Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Startpage browser hijacking

This is a discussion on Startpage browser hijacking within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. My browsers were hijacked by this "Startpage". Follows DDS log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.10240.16603 BrowserJavaVersion: 11.73.2 Run


Closed Thread
 
Thread Tools Search this Thread
Old 03-10-2016, 08:03 PM   #1
Registered Member
 
Join Date: Jul 2005
Posts: 56
OS: Win XP SP2



My browsers were hijacked by this "Startpage". Follows DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16603 BrowserJavaVersion: 11.73.2
Run by Eduardo at 0:55:07 on 2016-03-11
Microsoft Windows 10 Home Single Language 10.0.10240.0.1252.55.1046.18.8122.4357 [GMT -3:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Antivírus e antispyware da McAfee *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Antivírus e antispyware da McAfee *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
C:\WINDOWS\system32\Hpservice.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
C:\Program Files\Apoint2K\HidMonitorSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\QNAP\QVR\QVRService.exe
C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Windows\system32\mfevtps.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\WINDOWS\system32\WLANExt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\SimplePass\opbhobroker.exe
C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Legendas-3.5\srvlegendas.exe
C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\WINDOWS\SysWOW64\DllHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\mcafee\VirusScan\mcods.exe
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
uRun: [Lync] "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey
uRun: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [OneDrive] "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [GoogleChromeAutoLaunch_5067CAB4F02DB410F3160A138613072A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
uRunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
uRunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
uRunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
uRunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
uRunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
mRun: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
mRun: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Eduardo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Capturar esta página - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Capturar imagem - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Capturar seleção - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Capturar URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Formulários de preenchimento do McAfee SafeKey - C:\Users\Eduardo\AppData\LocalLow\safekey\context.html?cmd=fillforms
IE: Nova nota - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: safekey - C:\Users\Eduardo\AppData\LocalLow\safekey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - C:\Users\Eduardo\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Trusted Zone: itau.b.br
Trusted Zone: itau.com.br
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6a174654-e142-4cf2-b6ff-ad0e2244c17e} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{a358134c-9f9f-48c4-93e6-67e501e80c14} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{a358134c-9f9f-48c4-93e6-67e501e80c14}\05F657371646160214C64756E686165737 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{a358134c-9f9f-48c4-93e6-67e501e80c14}\84162756E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{a358134c-9f9f-48c4-93e6-67e501e80c14}\8444E45445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{a358134c-9f9f-48c4-93e6-67e501e80c14}\94E44554C424251435 : DHCPNameServer = 201.17.0.95 201.17.0.65
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\msosb.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -
x64-TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [Diebold - Warsaw] C:\Program Files\Diebold\Warsaw\core.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-11-8 1455552]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2014-10-1 846080]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2014-10-1 245096]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-23 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2015-4-14 91912]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-12-12 8192]
R1 legendasdrv;legendasdrv;C:\WINDOWS\System32\drivers\legendasdrv.sys [2016-1-16 59120]
R2 ApHidMonitorService;Alps HID Monitor Service;C:\Program Files\Apoint2K\HidMonitorSvc.exe [2015-8-7 104824]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-1-8 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-1-8 1773696]
R2 ClickToRunSvc;Serviço Clique para Executar do Microsoft Office;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-12-20 2809072]
R2 COMLegService;COM+ Leg Service;C:\Program Files (x86)\Legendas-3.5\srvlegendas.exe [2016-1-16 1863408]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Serviço de Rastreamento de Diagnóstico;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE;C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2015-11-23 414360]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-27 227904]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2015-1-30 546104]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-12-20 453520]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2015-6-29 54448]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 25800]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [2015-9-3 606224]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-6-23 18856]
R2 ibtsiva;Intel Bluetooth Service;C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [2015-7-31 150256]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-7-18 350312]
R2 ISCTAgent;Intel(R) Smart Connect Technology Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2013-12-4 200168]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-7-6 223008]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2016-3-7 163592]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\MSC\McAPExe.exe [2014-12-20 863448]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-12-20 453520]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\mcafee\CSP\1.8.267.0\McCSPServiceHost.exe [2016-2-23 1696712]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-12-20 453520]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-12-20 453520]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-12-20 453520]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-12-20 453520]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe [2015-1-24 380896]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2014-12-20 275368]
R2 PEFService;Intel Security PEF Service;C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [2016-2-21 902112]
R2 QVRService;QVRService;C:\Program Files (x86)\QNAP\QVR\QVRService.exe [2015-12-27 73728]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-6-24 294616]
R2 storqosflt;Driver do Filtro QoS de Armazenamento;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Servidor de modelo de Dados de Bloco;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;Gerenciador de Usuários;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 Warsaw Technology;Warsaw Technology;C:\Program Files\Diebold\Warsaw\core.exe [2015-9-22 858424]
R2 WdNisDrv;Driver do Sistema de Inspeção de Rede do Windows Defender;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2015-7-9 3831712]
R3 BthLEEnum;Driver de Baixa Energia do Bluetooth;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-7-10 237568]
R3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2014-10-1 79248]
