e4-b6b3-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd96ee5a-219e-11e4-992a-00248cd00264}" => key removed successfully

HKCR\CLSID\{bd96ee5a-219e-11e4-992a-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beef1c1b-6967-11e3-a4bb-00248cd00264}" => key removed successfully

HKCR\CLSID\{beef1c1b-6967-11e3-a4bb-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beefb902-696d-11e3-947c-00248cd00264}" => key removed successfully

HKCR\CLSID\{beefb902-696d-11e3-947c-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0c16841-4b97-11e3-ba2f-00158307c667}" => key removed successfully

HKCR\CLSID\{c0c16841-4b97-11e3-ba2f-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4246656-219c-11e4-9d3c-00158307c667}" => key removed successfully

HKCR\CLSID\{c4246656-219c-11e4-9d3c-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c462d889-6434-11e3-a823-00158307c667}" => key removed successfully

HKCR\CLSID\{c462d889-6434-11e3-a823-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c462d892-6434-11e3-a823-00158307c667}" => key removed successfully

HKCR\CLSID\{c462d892-6434-11e3-a823-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c462d896-6434-11e3-a823-00158307c667}" => key removed successfully

HKCR\CLSID\{c462d896-6434-11e3-a823-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8445320-ccc4-11e3-ade1-00248cd00264}" => key removed successfully

HKCR\CLSID\{c8445320-ccc4-11e3-ade1-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8445327-ccc4-11e3-ade1-00248cd00264}" => key removed successfully

HKCR\CLSID\{c8445327-ccc4-11e3-ade1-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd73058-c19c-11e3-9c94-00158307c667}" => key removed successfully

HKCR\CLSID\{cfd73058-c19c-11e3-9c94-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd7305e-c19c-11e3-9c94-00158307c667}" => key removed successfully

HKCR\CLSID\{cfd7305e-c19c-11e3-9c94-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d36cbdc3-ec07-11e3-bc24-00248cd00264}" => key removed successfully

HKCR\CLSID\{d36cbdc3-ec07-11e3-bc24-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d36cbdc8-ec07-11e3-bc24-00248cd00264}" => key removed successfully

HKCR\CLSID\{d36cbdc8-ec07-11e3-bc24-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3969f2e-64d8-11e3-92f5-00158307c667}" => key removed successfully

HKCR\CLSID\{d3969f2e-64d8-11e3-92f5-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3969f32-64d8-11e3-92f5-00158307c667}" => key removed successfully

HKCR\CLSID\{d3969f32-64d8-11e3-92f5-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41b56aa-215a-11e4-bca8-00158307c667}" => key removed successfully

HKCR\CLSID\{d41b56aa-215a-11e4-bca8-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41b56ae-215a-11e4-bca8-00158307c667}" => key removed successfully

HKCR\CLSID\{d41b56ae-215a-11e4-bca8-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41b56b0-215a-11e4-bca8-00158307c667}" => key removed successfully

HKCR\CLSID\{d41b56b0-215a-11e4-bca8-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41b56b3-215a-11e4-bca8-00158307c667}" => key removed successfully

HKCR\CLSID\{d41b56b3-215a-11e4-bca8-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4e098dd-3437-11e4-9a51-00248cd00264}" => key removed successfully

HKCR\CLSID\{d4e098dd-3437-11e4-9a51-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7b51dac-3063-11e4-aa66-00158307c667}" => key removed successfully

HKCR\CLSID\{d7b51dac-3063-11e4-aa66-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7b51db1-3063-11e4-aa66-00158307c667}" => key removed successfully

HKCR\CLSID\{d7b51db1-3063-11e4-aa66-00158307c667} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e22c68a0-ccb9-11e3-aa2e-00248cd00264}" => key removed successfully

HKCR\CLSID\{e22c68a0-ccb9-11e3-aa2e-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e22c68a6-ccb9-11e3-aa2e-00248cd00264}" => key removed successfully

HKCR\CLSID\{e22c68a6-ccb9-11e3-aa2e-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e395ff1c-696e-11e3-af29-00248cd00264}" => key removed successfully

HKCR\CLSID\{e395ff1c-696e-11e3-af29-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8af15e2-e6af-11e3-851a-00248cd00264}" => key removed successfully

HKCR\CLSID\{f8af15e2-e6af-11e3-851a-00248cd00264} => key not found.

"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8af15f3-e6af-11e3-851a-00248cd00264}" => key removed successfully

HKCR\CLSID\{f8af15f3-e6af-11e3-851a-00248cd00264} => key not found.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

hwdatacard => Service removed successfully

C:\Users\Todos os Usuários\F-Secure => moved successfully.