R3 ClipSVC;Serviço de Licenças de Cliente (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\WINDOWS\System32\drivers\clwvd.sys [2015-4-28 41704]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2015-7-31 259312]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\WINDOWS\System32\drivers\ikbevent.sys [2013-8-13 21408]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\WINDOWS\System32\drivers\imsevent.sys [2013-8-13 21920]
R3 INETMON;INETMON;C:\WINDOWS\System32\drivers\INETMON.sys [2014-9-30 29088]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\WINDOWS\System32\drivers\ISCTD64.sys [2013-8-13 46568]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2014-3-25 27032]
R3 lfsvc;Serviço de Geolocalização;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 LicenseManager;Serviço de Gerenciador de Licença do Windows;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2014-12-19 419624]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2014-10-1 351144]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2014-12-20 234192]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2014-10-1 496368]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\WINDOWS\System32\drivers\mfencbdc.sys [2015-11-20 539496]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2016-3-7 36968]
R3 NcbService;Agente de Conexão de Rede;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Enumerador de Adaptador de Rede Virtual Microsoft;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 NETwNb64;___ Driver do adaptador Intel(R) Wireless para Windows 8.1 64 bits;C:\WINDOWS\System32\drivers\Netwbw02.sys [2015-4-16 4043544]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-12 886528]
R3 semav6msr64;semav6msr64;C:\WINDOWS\System32\drivers\semav6msr64.sys [2015-11-23 21984]
R3 StateRepository;Serviço de Repositório de Estado;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2015-6-23 30384]
R4 WinDivert1.1;WinDivert1.1;C:\Program Files\Diebold\Warsaw\WinDivert64.sys [2015-9-22 38104]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2014-10-1 83096]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Otimização de Entrega;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Gerenciador de Mapas Baixados;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S2 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE;C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [2015-9-14 112792]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;Serviço de Roteador AllJoyn;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;Preparação de Aplicativos;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;Serviço de Implantação AppX (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Serviço Mãos Livres Bluetooth;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Serviço para dispositivos de Controle de Dispositivo Portátil;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-1 36352]
S3 CapImg;Driver HID para tela touch CapImg;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;Agente de Descoberta em Segundo Plano de DevQuery;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R);C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Serviço de Registro de Gerenciamento de Dispositivos;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Serviço de Compartilhamento de Dados;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 genericusbfn;Classe de Função USB Genérica;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Driver Comum para Botões HID implementado com interrupções;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\drivers\HipShieldK.sys [2015-6-19 207208]
S3 iaLPSSi_GPIO;Driver de Controlador Intel(R) Serial IO GPIO;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Controlador SATA RAID Intel(R) para Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Serviço de Hotspot Móvel do Windows;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Serviço Coletor ETW do Internet Explorer;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-3-1 38296]
S3 IntcDAud;Áudio Intel(R) para telas;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-11-4 473864]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 intelpep;Driver Intel(R) Power Engine Plug-in;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mfencrk;McAfee Inc. mfencrk;C:\WINDOWS\System32\drivers\mfencrk.sys [2015-11-20 109480]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2015-7-9 268192]
S3 ndfltr;Serviço NetworkDirect;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Serviço de Configuração de Rede;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Contêiner do Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-12-13 178760]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-23 934752]
S3 RetailDemo;Serviço de Demonstração de Revenda;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUStor.sys [2014-9-30 271064]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUVStor.sys [2014-9-30 331992]
S3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2015-1-3 871640]
S3 RTSPER;Realtek PCIE Card Reader - PER;C:\WINDOWS\System32\drivers\RtsPer.sys [2014-9-30 466136]
S3 ScDeviceEnum;Serviço de Enumeração de Dispositivo de Cartão Inteligente;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Serviço de Dados de Sensor;C:\WINDOWS\System32\SensorDataService.exe [2015-8-23 1031680]
S3 SensorService;Serviço de Sensor;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;SMP de Espaços de Armazenamento da Microsoft;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Serviço de Roteador SMS do Microsoft Windows;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Driver Microsoft Padrão NVM Express;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-23 80720]
S3 storufs;Driver UFS (Universal Flash Storage) Microsoft;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;Cliente de UCSI do Gerenciador do conector USB;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-23 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Driver UEFI da Microsoft;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;Controlador USB Chipidea;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;Controlador USB Synopsys;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Driver Chipidea USB Role-Switch;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Driver Synopsys USB Role-Switch;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 USER_ESRV_SVC_WILLAMETTE;User Energy Server Service WILLAMETTE;C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2015-11-23 414360]
S3 UsoSvc;Atualizar Serviço Orchestrator;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Driver de VHF (Estrutura HID Virtual);C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Interface de Serviço de Convidado do Hyper-V;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Serviço de Sessão VM do Hyper-V;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 w3logsvc;Serviço de Log W3C;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-23 685568]
S3 WdNisSvc;Serviço de Inspeção de Rede do Windows Defender;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Serviço de Host do Provedor de Criptografia do Windows;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;Serviço WinMad;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;Serviço WinVerbs;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Pastas de Trabalho;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Serviço de Notificação por Push do Windows;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-10 214016]
S3 XblAuthManager;Gerenciador de Autenticação Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Salvar Jogos no Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Serviço de Rede Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-03-11 03:50:17 16148 ----a-w- C:\WINDOWS\System32\EDU14-V065BR_Eduardo_HistoryPrediction.bin
2016-03-11 02:36:02 -------- d-----w- C:\Program Files (x86)\AdwCleaner
2016-03-10 23:28:58 -------- d--h--w- C:\OneDriveTemp
2016-02-21 21:10:34 -------- d-----w- C:\Users\Eduardo\AppData\Roaming\VioDecoder
2016-02-21 21:10:26 -------- d-----w- C:\Users\Eduardo\AppData\Roaming\VioSources
2016-02-21 20:08:15 -------- d-----w- C:\Program Files (x86)\WinSCP
2016-02-21 18:55:57 -------- d-----w- C:\ProgramData\Intel Security
2016-02-21 18:53:11 -------- d-----w- C:\Program Files\Common Files\Intel Security
.
==================== Find3M ====================
.
2016-03-11 03:13:53 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-08 07:10:49 829944 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-03-08 07:10:49 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-02-23 22:47:44 97888 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2016-02-23 14:53:02 1314496 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-02-23 14:52:33 858408 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-02-23 14:51:55 633184 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2016-02-23 14:51:12 146784 ----a-w- C:\WINDOWS\System32\wermgr.exe
2016-02-23 14:50:06 630160 ----a-w- C:\WINDOWS\System32\wer.dll
2016-02-23 14:48:14 1294352 ----a-w- C:\WINDOWS\System32\winload.efi
2016-02-23 14:48:14 1123952 ----a-w- C:\WINDOWS\System32\winload.exe
2016-02-23 14:48:04 8022368 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-02-23 14:41:49 299600 ----a-w- C:\WINDOWS\System32\WMASF.DLL
2016-02-23 14:41:30 1150816 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-02-23 14:41:26 78040 ----a-w- C:\WINDOWS\System32\wkscli.dll
2016-02-23 14:40:19 110584 ----a-w- C:\WINDOWS\System32\srvcli.dll
2016-02-23 14:38:33 272752 ----a-w- C:\WINDOWS\System32\sqmapi.dll
2016-02-23 14:11:35 658784 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-02-23 14:11:33 103776 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-02-23 14:11:28 781984 ----a-w- C:\WINDOWS\System32\mfds.dll
2016-02-23 13:39:08 607416 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-02-23 13:30:25 1643872 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2016-02-23 13:25:34 1085632 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-02-23 13:23:13 952968 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-02-23 13:21:24 141152 ----a-w- C:\WINDOWS\SysWow64\wermgr.exe
2016-02-23 13:21:12 529456 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2016-02-23 13:11:43 249976 ----a-w- C:\WINDOWS\SysWow64\WMASF.DLL
2016-02-23 13:11:32 55808 ----a-w- C:\WINDOWS\SysWow64\wkscli.dll
2016-02-23 13:11:22 73360 ----a-w- C:\WINDOWS\SysWow64\srvcli.dll
2016-02-23 13:09:21 229352 ----a-w- C:\WINDOWS\SysWow64\sqmapi.dll
2016-02-23 12:58:43 150528 ----a-w- C:\WINDOWS\System32\MusNotification.exe
2016-02-23 12:50:52 75264 ----a-w- C:\WINDOWS\System32\NetCfgNotifyObjectHost.exe
2016-02-23 12:50:33 395264 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
2016-02-23 12:42:29 78176 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-02-23 12:42:23 467296 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-02-23 12:42:22 658536 ----a-w- C:\WINDOWS\SysWow64\mfds.dll
2016-02-23 12:35:42 365568 ----a-w- C:\WINDOWS\System32\atmfd.dll
2016-02-23 12:20:19 138240 ----a-w- C:\WINDOWS\System32\drivers\dfsc.sys
2016-02-23 12:17:15 333312 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2016-02-23 12:15:18 539728 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-02-23 11:59:59 319488 ----a-w- C:\WINDOWS\System32\NetworkBindingEngineMigPlugin.dll
2016-02-23 11:59:39 104960 ----a-w- C:\WINDOWS\System32\drivers\rasl2tp.sys
2016-02-23 11:57:12 189952 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2016-02-23 11:45:30 6788608 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2016-02-23 11:42:58 91648 ----a-w- C:\WINDOWS\System32\asycfilt.dll
2016-02-23 11:42:15 771072 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2016-02-23 11:38:59 2663424 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-02-23 11:37:26 57344 ----a-w- C:\WINDOWS\SysWow64\NetCfgNotifyObjectHost.exe
2016-02-23 11:36:53 281600 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2016-02-23 11:25:46 303104 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2016-02-23 11:18:10 31232 ----a-w- C:\WINDOWS\System32\seclogon.dll
2016-02-23 11:17:37 133120 ----a-w- C:\WINDOWS\System32\browser.dll
2016-02-23 11:17:35 58368 ----a-w- C:\WINDOWS\System32\browcli.dll
2016-02-23 11:14:19 841728 ----a-w- C:\WINDOWS\System32\win32spl.dll
2016-02-23 11:08:34 81920 ----a-w- C:\WINDOWS\System32\AppxSysprep.dll
2016-02-23 11:04:29 225792 ----a-w- C:\WINDOWS\System32\wsqmcons.exe
2016-02-23 11:03:40 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2016-02-23 11:03:16 450560 ----a-w- C:\WINDOWS\System32\werui.dll
2016-02-23 11:02:08 3587584 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-02-23 10:51:35 915456 ----a-w- C:\WINDOWS\System32\configurationclient.dll
2016-02-23 10:51:16 678912 ----a-w- C:\WINDOWS\System32\scapi.dll
2016-02-23 10:48:55 5157376 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2016-02-23 10:48:13 21859840 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-02-23 10:46:15 400384 ----a-w- C:\WINDOWS\System32\sharemediacpl.dll
2016-02-23 10:45:40 88576 ----a-w- C:\WINDOWS\SysWow64\olepro32.dll
2016-02-23 10:45:35 78848 ----a-w- C:\WINDOWS\SysWow64\asycfilt.dll
2016-02-23 10:45:01 574464 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2016-02-23 10:45:01 1844736 ----a-w- C:\WINDOWS\System32\WMPDMC.exe
2016-02-23 10:44:25 1821696 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
2016-02-23 10:38:27 7524864 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-02-23 10:29:30 43520 ----a-w- C:\WINDOWS\SysWow64\browcli.dll
2016-02-23 10:17:52 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2016-02-23 10:17:48 393728 ----a-w- C:\WINDOWS\SysWow64\werui.dll
2016-02-23 10:03:40 1495040 ----a-w- C:\WINDOWS\SysWow64\WMPDMC.exe
2016-02-23 10:00:49 5457408 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-02-23 09:58:49 18800640 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-01-31 06:25:57 1248896 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2016-01-31 06:25:52 1951872 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2016-01-31 06:24:08 1824880 ----a-w- C:\WINDOWS\System32\ntdll.dll
2016-01-31 06:23:57 2601160 ----a-w- C:\WINDOWS\System32\combase.dll
2016-01-31 06:23:50 1420392 ----a-w- C:\WINDOWS\System32\msctf.dll
2016-01-31 0645 809336 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2016-01-31 0637 1535032 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2016-01-31 0637 1531368 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2016-01-31 06:04:30 1180696 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2016-01-31 06:04:27 1811360 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2016-01-31 05:34:34 88064 ----a-w- C:\WINDOWS\System32\ngckeyenum.dll
2016-01-31 05:33:38 57856 ----a-w- C:\WINDOWS\System32\IoTAssignedAccessLockFramework.dll
2016-01-31 05:29:56 141312 ----a-w- C:\WINDOWS\System32\rasman.dll
2016-01-31 05:29:36 11557888 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-01-31 05:26:49 3793408 ----a-w- C:\WINDOWS\System32\rdpcorets.dll
2016-01-31 05:25:35 143872 ----a-w- C:\WINDOWS\System32\drivers\mrxdav.sys
2016-01-31 05:25:13 366592 ----a-w- C:\WINDOWS\System32\wuuhext.dll
2016-01-31 05:23:37 79360 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2016-01-31 05:20:04 2849792 ----a-w- C:\WINDOWS\System32\wininet.dll
2016-01-31 05:19:51 237056 ----a-w- C:\WINDOWS\System32\NetworkDesktopSettings.dll
2016-01-31 05:19:47 46592 ----a-w- C:\WINDOWS\SysWow64\IoTAssignedAccessLockFramework.dll
2016-01-31 05:18:35 147456 ----a-w- C:\WINDOWS\System32\mtxoci.dll
2016-01-31 05:17:47 109056 ----a-w- C:\WINDOWS\System32\hlink.dll
2016-01-31 05:16:37 950272 ----a-w- C:\WINDOWS\System32\kerberos.dll
.
============= FINISH: 0:55:59,34 ===============
Attached Files
File Type: zip attach.zip (2.2 KB, 24 views)
ehgpdantas is offline  
Sponsored Links
Advertisement
 