"C:\ProgramData\F-Secure" => File/Folder not found.

C:\Program Files\McAfee Security Scan => moved successfully.

C:\Users\Ivan\AppData\Local\Temp\avgnt.exe => moved successfully.

C:\Users\Ivan\AppData\Local\Temp\Quarantine.exe => moved successfully.

C:\Users\Ivan\AppData\Local\Temp\sqlite3.dll => moved successfully.

"C:\Users\Bruno\AppData\Local\Temp\avgnt.exe" => File/Folder not found.

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.

Could not restore Hosts.


========= bitsadmin /reset /allusers =========



BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.


BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.


Unable to cancel {F6F04CC3-8CF9-4FFF-81AA-937DB38516D5}.

0 out of 1 jobs canceled.


========= End of CMD: =========



========= ipconfig /flushdns =========



Configura��o de IP do Windows


Libera��o do Cache do DNS Resolver bem-sucedida.


========= End of CMD: =========


EmptyTemp: => 2.8 GB temporary data Removed.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite RUY, vamos fazer um check em certos serviços, atualizações e programas de segurança.

  • Baixe: <Security_Check%20_Icon_zpsvc6hl4xv.jpg> (...by glax24)
  • Salve-a na Desktop (Área de trabalho)
  • Para Windows 7, 8 e 8.1clique direito em SecurityCheck e execute-o como run_as_adm1_zps9c608e64.png
  • Ao término clique em "OK".
  • Copie e poste o relatório! ( C:\SecurityCheck\*.log )

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa noite Cedurodrigues, segue o log do Security Check

SecurityCheck by glax24 v.1.4.0.23 [04.07.15]
WebSite: www.safezone.cc
DateLog: 19.07.2015 20:50:04
Path starting: C:\Users\Ivan\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Ivan
VersionXML: 1.51s
___________________________________________________________________________
Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: Portuguese(0416)
Installation date OS: 12.11.2013 12:06:31
LicenseStatus: Windows® 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.7 Gb] Used: [122.4 Gb] Free: [343.3 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.17914 [+]
User Account Control enabled
Automatic download and scheduled installation
Date install updates: 2015-07-19 02:00:27
Windows Update (wuauserv) - The service is running
Central de Segurança (wscsvc) - The service is running
---------------------------- [ Antivirus_WMI ] ----------------------------
Avira Antivirus (enabled and up to date)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Avira Antivirus (enabled and up to date)
Windows Defender (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avira Antivirus v.15.0.11.579
Avira v.1.1.40.29239
--------------------------- [ OtherUtilities ] ----------------------------
CCleaner v.3.28
Microsoft Silverlight v.5.1.40416.0
Skype™ 7.1 v.7.1.105 Warning! Download Update
-------------------------------- [ Java ] ---------------------------------
Java SE Development Kit 8 Update 11 (64-bit) v.8.0.110 Warning! Download Update
Java 8 Update 51 v.8.0.510 [+]
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.3.8.0.870 Warning! Download Update
Adobe Flash Player 18 ActiveX v.18.0.0.209 [+]
Adobe Flash Player 18 NPAPI v.18.0.0.209 [+]
Adobe Shockwave Player 12.0 v.12.0.3.133 Warning! Download Update
Adobe Reader XI (11.0.12) v.11.0.12 [+]
------------------------------- [ Browser ] -------------------------------
Google Chrome v.43.0.2357.134 [+]
Mozilla Firefox 39.0 (x86 pt-BR) v.39.0 [+]
---------------------------- [ UnwantedApps ] -----------------------------
Google Toolbar for Internet Explorer v.1.0.0 << Hidden Внимание! Панель для браузера. Может замедлять работу браузера и иметь проблемы с нарушением конфиденциальности.
----------------------------- [ End of Log ] ------------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite RUY, siga os passos abaixo para encerrar o tópico. Agora vamos remover as ferramentas utilizadas na desinfecção.

  • Baixe: <Delfix_Icon_zps70636ef3.jpg> (...par Xplode)
  • Salve-a na sua área de trabalho.
  • Dê dois cliques no delfix.exe para executá-lo.
  • Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo delfix.exe,depois clique em: run_as_adm1_zps9c608e64.png
Delfix_Icon01_zpsfffb6571.jpg
  • Marque as caixinhas, de acordo com a imagem.
  • Clique no botão Executar.
  • Reinicie o computador!
  • Tudo OK ?

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.