Old 03-11-2016, 08:44 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-11-2016, 05:58 PM   #3
Registered Member
 
Join Date: Jul 2005
Posts: 56
OS: Win XP SP2



Hi,

Thanks for your help. I am posting below the result of AdwCleaner. Note that this time it states nothing was detected. However, even before opening this thread, I ran the program and it found some issues, which I cleaned. Despite this, the malware was never removed and is still impacting both Chrome and IE. In this way, I am posting below the most recent log of AdwCleaner (AdwCleaner[C3]) and, as an attachment, the very first log with all the issues it detected (AdwCleaner[S1] and AdwCleaner[C1]). Maybe this may help in anything.

# AdwCleaner v5.101 - Relatório criado 11/03/2016 às 22:36:02
# Atualizado 07/03/2016 por Xplode
# Banco de dados : 2016-03-08.1 [Servidor]
# Sistema operacional : Windows 10 Home Single Language (x64)
# Usuário : Eduardo - EDU14-V065BR
# Executando de : C:\Users\Eduardo\Desktop\AdwCleaner.exe
# Opção : Limpar
# Apoio : ToolsLib - Forum: Ask for help or share your experience.

***** [ Serviços ] *****


***** [ Pastas ] *****


***** [ Arquivos ] *****


***** [ DLLs ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****


*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3237 bytes] - [10/03/2016 23:38:20]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [1795 bytes] - [11/03/2016 00:10:00]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C3].txt - [928 bytes] - [11/03/2016 22:36:02]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2968 bytes] - [10/03/2016 23:36:13]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [1586 bytes] - [10/03/2016 23:53:46]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S3].txt - [1205 bytes] - [11/03/2016 00:21:23]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S4].txt - [1298 bytes] - [11/03/2016 00:23:23]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S5].txt - [1391 bytes] - [11/03/2016 00:26:00]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S6].txt - [1484 bytes] - [11/03/2016 22:34:25]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C3].txt - [1578 bytes] ##########

And now, follows FRST.txt:

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:05-03-2016 01
Executado por Eduardo (administrador) em EDU14-V065BR (11-03-2016 22:44:18)
Executando a partir de C:\Users\Eduardo\Desktop
Perfis Carregados: Eduardo (Perfis Disponíveis: Eduardo & Raquel)
Platform: Windows 10 Home Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\QNAP\QVR\QVRService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
() C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files (x86)\Legendas-3.5\srvlegendas.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16719_none_11647d1561f368c0\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.267.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46271.0_x64__8wekyb3d8bbwe\HxTsr.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [735544 2015-08-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-10-12] (Realtek Semiconductor)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-19] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [27808464 2016-02-22] (Microsoft Corporation)
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\Run: [GoogleChromeAutoLaunch_5067CAB4F02DB410F3160A138613072A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-07] (Google Inc.)
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2014-12-21]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-09-30]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-21]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Raquel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-21]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6a174654-e142-4cf2-b6ff-ad0e2244c17e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a358134c-9f9f-48c4-93e6-67e501e80c14}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/3
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/3
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/3
HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://startpage-home.com/?s=hp&m=start
SearchScopes: HKU\S-1-5-21-2611516873-3226132433-3412871208-1001 -> DefaultScope {25DA4A4F-B661-4251-B323-78898A349AEE} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2611516873-3226132433-3412871208-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2611516873-3226132433-3412871208-1001 -> {25DA4A4F-B661-4251-B323-78898A349AEE} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2611516873-3226132433-3412871208-1001 -> {7728463F-754E-4A8F-83F4-F82C77CC5A2F} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=B011BR0D20141220&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2611516873-3226132433-3412871208-1001 -> {83CB9E33-3B82-4A88-8769-DB2027E76D5F} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-22] (Microsoft Corporation)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-12-21] (McAfee)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => Nenhum Arquivo
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-02-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-12-21] (McAfee)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2014-12-21] (McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2014-12-21] (McAfee)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-12-20] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-02-10] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-02-10] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-02-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-20] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [Nenhum Arquivo]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-02-10] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-12-20] (Microsoft Corporation)
FF Plugin-x32: @qnap.com/QVR -> C:\Program Files (x86)\QNAP\QVR\npQVRHost.dll [2015-12-27] ( QNAP System, Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2611516873-3226132433-3412871208-1001: gastecnologia.com.br/sf/uni -> C:\Users\Eduardo\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-08-10] [não assinado]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-23] [não assinado]

Chrome:
=======
CHR HomePage: Default -> hxxps://startpage-home.com/?s=hp&m=home
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://secure.startpage-home.com/?src=omnibox&partner=hp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> startpage-home.com
CHR DefaultSuggestURL: Default -> hxxps://secure-suggest.startpage-home.com/suggest?format=json&locale=pt-BR&q={searchTerms}
CHR Profile: C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-21]
CHR Extension: (Google Docs) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Google Drive) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Planilhas do Google) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-21]
CHR Extension: (SiteAdvisor) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-20]
CHR Extension: (HP SimplePass) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2015-08-15]
CHR Extension: (Documentos Google off-line) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2015-03-08]
CHR Extension: (Skype) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-24]
CHR Extension: (McAfee SECURE Safe Browsing) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn [2016-01-16]
CHR Extension: (TZWebChartWindow) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmdhbmdklokcmpmcegmbfehjencmbeab [2016-01-06]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09]
CHR Extension: (Gmail) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-07]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-07]
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [104824 2015-08-07] (Alps Electric Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 COMLegService; C:\Program Files (x86)\Legendas-3.5\srvlegendas.exe [1863408 2016-01-12] ()
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-09-14] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-07-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-11-04] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-02-10] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-07-09] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [Arquivo não assinado]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 QVRService; C:\Program Files (x86)\QNAP\QVR\QVRService.exe [73728 2015-12-27] () [Arquivo não assinado]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-10-12] (Realtek Semiconductor)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-09-14] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-09-14] ()
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-19] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-07-09] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [259312 2015-07-31] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R1 legendasdrv; C:\Windows\System32\drivers\legendasdrv.sys [59120 2015-12-04] (Windows (R) Win 7 DDK provider)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [4043544 2015-07-16] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-10-12] (Realtek )
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-11 22:44 - 2016-03-11 22:44 - 00035044 _____ C:\Users\Eduardo\Desktop\FRST.txt
2016-03-11 22:44 - 2016-03-11 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-03-11 22:41 - 2016-03-11 22:44 - 00000000 ____D C:\FRST
2016-03-11 22:39 - 2016-03-11 22:39 - 00016148 _____ C:\WINDOWS\system32\EDU14-V065BR_Eduardo_HistoryPrediction.bin
2016-03-11 22:30 - 2016-03-11 22:31 - 00000000 ____D C:\Users\Eduardo\Desktop\Segurança
2016-03-11 22:29 - 2016-03-11 22:41 - 02374144 _____ (Farbar) C:\Users\Eduardo\Desktop\FRST64.exe
2016-03-11 22:29 - 2016-03-11 22:29 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-03-11 22:26 - 2016-03-11 22:26 - 00000000 ___HD C:\OneDriveTemp
2016-03-10 23:36 - 2016-03-11 22:36 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-10 23:35 - 2016-03-10 23:35 - 01524224 _____ C:\Users\Eduardo\Desktop\AdwCleaner.exe
2016-03-10 20:58 - 2016-02-23 11:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-10 20:58 - 2016-02-23 11:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-10 20:58 - 2016-02-23 11:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-03-10 20:58 - 2016-02-23 11:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-10 20:58 - 2016-02-23 11:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-10 20:58 - 2016-02-23 11:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-10 20:58 - 2016-02-23 11:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-10 20:58 - 2016-02-23 11:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-10 20:58 - 2016-02-23 11:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-10 20:58 - 2016-02-23 11:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-10 20:58 - 2016-02-23 11:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-03-10 20:58 - 2016-02-23 11:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-03-10 20:58 - 2016-02-23 11:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-10 20:58 - 2016-02-23 11:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-03-10 20:58 - 2016-02-23 11:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-10 20:58 - 2016-02-23 11:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-10 20:58 - 2016-02-23 11:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-10 20:58 - 2016-02-23 11:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-10 20:58 - 2016-02-23 11:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-10 20:58 - 2016-02-23 10:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-10 20:58 - 2016-02-23 10:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-10 20:58 - 2016-02-23 10:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-10 20:58 - 2016-02-23 10:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-10 20:58 - 2016-02-23 10:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-10 20:58 - 2016-02-23 10:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-10 20:58 - 2016-02-23 10:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-10 20:58 - 2016-02-23 10:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-03-10 20:58 - 2016-02-23 10:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-03-10 20:58 - 2016-02-23 10:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-10 20:58 - 2016-02-23 10:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-03-10 20:58 - 2016-02-23 09:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-10 20:58 - 2016-02-23 09:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-10 20:58 - 2016-02-23 09:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-03-10 20:58 - 2016-02-23 09:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-10 20:58 - 2016-02-23 09:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-10 20:58 - 2016-02-23 09:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-10 20:58 - 2016-02-23 09:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-10 20:58 - 2016-02-23 09:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-10 20:58 - 2016-02-23 09:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-10 20:58 - 2016-02-23 09:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-03-10 20:58 - 2016-02-23 09:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-10 20:58 - 2016-02-23 09:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-10 20:58 - 2016-02-23 09:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-10 20:58 - 2016-02-23 09:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-10 20:58 - 2016-02-23 08:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-03-10 20:58 - 2016-02-23 08:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-10 20:58 - 2016-02-23 08:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-10 20:58 - 2016-02-23 08:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-10 20:58 - 2016-02-23 08:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-10 20:58 - 2016-02-23 08:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-10 20:58 - 2016-02-23 08:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-10 20:58 - 2016-02-23 08:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-10 20:58 - 2016-02-23 08:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-10 20:58 - 2016-02-23 08:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-10 20:58 - 2016-02-23 08:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-10 20:58 - 2016-02-23 08:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-10 20:58 - 2016-02-23 08:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-10 20:58 - 2016-02-23 08:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-03-10 20:58 - 2016-02-23 08:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-03-10 20:58 - 2016-02-23 08:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-10 20:58 - 2016-02-23 08:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-10 20:58 - 2016-02-23 08:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-10 20:58 - 2016-02-23 08:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-10 20:58 - 2016-02-23 08:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-10 20:58 - 2016-02-23 08:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-10 20:58 - 2016-02-23 07:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-10 20:58 - 2016-02-23 07:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-10 20:58 - 2016-02-23 07:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-10 20:58 - 2016-02-23 07:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-10 20:58 - 2016-02-23 07:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-10 20:58 - 2016-02-23 07:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-10 20:58 - 2016-02-23 07:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-10 20:58 - 2016-02-23 07:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-10 20:58 - 2016-02-23 07:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-03-10 20:58 - 2016-02-23 07:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-10 20:58 - 2016-02-23 07:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-10 20:58 - 2016-02-23 07:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-10 20:58 - 2016-02-23 07:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-10 20:58 - 2016-02-23 07:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-03-10 20:58 - 2016-02-23 07:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-10 20:58 - 2016-02-23 07:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-10 20:58 - 2016-02-23 07:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-10 20:58 - 2016-02-23 07:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-10 20:58 - 2016-02-23 07:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-10 20:58 - 2016-02-23 07:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-10 20:58 - 2016-02-23 06:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-27 15:59 - 2016-02-27 15:59 - 00015247 _____ C:\Users\Eduardo\Downloads\2FF489C4E35AF05E11243836E75DC16A941270D7.torrent
2016-02-21 18:15 - 2016-02-21 18:15 - 00000032 _____ C:\Users\Eduardo\Desktop\americanas desconto 10.txt
2016-02-21 18:10 - 2016-02-21 18:10 - 00000000 ____D C:\Users\Eduardo\Documents\QNAP
2016-02-21 18:10 - 2016-02-21 18:10 - 00000000 ____D C:\Users\Eduardo\AppData\Roaming\VioSources
2016-02-21 18:10 - 2016-02-21 18:10 - 00000000 ____D C:\Users\Eduardo\AppData\Roaming\VioDecoder
2016-02-21 18:08 - 2016-02-21 18:08 - 00002011 _____ C:\Users\Eduardo\Desktop\QVR.exe.lnk
2016-02-21 18:08 - 2016-02-21 18:08 - 00000600 _____ C:\Users\Eduardo\AppData\Roaming\winscp.rnd
2016-02-21 18:08 - 2016-02-21 18:08 - 00000000 ____D C:\Users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QNAP
2016-02-21 17:08 - 2016-02-21 17:08 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2016-02-21 17:08 - 2016-02-21 17:08 - 00001059 _____ C:\Users\Public\Desktop\WinSCP.lnk
2016-02-21 17:08 - 2016-02-21 17:08 - 00000000 ____D C:\Program Files (x86)\WinSCP
2016-02-21 17:07 - 2016-02-21 17:07 - 05904448 _____ (Martin Prikryl ) C:\Users\Eduardo\Downloads\winscp576setup.exe
2016-02-21 16:50 - 2016-02-21 17:57 - 00000000 ____D C:\Users\Eduardo\AppData\Roaming\FileZilla
2016-02-21 16:50 - 2016-02-21 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-02-21 16:50 - 2016-02-21 16:50 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-02-21 16:49 - 2016-02-21 16:49 - 06567264 _____ (Tim Kosse) C:\Users\Eduardo\Downloads\FileZilla_3.15.0.2_win64-setup.exe
2016-02-21 15:55 - 2016-02-21 15:55 - 00000000 ____D C:\Users\Todos os Usuários\Intel Security
2016-02-21 15:55 - 2016-02-21 15:55 - 00000000 ____D C:\ProgramData\Intel Security
2016-02-21 15:53 - 2016-02-21 15:53 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-02-21 15:52 - 2016-03-11 08:23 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-02-21 00:08 - 2016-02-21 00:10 - 121291664 _____ (GoPro, Inc.) C:\Users\Eduardo\Downloads\GoProStudioPC-2.5.7.549.exe
2016-02-20 23:07 - 2016-02-20 23:07 - 00003040 _____ C:\WINDOWS\System32\Tasks\iSCSIAgentAutoStartup
2016-02-20 23:07 - 2016-02-20 23:07 - 00001191 _____ C:\Users\Public\Desktop\Qfinder Pro.lnk
2016-02-20 23:05 - 2016-02-20 23:06 - 33789160 _____ (Igor Pavlov) C:\Users\Eduardo\Downloads\QNAPQfinderProWindows-5.2.0.1209.exe
2016-02-16 22:58 - 2016-01-31 03:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-16 22:58 - 2016-01-31 03:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-16 22:58 - 2016-01-31 03:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-16 22:58 - 2016-01-31 03:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-16 22:58 - 2016-01-31 03:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-16 22:58 - 2016-01-31 03:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-16 22:58 - 2016-01-31 03:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-16 22:58 - 2016-01-31 03:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-16 22:58 - 2016-01-31 03:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-16 22:58 - 2016-01-31 03:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-16 22:58 - 2016-01-31 02:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-16 22:58 - 2016-01-31 02:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-16 22:58 - 2016-01-31 02:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-16 22:58 - 2016-01-31 02:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-16 22:58 - 2016-01-31 02:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-16 22:58 - 2016-01-31 02:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-16 22:58 - 2016-01-31 02:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-16 22:58 - 2016-01-31 02:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-16 22:58 - 2016-01-31 02:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-16 22:58 - 2016-01-31 02:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-16 22:58 - 2016-01-31 02:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-16 22:58 - 2016-01-31 02:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-16 22:58 - 2016-01-31 02:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-16 22:58 - 2016-01-31 02:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-16 22:58 - 2016-01-31 02:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-16 22:58 - 2016-01-31 02:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-16 22:58 - 2016-01-31 02:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-16 22:58 - 2016-01-31 02:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-16 22:58 - 2016-01-31 02:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-16 22:58 - 2016-01-31 02:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-16 22:58 - 2016-01-31 02:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-16 22:58 - 2016-01-31 02:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-16 22:58 - 2016-01-31 02:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-16 22:58 - 2016-01-31 02:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-16 22:58 - 2016-01-31 02:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-16 22:58 - 2016-01-31 02:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-16 22:58 - 2016-01-31 02:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-16 22:58 - 2016-01-31 02:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-16 22:58 - 2016-01-31 02:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-16 22:58 - 2016-01-31 02:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-16 22:58 - 2016-01-31 02:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-16 22:58 - 2016-01-31 01:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-11 22:43 - 2015-08-23 20:14 - 02005466 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-11 22:43 - 2015-07-10 13:55 - 00850956 _____ C:\WINDOWS\system32\prfh0416.dat
2016-03-11 22:43 - 2015-07-10 13:55 - 00182552 _____ C:\WINDOWS\system32\prfc0416.dat
2016-03-11 22:43 - 2015-07-10 08:02 - 00000000 ____D C:\WINDOWS\INF
2016-03-11 22:42 - 2015-07-10 08:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-11 22:40 - 2015-02-21 13:09 - 00001098 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-11 22:40 - 2014-12-20 08:33 - 00000000 __RDO C:\Users\Eduardo\OneDrive
2016-03-11 22:39 - 2015-08-23 20:10 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-11 22:39 - 2014-12-20 08:25 - 00000000 __SHD C:\Users\Eduardo\IntelGraphicsProfiles
2016-03-11 22:37 - 2015-07-10 09:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-11 22:36 - 2015-07-10 06:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-11 22:33 - 2014-12-20 08:27 - 00000000 ____D C:\Users\Eduardo\Documents\Youcam
2016-03-11 22:31 - 2016-01-16 14:13 - 00004182 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C6FAEC27-50C3-448F-AC14-9A830A9FF722}
2016-03-11 00:51 - 2015-02-21 13:09 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-11 00:33 - 2014-12-21 07:39 - 00000000 ____D C:\Users\Eduardo\AppData\Local\CrashDumps
2016-03-11 00:31 - 2015-07-10 08:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-11 00:05 - 2016-01-16 17:45 - 00000000 ____D C:\Users\Todos os Usuários\Legendas
2016-03-11 00:05 - 2016-01-16 17:45 - 00000000 ____D C:\ProgramData\Legendas
2016-03-10 23:54 - 2015-06-05 23:18 - 00000000 ____D C:\Users\Eduardo\Documents\Arquivos do Outlook
2016-03-10 23:51 - 2014-12-20 08:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-10 23:47 - 2015-07-10 09:20 - 00368584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 23:42 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 23:42 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 23:42 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 23:42 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 22:02 - 2015-04-10 20:44 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-10 21:38 - 2015-01-03 09:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 21:26 - 2015-07-10 07:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-10 21:26 - 2015-01-03 09:34 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-10 20:53 - 2015-02-21 13:11 - 00002277 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-10 20:53 - 2015-02-21 13:11 - 00002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-10 20:35 - 2015-06-19 23:56 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-03-10 20:29 - 2015-07-10 06:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-10 20:28 - 2015-08-23 22:52 - 00002429 _____ C:\Users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-08 04:10 - 2015-10-12 09:35 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 04:10 - 2015-10-12 09:35 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-07 14:02 - 2015-08-23 20:15 - 00000000 ____D C:\Users\Eduardo
2016-02-27 21:44 - 2015-07-10 08:04 - 00000000 ____D C:\WINDOWS\rescache
2016-02-27 20:37 - 2016-01-23 11:51 - 00000000 ____D C:\Users\Eduardo\AppData\Roaming\Skype
2016-02-23 21:31 - 2015-01-08 23:03 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2016-02-23 21:31 - 2015-01-08 23:03 - 00000000 ____D C:\ProgramData\Oracle
2016-02-23 20:09 - 2015-08-09 22:31 - 00003266 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForEduardo
2016-02-23 20:09 - 2015-08-09 22:31 - 00000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEduardo.job
2016-02-23 19:48 - 2015-08-30 11:13 - 00000000 ____D C:\Users\Eduardo\.oracle_jre_usage
2016-02-23 19:48 - 2015-01-24 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-23 19:48 - 2015-01-08 23:03 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-23 19:47 - 2015-01-24 12:29 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-23 19:25 - 2015-07-10 13:58 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-23 08:29 - 2015-07-10 08:04 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2016-02-23 08:29 - 2015-07-10 08:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-23 08:27 - 2014-12-20 13:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-22 20:28 - 2016-01-23 11:50 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-02-22 20:28 - 2016-01-23 11:50 - 00000000 ____D C:\ProgramData\Skype
2016-02-21 17:04 - 2016-01-18 20:24 - 00000600 _____ C:\Users\Eduardo\PUTTY.RND
2016-02-21 16:58 - 2015-02-21 18:32 - 00000000 ____D C:\Users\Eduardo\AppData\Local\Transmission Remote GUI
2016-02-21 15:58 - 2015-07-10 08:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-21 15:58 - 2014-09-30 18:13 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-02-20 23:07 - 2015-12-18 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
2016-02-20 23:07 - 2015-12-18 22:31 - 00000000 ____D C:\Program Files (x86)\QNAP
2016-02-15 21:46 - 2015-02-21 13:09 - 00004160 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-15 21:46 - 2015-02-21 13:09 - 00003928 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Arquivos na raiz de alguns diretórios =======

2014-12-20 17:43 - 2014-12-21 07:32 - 32371688 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-01-30 07:47 - 2015-03-08 13:11 - 0031425 _____ () C:\Users\Eduardo\AppData\Roaming\unins000.dat
2015-03-08 13:11 - 2015-03-08 13:11 - 0720082 _____ () C:\Users\Eduardo\AppData\Roaming\unins000.exe
2016-02-21 18:08 - 2016-02-21 18:08 - 0000600 _____ () C:\Users\Eduardo\AppData\Roaming\winscp.rnd
2016-01-19 00:21 - 2016-01-19 00:21 - 0000600 _____ () C:\Users\Eduardo\AppData\Local\PUTTY.RND

Alguns arquivos em TEMP:
====================
C:\Users\Eduardo\AppData\Local\Temp\COMAP.EXE
C:\Users\Eduardo\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Eduardo\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Eduardo\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Eduardo\AppData\Local\Temp\oct24F4.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct262.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct2C27.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\octA484.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\octB4F1.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\octEF62.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\sqlite3.dll
C:\Users\Eduardo\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-02-23 08:59

==================== Fim de FRST.txt ============================
ehgpdantas is offline  
Sponsored Links
Advertisement
 
Old 03-11-2016, 06:02 PM   #4
Registered Member
 
Join Date: Jul 2005
Posts: 56
OS: Win XP SP2



Sorry, just noticed the files were not uploaded. Here they are.
Attached Files
File Type: txt AdwCleaner[S1].txt (2.9 KB, 20 views)
File Type: txt AdwCleaner[C1].txt (3.2 KB, 20 views)
File Type: txt Addition.txt (44.0 KB, 25 views)
ehgpdantas is offline  
Old 03-12-2016, 09:22 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello ehgpdantas.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {270357EF-FF76-4381-8753-CB58351A1335} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO
    Task: {46DA4C49-D18C-4CE4-BA52-16F82BC3864C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO
    Task: {498018C9-CE67-4CBF-BA8D-3BDFC3AB32A9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO
    Task: {767FD071-A229-430B-9E60-BF6E019FC529} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO
    Task: {8B5F04C8-5ED6-4B92-A53F-59DBAF1AE7ED} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO
    Task: {99409FFA-FE34-40D9-BF92-A61A8E2F76EF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
    Task: {AD0EEEB1-C0BF-4EC1-9E60-8D26D7ED11A5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
    Task: {B17DE9A4-DF71-4613-9374-E3A931926CF7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO
    Task: {D591B30F-EA4C-4B4E-AED3-07DA54B21D27} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO
    Task: {D804FCB2-3E03-4758-BBA2-02DE38D68CF4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
    Task: {FCEA9BA5-1AC6-4AEE-A4DC-C476D9AE3BD6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
    HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://startpage-home.com/?s=hp&m=start
    SearchScopes: HKU\S-1-5-21-2611516873-3226132433-3412871208-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR HomePage: Default -> hxxps://startpage-home.com/?s=hp&m=home
    CHR DefaultSearchURL: Default -> hxxps://secure.startpage-home.com/?src=omnibox&partner=hp&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> startpage-home.com
    CHR DefaultSuggestURL: Default -> hxxps://secure-suggest.startpage-home.com/suggest?format=json&locale=pt-BR&q={searchTerms}
    HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
    HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
    HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
    HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
    HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
    HKU\S-1-5-21-2611516873-3226132433-3412871208-1001\...\RunOnce: [Uninstall C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Eduardo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-13-2016, 09:49 AM   #6
Registered Member
 
Join Date: Jul 2005
Posts: 56
OS: Win XP SP2



Follows
Attached Files
File Type: txt Fixlog.txt (11.1 KB, 18 views)
ehgpdantas is offline  
Old 03-13-2016, 06:50 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ehgpdantas. How is the machine behaving?

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.0.1024.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior


------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-15-2016, 02:21 AM   #8
Registered Member
 
Join Date: Jul 2005
Posts: 56
OS: Win XP SP2



Hi,

The "Startpage" hijacking apparently has gone away and the browsers behave as expected. However, system seems to be a bit slow or, at least, reacts a bit delayed or takes a while for its activities until it becomes available to accept commands (such as mouse etc.). I noticed this when scrolling over this thread, for example.

MBAM did not find anything but ESET found a threat.

Eduardo
Attached Files
File Type: txt MBAM Scan Log.txt (1.3 KB, 19 views)
File Type: txt ESET Result.txt (5.6 KB, 28 views)
ehgpdantas is offline  
Old 03-15-2016, 03:17 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ehgpdantas. Some users complain of slowness after a cleaning. Use the machine a day or so and see if it improves.

I'll leave it up to you whether or not to delete those legendas files.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Eduardo\Documents\Bin\Conectividade\SFInstaller_SFFZ_filezilla_8992693_.exe"
"C:\Users\Eduardo\Documents\Bin\Conectividade\winscp438setup-sponsored.exe"
"C:\Users\Eduardo\Documents\Bin\Gestão Arquivos\PandoraRecovery2.1.1Setup.exe"
"C:\Users\Eduardo\Documents\Bin\Gestão Arquivos\rcsetup145.exe"
"C:\Users\Eduardo\Documents\Bin\Gestão Arquivos\unlocker-setup.exe"
"C:\Users\Eduardo\Documents\Bin\Players\media.player.codec.pack.v4.2.3.setup.exe"
"C:\Users\Eduardo\Documents\Bin\Players\winamp563_full_emusic-7plus_en-us.exe"
"C:\Users\Eduardo\Documents\Bin\Players\winamp563_full_emusic-7plus_pt-br.exe"
"C:\Users\Eduardo\Documents\BKP\2015-01-24\NOBAK\Bin\Conectividade\SFInstaller_SFFZ_filezilla_8992693_.exe"
"C:\Users\Eduardo\Documents\BKP\2015-01-24\NOBAK\Bin\Conectividade\winscp438setup-sponsored.exe"
"C:\Users\Eduardo\Documents\BKP\2015-01-24\NOBAK\Bin\Gestão Arquivos\PandoraRecovery2.1.1Setup.exe"
"C:\Users\Eduardo\Documents\BKP\2015-01-24\NOBAK\Bin\Gestão Arquivos\rcsetup145.exe"
"C:\Users\Eduardo\Documents\BKP\2015-01-24\NOBAK\Bin\Gestão Arquivos\unlocker-setup.exe"
"C:\Users\Eduardo\Documents\BKP\2015-01-24\NOBAK\Bin\Players\media.player.codec.pack.v4.2.3.setup.exe"
"C:\Users\Eduardo\Documents\BKP\2015-01-24\NOBAK\Bin\Players\winamp563_full_emusic-7plus_en-us.exe"
"C:\Users\Eduardo\Documents\BKP\2015-01-24\NOBAK\Bin\Players\winamp563_full_emusic-7plus_pt-br.exe"
"C:\Users\Eduardo\Downloads\ccsetup505 (1).exe"
"C:\Users\Eduardo\Downloads\ccsetup505.exe"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-15-2016, 03:59 PM   #10
Registered Member
 
Join Date: Jul 2005
Posts: 56
OS: Win XP SP2



Hi,

I successfully ran the script. However, I understood it did not touch the "legendas" stuff. If so, I do not have any problem in deleting / uninstalling it as long as I think it could have been the source of my issues. Unless you tell me it is working fine from now on...

Eduardo
ehgpdantas is offline  
Old 03-15-2016, 07:21 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Eduardo. Those legends files are most probably not the cause of your previous problems. Let's upload one.

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Users\Eduardo\Downloads\Legendas35.exe

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-16-2016, 07:18 PM   #12
Registered Member
 
Join Date: Jul 2005
Posts: 56
OS: Win XP SP2



Hi,

Follows the URL:

https://www.virustotal.com/pt/file/3...is/1458180588/

Many Anti Virus state it as a threat and this is true even for McAffee. However, I have an active subscription of McAffee and can't understand why it did not detect / prevent it. I remember I installed this crap and before doing it I ran McAffee on it... I wish I had used this Virus Total tool...

Eduardo
ehgpdantas is offline  
Old 03-17-2016, 12:32 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Eduardo. Did you uninstall Legendas, and delete all legendas files/folders?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-19-2016, 06:20 AM   #14
Registered Member
 
Join Date: Jul 2005
Posts: 56
OS: Win XP SP2



Not yet. Do I simply remove it from Add/Remove Programs? Or is there a better process? About files and folders are they on the Program Files folder? Or do they get hid somewhere else?

Still can't understand why McAffee does not detect it... Is it possible that the program put itself on a white list? I could not find anything like this into McAffee...
ehgpdantas is offline  
Old 03-19-2016, 02:06 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Eduardo. Those online scanners detect PUA/PUPs(potentially unsafe applications and potentially unwanted programs).

You probably don't have the option(s) ticked in your McAfee settings.

------------------------------------------------------

Yes, uninstall Legendas 3.5 using Programs and Features(right-click the Windows "logo" button > Programs and Features).

Add or Remove Programs hasn't been used since XP.

If Legendas uninstalls successfully, reboot your computer, then do the following:

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

sc stop legendasdrv

A DOS window will open and close again, this is normal.

Repeat for these commands:

sc stop COMLegService

sc delete legendasdrv

sc delete COMLegService

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Program Files (x86)\Legendas-3.5"

A DOS window will open and close again, this is normal.

Repeat for the following:

cmd /c rd /s /q "C:\Users\Todos os Usuários\Legendas"

cmd /c rd /s /q "C:\ProgramData\Legendas"

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c del /a/f/q "C:\Users\Eduardo\Downloads\Legendas.3.5.2.zip"

A DOS window will open and close again, this is normal.

Repeat for the following:

cmd /c del /a/f/q "C:\Users\Eduardo\Downloads\Legendas35.exe"

cmd /c del /a/f/q "C:\Windows\System32\drivers\legendasdrv.sys"

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-20-2016, 04:39 PM   #16
Registered Member
 
Join Date: Jul 2005
Posts: 56
OS: Win XP SP2



The online scanner is active on McAffee since ever...

I ran all commands above and did not get any error message.

Eduardo
ehgpdantas is offline  
Old 03-20-2016, 08:17 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Eduardo. I didn't understand this:

Quote:
The online scanner is active on McAffee since ever...
In McAfee, installed on your computer, do you have PUAs or PUPs enabled to be detected?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-24-2016, 06:09 PM   #18
Registered Member
 
Join Date: Jul 2005
Posts: 56
OS: Win XP SP2



Yes, it is (and always were) active.
ehgpdantas is offline  
Old 03-25-2016, 01:03 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Eduardo. Well, I can't explain why then. You may have to ask McAfee.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-31-2016, 11:12 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vosteran
New computer running Windows 8.1 and Google chrome + I E. Tried to download supposedly trusted program and immediately infected with vosteran. Cannot download D D S. I get message does not run in compatibility mode. Compatibility mode is turned off in Google. vosteran has disabled the tool bars...
Gerry8 Resolved HJT Threads 32 02-24-2015 05:47 AM
[SOLVED] VIRUS????
Hello, Could someone PLEASE help me? I'm getting a lot of page 404 error, "Welcome to nginx!" when trying to load a page from my bookmark or even a simple search result from Google. Thank you very much for your time!!!!!! ***************************** . DDS (Ver_2011-08-26.01) -...
bcdinh Resolved HJT Threads 48 03-19-2012 06:33 PM
I'm tech support, need help, this thing is nasty.
I've thrown everything I could at this so far. Malware bytes, superantispyware, hijack this, ccleaner... I could throw more I guess. I'm going to take the drive out and scan it on another machine. But I have seen this before and it angers me. SVCHOST.EXE starts eating resources, less...
DriftLife Resolved HJT Threads 15 08-04-2011 08:09 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:18 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts