Não consigo instalar programas de proteção e acessar sites de segurança.

por Camila Marques Covre Seg 30 Jun 2014, 17:48

Boa tarde!

Meu not vem apresentando alguns problemas há mais ou menos uma semana. Utilizava o antivirus Avira e o YAC, há algumas semanas algum spyware tomou conta aki e bugou até o antivirus (não conseguia fazer varredura nem nada). Tentei restaurar e não deixava, ai consegui passar o YAC e o Malwarebyte, depois antivirus restaurei e resolveu.
Sou advogada e utilizo o sistema/site do TJMS, que tem como anexar petições e arquivos on-line. Semana passada ao tentar realizar tal procedimento(anexar), abria para eu procurar o arquivo e na hora de clicar em anexar ele abria uma página do Avira e não anexava. Troquei de navegador e o problema continuou. Abri o Avira e vi que estava com o mesmo problema da outra vez. Utilizei o YAC que removeu algumas coisas e consegui baixar o Avast. Fiz varredura, tirou um arquivo infectado por Trojan e algum outro que não me recordo, o YAC tbm detectou algo outra vez, depois disso o problema em anexar na página sumiu, porém, tentei baixar o Malwarebyte e o Spyboot e, além de demorar para baixar, não consegui instalar.
Pesquisei aqui no fórum problemas parecidos e fiz alguns procedimentos, pelo menos agora consigo baixar antispyware ou antimalware, mas nem todos instalam (aparece o erro: esse aplicativo não é um arquivo win32 válido) ou, se instalam, não rodam.
Foi o que aconteceu com o 'HijackThis'.
Dos que vi aqui no fórum, o que consegui utilizar foi o ZHPDiag. Segue relatório.
Desde já, agradeço a atenção.

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Iniciado por camila (30/06/2014 15:57:11)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476 (Defaut)
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.153

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
ESET Online Scanner v3
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.15

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1910 MB (30% free)
System Restore: Activé (Enable)
System drive C: has 123 GB (83%) free of 148 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CAMILA-PC
~ User Name: camila
~ All Users Names: Convidado, camila, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\camila\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\camila\AppData\Roaming\
~ %Desktop% : C:\Users\camila\Desktop\
~ %Favorites% : C:\Users\camila\Favorites\
~ %LocalAppData% : C:\Users\camila\AppData\Local\
~ %StartMenu% : C:\Users\camila\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 123 Go of 148 Go)
D: Hard drive, Flash drive, Thumb drive (Free 100 Go of 136 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 48 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2013 - 09:15:55.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/12/2013 - 17:16:48.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 17:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 17:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.66DD39CA12BAEB8D32111581769D9117] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/11/2013 - 09:49:22.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.B44B9746261B23087690BF18821BA187] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2013 - 09:31:39.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CE706AA66B6D94DB8892C5FC114E0F85] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.21/11/2013 - 09:31:37.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 17:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A543D7FD38F51123CA6B8B4722E4D322] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.21/11/2013 - 09:38:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1213288]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 17:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.4EDEF8AB59B089925CF9A6CFC74A4109] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2013 - 09:31:35.) -- C:\Windows\system32\Drivers\volsnap.sys [246104]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/72
~ Mon Bureau (My Desktop) : 1/17
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.DAF772AA1150C0AEF69B4A2C5F66F972] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files\iSafe\iSafeTray.exe [802984] [PID.2636] =>Trojan.Staser
[MD5.85129A54AC1259D23614A629E4F0B5E7] - (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe [496184] [PID.3200]
[MD5.C68AB37B122149F7181757D740956BD2] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [175640] [PID.3216]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.3224]
[MD5.18B6A913D2FBC0E5C02C14B24359E828] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe [18944] [PID.3236]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.3244]
[MD5.9E2B10E9FE7B55844C4CED3DDFF5491A] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [795936] [PID.3340]
[MD5.D91AFB6D2A0DA7539B74FB5838775D94] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [98632] [PID.3672]
[MD5.A1369135F48250C3EE7FC0CF9E7230D7] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe [2360608] [PID.3556]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.6004]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8071680] [PID.7264]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [aiahmijlpehemcpleichkcokhegllfjl] Duolingo v.1.0.11 (Activé)
G2 - GCE: Preference [User Data\Default] [flliilndjeohchalpbbcdekjklbdgfkk] Avira Browser Safety v.1.1.17, (Désactivé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pbcaplhfkihhldmlbjhgajdeghjdbffi] GBBD Caixa Economica Federal v.3.6.3 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 23 Legitimates Filtered in 00mn 14s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\camila\AppData\Roaming\Mozilla\Firefox\Profiles\pcox52lv.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\camila\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\camila\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 14 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SmartAudio] . (.No owner - SAIICpl MFC Application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [D24D77684EA30104452EA2620AC81D2767F37AB2._service_run] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-978150597-2052285117-1239505619-1000\..\Run: [D24D77684EA30104452EA2620AC81D2767F37AB2._service_run] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\Lenovo\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D401774-9E9D-435F-B576-1716C342BE3E}: DhcpNameServer = 189.7.72.33 189.7.72.38 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D401774-9E9D-435F-B576-1716C342BE3E}: DhcpNameServer = 189.7.72.33 189.7.72.38 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D401774-9E9D-435F-B576-1716C342BE3E}: DhcpNameServer = 189.7.72.33 189.7.72.38 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.72.33 189.7.72.38 201.6.4.116
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
~ Services: 7 Legitimates Filtered in 00mn 09s

---\\ Tarefas planificadas automaticamente (039)
[MD5.2135CD31425E6301DB97016737A4CBF5] [APT] [{A696225D-A8FC-49BD-8BC8-E9DAB3039044}] (...) -- C:\Users\camila\Desktop\LopSD.exe [501736]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 08s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files\iSafe\iSafeKrnlKit.sys =>Trojan.Staser
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Program Files\iSafe\iSafeNetFilter.sys =>Trojan.Staser
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 84 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}
O42 - Logiciel: Yet Another Cleaner! - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM] -- iSafe =>Trojan.Staser
~ Logic: 9 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\V9]
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 139 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/05/2014 - 11:51:17 - [] ----D C:\Program Files\A.E.T. Europe B.V
O43 - CFD: 27/06/2014 - 16:53:31 - [] ----D C:\Program Files\iSafe =>Trojan.Staser
O43 - CFD: 22/05/2014 - 11:51:15 - [] ----D C:\ProgramData\A.E.T. Europe B.V
O43 - CFD: 24/06/2014 - 11:54:26 - [] ----D C:\ProgramData\Syscon
O43 - CFD: 27/06/2014 - 01:22:25 - [] ----D C:\Users\camila\AppData\Roaming\iSafe =>Trojan.Staser
O43 - CFD: 22/05/2014 - 12:12:58 - [] ----D C:\Users\camila\AppData\Local\A.E.T. Europe B.V
~ Program Folder: 133 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 24/06/2014 - 12:47:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.7B44790B2070D43C1E1834ADC7466976] - 24/06/2014 - 16:36:39 ---A- . (...) -- C:\win lov 2.0.9.rar [21412]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 26/06/2014 - 16:32:44 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.73FE8285D075FE7F0CD980870A09AF3D] - 26/06/2014 - 18:09:49 ---A- . (...) -- C:\Windows\wininit.ini [79]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 26/06/2014 - 18:10:02 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/06/2014 - 18:10:02 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 26/06/2014 - 18:10:02 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 26/06/2014 - 18:10:02 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 26/06/2014 - 18:10:02 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 26/06/2014 - 21:24:51 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.DCA3B7069D11F3CE9666B0BAE22EB688] - 26/06/2014 - 21:27:05 ---A- . (...) -- C:\ComboFix.txt [16017]
O44 - LFC:[MD5.2FDC9D9F34838BDD20FAD0979D40FDEF] - 26/06/2014 - 23:00:26 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [35152]
O44 - LFC:[MD5.DD69308FC3FD6D3C6C735E661E8AFED8] - 27/06/2014 - 17:33:57 ---A- . (...) -- C:\lopR.txt [9271]
~ Files: 34 Legitimates Filtered in 00mn 04s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:24/06/2014 - 12:47:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:24/06/2014 - 12:47:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:24/06/2014 - 12:47:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:01/12/2009 - 15:37:02 ---A- . (.Bison Electronics. Inc. - Universal Serial Bus Camera Driver.) -- C:\Windows\System32\Drivers\BisonC07.sys [1261680]
O58 - SDL:13/07/2009 - 21:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 19:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:22/05/2014 - 12:02:37 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 18:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:20/05/2014 - 05:07:08 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [38912] =>Trojan.Staser
O58 - SDL:26/06/2014 - 18:08:17 ---A- . (.Sysinternals - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Process Explorer.) -- C:\Windows\System32\Drivers\PROCEXP113.SYS [12568]
O58 - SDL:13/07/2009 - 21:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:26/06/2014 - 23:00:26 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [35152]
O58 - SDL:13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 17:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 17:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 17:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 17:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 17:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 17:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 17:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 17:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 17:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 17:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 85 Legitimates Filtered in 00mn 01s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 24/06/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 20/05/2014 - C:\Program Files\iSafe\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL =>Trojan.Staser
O64 - Services: CurCS - 20/05/2014 - C:\Program Files\iSafe\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT =>Trojan.Staser
O64 - Services: CurCS - 20/05/2014 - C:\Program Files\iSafe\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER =>Trojan.Staser
~ Legacy: 88 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B6501603D87EDB49D0D2AF993393E9AE] [SPRF][22/05/2014] (...) -- C:\Users\camila\AppData\Roaming\unins000.dat [33933]
[MD5.0EB2E3FF0C3C8D58F6C4C4B210671219] [SPRF][22/05/2014] (...) -- C:\Users\camila\AppData\Roaming\unins001.dat [16717]
[MD5.954EEB12152F96B6C76240AA5A848FF7] [SPRF][26/06/2014] (...) -- C:\Users\camila\Desktop\adwcleaner_3.213.exe [1342659]
[MD5.2135CD31425E6301DB97016737A4CBF5] [SPRF][27/06/2014] (...) -- C:\Users\camila\Desktop\LopSD.exe [501736]
[MD5.287884C60166752581408A11F45F3C0F] [SPRF][30/06/2014] (...) -- C:\Users\camila\Desktop\zoek.exe [1283668]
~ Files: 9 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 16/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 30/04/2014 1716264 | (PDF Architect 2) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect 2\ws.exe
SS - | Demand 30/04/2014 861736 | (pdfforge CrashHandler) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect 2\crash-handler-ws.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/06/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 11/08/2009 582944 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 20/05/2014 118056 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
SR - | Auto 25/04/2014 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 21/11/2013 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/11/2013 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 17s

---\\ Scâner Aditional (088)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>Trojan.Staser^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe] =>Trojan.Staser^
C:\Program Files\iSafe =>Trojan.Staser^
C:\Users\camila\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Program Files\iSafe\iSafeTray.exe =>Trojan.Staser^
~ Additionnel Scan: 199659 Items scanned in 00mn 48s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
~ MSI: 1 link(s) detected in 00mn 00s

~ 667 Legitimates filtered by white list
End of the scan (466 lines in 02mn 20s)(0)

por **Power Max** Seg 30 Jun 2014, 18:14

Oi Camila. Se você me permite a sugestão, penso que se você desinstalasse o YAC e deixasse só o antivirus instalado seria melhor, muitas vezes usar muitos programas de segurança acaba deixando o PC mais lento e mais vulnerável às infecções.
________________________________________________________________________________________

consigo - Não consigo instalar programas de proteção e acessar sites de segurança. 772309

consigo - Não consigo instalar programas de proteção e acessar sites de segurança. 772309

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

consigo - Não consigo instalar programas de proteção e acessar sites de segurança. 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por Camila Marques Covre Seg 30 Jun 2014, 18:31

Olá Power Max!
Sugestão aceita, YAC desinstalado! Quem se mete a "fuçar", como eu, muitas vezes acha que quanto mais coisas, mais seguro rsrs.

Segue relatório do ZHPFix:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by camila at 30/06/2014 17:28:49
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\V9

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (176) (116.799.840 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {A696225D-A8FC-49BD-8BC8-E9DAB3039044}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
1 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema

End of clean in 01mn 06s

========== Caminho do ficheiro do relatório ==========
C:\Users\camila\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/06/2014 17:28:53 [1253]

por **Power Max** Seg 30 Jun 2014, 18:32

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por Camila Marques Covre Seg 30 Jun 2014, 18:43

Segue.

Só uma observação, andei tentando usar uns procedimentos aqui do fórum, então, pode ser que você veja por aí alguns arquivos instalados ou baixados que já foram indicados em algum outro tópico.

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Iniciado por camila (30/06/2014 17:37:10)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476 (Defaut)
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.153

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
ESET Online Scanner v3
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.15

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1910 MB (27% free)
System Restore: Activé (Enable)
System drive C: has 123 GB (83%) free of 148 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CAMILA-PC
~ User Name: camila
~ All Users Names: Convidado, camila, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\camila\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\camila\AppData\Roaming\
~ %Desktop% : C:\Users\camila\Desktop\
~ %Favorites% : C:\Users\camila\Favorites\
~ %LocalAppData% : C:\Users\camila\AppData\Local\
~ %StartMenu% : C:\Users\camila\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 123 Go of 148 Go)
D: Hard drive, Flash drive, Thumb drive (Free 100 Go of 136 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 48 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2013 - 09:15:55.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/12/2013 - 17:16:48.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 17:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 17:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.66DD39CA12BAEB8D32111581769D9117] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/11/2013 - 09:49:22.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.B44B9746261B23087690BF18821BA187] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2013 - 09:31:39.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CE706AA66B6D94DB8892C5FC114E0F85] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.21/11/2013 - 09:31:37.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 17:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A543D7FD38F51123CA6B8B4722E4D322] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.21/11/2013 - 09:38:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1213288]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 17:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.4EDEF8AB59B089925CF9A6CFC74A4109] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2013 - 09:31:35.) -- C:\Windows\system32\Drivers\volsnap.sys [246104]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/72
~ Mon Bureau (My Desktop) : 1/19
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.85129A54AC1259D23614A629E4F0B5E7] - (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe [496184] [PID.3200]
[MD5.C68AB37B122149F7181757D740956BD2] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [175640] [PID.3216]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.3224]
[MD5.18B6A913D2FBC0E5C02C14B24359E828] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe [18944] [PID.3236]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.3244]
[MD5.9E2B10E9FE7B55844C4CED3DDFF5491A] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [795936] [PID.3340]
[MD5.D91AFB6D2A0DA7539B74FB5838775D94] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [98632] [PID.3672]
[MD5.A1369135F48250C3EE7FC0CF9E7230D7] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe [2360608] [PID.3556]
[MD5.CEAA5817A65E914AA178B28F12359A46] - (.Microsoft Corporation - Microsoft Office Word.) -- C:\Program Files\Microsoft Office\Office12\WINWORD.exe [347432] [PID.8004]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.388]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8071680] [PID.6376]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [aiahmijlpehemcpleichkcokhegllfjl] Duolingo v.1.0.11 (Activé)
G2 - GCE: Preference [User Data\Default] [flliilndjeohchalpbbcdekjklbdgfkk] Avira Browser Safety v.1.1.17, (Désactivé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pbcaplhfkihhldmlbjhgajdeghjdbffi] GBBD Caixa Economica Federal v.3.6.3 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 23 Legitimates Filtered in 00mn 07s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\camila\AppData\Roaming\Mozilla\Firefox\Profiles\pcox52lv.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\camila\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\camila\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 14 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SmartAudio] . (.No owner - SAIICpl MFC Application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [D24D77684EA30104452EA2620AC81D2767F37AB2._service_run] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-978150597-2052285117-1239505619-1000\..\Run: [D24D77684EA30104452EA2620AC81D2767F37AB2._service_run] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\Lenovo\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D401774-9E9D-435F-B576-1716C342BE3E}: DhcpNameServer = 189.7.72.33 189.7.72.38 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D401774-9E9D-435F-B576-1716C342BE3E}: DhcpNameServer = 189.7.72.33 189.7.72.38 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D401774-9E9D-435F-B576-1716C342BE3E}: DhcpNameServer = 189.7.72.33 189.7.72.38 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.72.33 189.7.72.38 201.6.4.116
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
~ Services: 6 Legitimates Filtered in 00mn 05s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 11 Legitimates Filtered in 00mn 04s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (iSafeKrnlKit) . (. - .) - C:\Program Files\iSafe\iSafeKrnlKit.sys (.not file.) =>Trojan.Staser
O41 - Driver: (iSafeNetFilter) . (. - .) - C:\Program Files\iSafe\iSafeNetFilter.sys (.not file.) =>Trojan.Staser
~ Drivers: 80 Legitimates Filtered in 00mn 01s

---\\ Software instalados (042)
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}
~ Logic: 8 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\iSafe] =>Trojan.Staser
~ Key Software: 136 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/05/2014 - 11:51:17 - [] ----D C:\Program Files\A.E.T. Europe B.V
O43 - CFD: 22/05/2014 - 11:51:15 - [] ----D C:\ProgramData\A.E.T. Europe B.V
O43 - CFD: 24/06/2014 - 11:54:26 - [] ----D C:\ProgramData\Syscon
O43 - CFD: 30/06/2014 - 17:24:02 - [] ----D C:\Users\camila\AppData\Roaming\iSafe =>Trojan.Staser
O43 - CFD: 22/05/2014 - 12:12:58 - [] ----D C:\Users\camila\AppData\Local\A.E.T. Europe B.V
~ Program Folder: 132 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 24/06/2014 - 12:47:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.7B44790B2070D43C1E1834ADC7466976] - 24/06/2014 - 16:36:39 ---A- . (...) -- C:\win lov 2.0.9.rar [21412]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 26/06/2014 - 16:32:44 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.73FE8285D075FE7F0CD980870A09AF3D] - 26/06/2014 - 18:09:49 ---A- . (...) -- C:\Windows\wininit.ini [79]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 26/06/2014 - 18:10:02 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/06/2014 - 18:10:02 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 26/06/2014 - 18:10:02 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 26/06/2014 - 18:10:02 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 26/06/2014 - 18:10:02 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 26/06/2014 - 21:24:51 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.DCA3B7069D11F3CE9666B0BAE22EB688] - 26/06/2014 - 21:27:05 ---A- . (...) -- C:\ComboFix.txt [16017]
O44 - LFC:[MD5.2FDC9D9F34838BDD20FAD0979D40FDEF] - 26/06/2014 - 23:00:26 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [35152]
O44 - LFC:[MD5.DD69308FC3FD6D3C6C735E661E8AFED8] - 27/06/2014 - 17:33:57 ---A- . (...) -- C:\lopR.txt [9271]
~ Files: 34 Legitimates Filtered in 00mn 18s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:24/06/2014 - 12:47:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:24/06/2014 - 12:47:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:24/06/2014 - 12:47:58 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:01/12/2009 - 15:37:02 ---A- . (.Bison Electronics. Inc. - Universal Serial Bus Camera Driver.) -- C:\Windows\System32\Drivers\BisonC07.sys [1261680]
O58 - SDL:13/07/2009 - 21:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 19:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:22/05/2014 - 12:02:37 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 18:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:26/06/2014 - 18:08:17 ---A- . (.Sysinternals - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Process Explorer.) -- C:\Windows\System32\Drivers\PROCEXP113.SYS [12568]
O58 - SDL:13/07/2009 - 21:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:26/06/2014 - 23:00:26 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [35152]
O58 - SDL:13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 17:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 17:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 17:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 17:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 17:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 17:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 17:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 17:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 17:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 17:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 84 Legitimates Filtered in 00mn 04s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 24/06/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 87 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B6501603D87EDB49D0D2AF993393E9AE] [SPRF][22/05/2014] (...) -- C:\Users\camila\AppData\Roaming\unins000.dat [33933]
[MD5.0EB2E3FF0C3C8D58F6C4C4B210671219] [SPRF][22/05/2014] (...) -- C:\Users\camila\AppData\Roaming\unins001.dat [16717]
[MD5.954EEB12152F96B6C76240AA5A848FF7] [SPRF][26/06/2014] (...) -- C:\Users\camila\Desktop\adwcleaner_3.213.exe [1342659]
[MD5.89D6AE5E3E3C180950B60019B28F1526] [SPRF][30/06/2014] (...) -- C:\Users\camila\Desktop\HijackThis.exe [387148]
[MD5.2135CD31425E6301DB97016737A4CBF5] [SPRF][27/06/2014] (...) -- C:\Users\camila\Desktop\LopSD.exe [501736]
[MD5.287884C60166752581408A11F45F3C0F] [SPRF][30/06/2014] (...) -- C:\Users\camila\Desktop\zoek.exe [1283668]
~ Files: 10 Legitimates Filtered in 00mn 07s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 16/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 30/04/2014 1716264 | (PDF Architect 2) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect 2\ws.exe
SS - | Demand 30/04/2014 861736 | (pdfforge CrashHandler) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect 2\crash-handler-ws.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/06/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 11/08/2009 582944 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 25/04/2014 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 21/11/2013 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/11/2013 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 18s

---\\ Scâner Aditional (088)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

C:\Users\camila\AppData\Roaming\iSafe =>Trojan.Staser^
[HKLM\Software\iSafe] =>Trojan.Staser^
~ Additionnel Scan: 197123 Items scanned in 00mn 36s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
~ MSI: 1 link(s) detected in 00mn 00s

~ 657 Legitimates filtered by white list
End of the scan (455 lines in 02mn 20s)(0)

por **Power Max** Seg 30 Jun 2014, 18:56

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

consigo - Não consigo instalar programas de proteção e acessar sites de segurança. 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por Camila Marques Covre Seg 30 Jun 2014, 18:59

Segue:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by camila at 30/06/2014 17:58:09
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 02s)

========== Chaves do Registo ==========
ELIMINÉ Driver Key: iSafeKrnlKit
ELIMINÉ Driver Key: iSafeNetFilter
ELIMINÉ: HKLM\Software\iSafe

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (4) (1.541.408 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
3 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema

End of clean in 00mn 47s

========== Caminho do ficheiro do relatório ==========
C:\Users\camila\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/06/2014 17:28:53 [1334]
C:\Users\camila\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/06/2014 17:58:11 [1251]

por **Power Max** Seg 30 Jun 2014, 19:03

Você fez a limpeza com o Adwcleaner? Se tiver feito, na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

por Camila Marques Covre Seg 30 Jun 2014, 19:10

Fiz no dia 26/06.
Estou fazendo novamente para postar um relatório mais atualizado.
Já posto.

por **Power Max** Seg 30 Jun 2014, 19:11

Ok, fico na espera.

por Camila Marques Covre Seg 30 Jun 2014, 19:16

Pronto.
Segue:

# AdwCleaner v3.214 - Relatório criado 30/06/2014 às 18:11:00
# Atualizado 29/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : camila - CAMILA-PC
# Executando de : C:\Users\camila\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\camila\AppData\Roaming\eCyber

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\camila\AppData\Roaming\Mozilla\Firefox\Profiles\pcox52lv.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [1486 octets] - [26/06/2014 16:31:38]
AdwCleaner[R1].txt - [1200 octets] - [26/06/2014 16:39:16]
AdwCleaner[R2].txt - [1167 octets] - [26/06/2014 16:49:01]
AdwCleaner[R3].txt - [1287 octets] - [26/06/2014 18:34:41]
AdwCleaner[R4].txt - [1810 octets] - [26/06/2014 23:48:14]
AdwCleaner[R5].txt - [1832 octets] - [27/06/2014 16:55:27]
AdwCleaner[R6].txt - [1523 octets] - [30/06/2014 18:09:34]
AdwCleaner[S0].txt - [1536 octets] - [26/06/2014 16:34:15]
AdwCleaner[S1].txt - [1254 octets] - [26/06/2014 16:40:55]
AdwCleaner[S2].txt - [1226 octets] - [26/06/2014 16:50:23]
AdwCleaner[S3].txt - [1512 octets] - [30/06/2014 18:11:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1572 octets] ##########

por **Power Max** Seg 30 Jun 2014, 19:41

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por Camila Marques Covre Seg 30 Jun 2014, 19:50

Ele é um dos que não está rodando. Peço para executar, ele inicia mas nada mais acontece.

Cheguei a utilizar ele há alguns dias, mas para isso tive que usar um outro programa que parou alguma coisa (se não me engano desativou tudo de proteção no pc e parece q prometia parar qualquer processo malicioso).
Segue resultado da outra vez que usei (não sei se será útil):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by camila on 26/06/2014 at 21:31:10,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\camila\AppData\Roaming\isafe"
Successfully deleted: [Folder] "C:\Program Files\isafe"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/06/2014 at 21:43:48,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Seg 30 Jun 2014, 19:54

O estranho é que até agora os programas não acharam nada de perigoso no seu PC.

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

por Camila Marques Covre Seg 30 Jun 2014, 20:04

Pois é, reparei isso também. Nos outros posts que vi por aqui antes de perguntar reparei que sempre tinha algo, ficava procurando algo errado no meu tbm e nada. Ainda assim, nada de conseguir instalar alguns programas e agora deu erro na extensão de segurança da Caixa Econômica.

Seguem relatórios:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by camila (administrator) on CAMILA-PC on 30-06-2014 18:57:15
Running from C:\Users\camila\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(GAS Tecnologia) C:\Program Files\GbPlugin\GbpSv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2011-05-27] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2011-05-27] (Conexant Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [18944 2013-03-05] (A.E.T. Europe B.V.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
HKU\S-1-5-21-978150597-2052285117-1239505619-1000\...\Run: [D24D77684EA30104452EA2620AC81D2767F37AB2._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-978150597-2052285117-1239505619-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversão para PDF com o ScanSnap Organizer.lnk
ShortcutTarget: Conversão para PDF com o ScanSnap Organizer.lnk -> C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\Users\camila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk
ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E7078D42A75CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1600552 2014-05-06] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 189.7.72.33 189.7.72.38 201.6.4.116

FireFox:
========
FF ProfilePath: C:\Users\camila\AppData\Roaming\Mozilla\Firefox\Profiles\pcox52lv.default
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF NewTab: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 - C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: gastecnologia.com.br/sf/bb - C:\Users\camila\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF Plugin HKCU: gastecnologia.com.br/sf/cef - C:\Users\camila\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-24]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\camila\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\camila\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-05-22]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\camila\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\camila\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014-06-05]

Chrome:
=======
CHR HomePage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Duolingo) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-06-16]
CHR Extension: (Google Docs) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-16]
CHR Extension: (Google Drive) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-16]
CHR Extension: (YouTube) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-16]
CHR Extension: (Pesquisa do Google) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-16]
CHR Extension: (Avira Browser Safety) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-27]
CHR Extension: (avast! Online Security) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-16]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2014-06-16]
CHR Extension: (Google Wallet) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-16]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2014-06-26]
CHR Extension: (Gmail) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-24]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-24] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [582944 2009-08-11] (Broadcom Corporation.)
R2 GbpSv; C:\Program Files\GbPlugin\GbpSv.exe [528424 2014-05-06] (GAS Tecnologia)
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-06-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-06-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-06-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-06-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-06-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-06-24] ()
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1261680 2009-12-01] (Bison Electronics. Inc. )
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-03-14] (GAS Tecnologia)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-05-22] (GAS Tecnologia)
S3 catchme; \??\C:\Users\camila\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-30 18:57 - 2014-06-30 18:57 - 00013769 _____ () C:\Users\camila\Desktop\FRST.txt
2014-06-30 18:57 - 2014-06-30 18:57 - 00000000 ____D () C:\FRST
2014-06-30 18:56 - 2014-06-30 18:56 - 01073664 _____ (Farbar) C:\Users\camila\Desktop\FRST.exe
2014-06-30 18:45 - 2014-06-30 18:46 - 01016261 _____ (Thisisu) C:\Users\camila\Desktop\JRT.exe
2014-06-30 18:07 - 2014-06-30 18:08 - 01346519 _____ () C:\Users\camila\Downloads\AdwCleaner.exe
2014-06-30 17:58 - 2014-06-30 17:58 - 00001332 _____ () C:\Users\camila\Desktop\ZHPFixReport.txt
2014-06-30 17:39 - 2014-06-30 17:39 - 00029321 _____ () C:\Users\camila\Desktop\ZHPDiag.txt
2014-06-30 17:22 - 2014-06-30 17:22 - 00109280 _____ () C:\Users\camila\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 17:16 - 2014-06-30 17:16 - 00002202 _____ () C:\Users\camila\Downloads\telelistas_320x396.html
2014-06-30 16:31 - 2014-06-30 16:31 - 00387148 _____ () C:\Users\camila\Desktop\HijackThis.exe
2014-06-30 12:25 - 2014-06-30 12:25 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-06-30 12:22 - 2014-06-30 17:58 - 00000000 ____D () C:\Users\camila\AppData\Roaming\ZHP
2014-06-30 12:22 - 2014-06-30 12:25 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-06-30 12:22 - 2014-06-30 12:22 - 01283668 _____ () C:\Users\camila\Desktop\zoek.exe
2014-06-30 12:22 - 2014-06-30 12:22 - 00001933 _____ () C:\Users\camila\Desktop\ZHPFix.lnk
2014-06-30 12:22 - 2014-06-30 12:22 - 00001806 _____ () C:\Users\camila\Desktop\ZHPDiag.lnk
2014-06-30 12:22 - 2014-06-30 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-06-30 12:17 - 2014-06-30 12:17 - 00027505 _____ () C:\Users\camila\Downloads\PureRa.zip
2014-06-27 18:02 - 2014-06-27 18:03 - 06857095 _____ (Nicolas Coolman ) C:\Users\camila\Desktop\ZHPDiag2.exe
2014-06-27 17:30 - 2014-06-27 17:33 - 00009271 _____ () C:\lopR.txt
2014-06-27 17:28 - 2014-06-27 17:33 - 00000000 ____D () C:\Lop SD
2014-06-27 17:27 - 2014-06-27 17:27 - 00501736 _____ () C:\Users\camila\Desktop\LopSD.exe
2014-06-27 07:16 - 2014-06-27 07:17 - 17121424 _____ (Malwarebytes Corporation ) C:\Users\camila\Desktop\mbam-setup-2.0.2.1012 (1).exe
2014-06-27 07:08 - 2014-06-30 18:13 - 00000168 _____ () C:\Windows\setupact.log
2014-06-27 07:08 - 2014-06-30 18:12 - 00007166 _____ () C:\Windows\PFRO.log
2014-06-27 07:08 - 2014-06-27 07:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-27 00:30 - 2014-06-27 00:28 - 17178052 _____ (Malwarebytes Corporation ) C:\Users\camila\Desktop\mbam-setup-2.0.2.1012.exe.exe
2014-06-27 00:26 - 2014-06-27 00:28 - 17178052 _____ (Malwarebytes Corporation ) C:\Users\camila\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-27 00:12 - 2014-06-27 00:13 - 19695704 _____ () C:\Users\camila\Downloads\SUPERAntiSpyware.exe
2014-06-27 00:00 - 2014-06-30 18:46 - 00000000 ____D () C:\Users\camila\AppData\Local\CrashDumps
2014-06-26 21:43 - 2014-06-26 21:43 - 00000827 _____ () C:\Users\camila\Desktop\JRT.txt
2014-06-26 21:31 - 2014-06-26 21:31 - 00000000 ____D () C:\Windows\ERUNT
2014-06-26 21:27 - 2014-06-26 21:27 - 00016017 _____ () C:\ComboFix.txt
2014-06-26 18:10 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-26 18:10 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-26 18:10 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-26 18:10 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-26 18:10 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-26 18:10 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-26 18:10 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-26 18:10 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-26 18:09 - 2014-06-26 18:09 - 00000079 _____ () C:\Windows\wininit.ini
2014-06-26 18:08 - 2014-06-26 21:27 - 00000000 ____D () C:\Qoobox
2014-06-26 18:08 - 2014-06-26 18:08 - 00012568 _____ (Sysinternals - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] C:\Windows\system32\Drivers\PROCEXP113.SYS
2014-06-26 18:07 - 2014-06-26 21:25 - 00000000 ____D () C:\Windows\erdnt
2014-06-26 17:42 - 2014-06-26 17:42 - 00000000 ____D () C:\Program Files\ESET
2014-06-26 17:39 - 2014-06-26 23:00 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-26 17:39 - 2014-06-26 17:39 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller
2014-06-26 17:39 - 2014-06-26 17:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-26 16:32 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-26 16:27 - 2014-06-30 18:11 - 00000000 ____D () C:\AdwCleaner
2014-06-26 16:11 - 2014-06-27 07:08 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-26 16:11 - 2014-06-26 18:09 - 00000000 ____D () C:\Users\Todos os Usuários\Spybot - Search & Destroy
2014-06-26 16:11 - 2014-06-26 18:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-24 12:52 - 2014-06-24 12:52 - 00000000 ____D () C:\Users\camila\AppData\Roaming\AVAST Software
2014-06-24 12:51 - 2014-06-24 12:51 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-24 12:51 - 2014-06-24 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-24 12:48 - 2014-06-24 12:50 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-24 12:48 - 2014-06-24 12:50 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-24 12:48 - 2014-06-24 12:50 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-24 12:48 - 2014-06-24 12:47 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403628653791
2014-06-24 12:48 - 2014-06-24 12:47 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1403628653791
2014-06-24 12:48 - 2014-06-24 12:47 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-24 12:48 - 2014-06-24 12:47 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-24 12:48 - 2014-06-24 12:47 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-24 12:48 - 2014-06-24 12:47 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-24 12:48 - 2014-06-24 12:47 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-24 12:48 - 2014-06-24 12:47 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-24 12:47 - 2014-06-24 12:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-24 12:47 - 2014-06-24 12:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-24 12:45 - 2014-06-24 12:45 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-06-24 12:45 - 2014-06-24 12:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-18 21:14 - 2014-06-18 21:14 - 00000000 ____D () C:\Users\camila\AppData\Local\Skype
2014-06-18 21:13 - 2014-06-18 21:29 - 00000000 ____D () C:\Users\camila\AppData\Roaming\Skype
2014-06-18 21:13 - 2014-06-18 21:13 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-18 21:13 - 2014-06-18 21:13 - 00000000 ___RD () C:\Program Files\Skype
2014-06-18 21:13 - 2014-06-18 21:13 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2014-06-18 21:13 - 2014-06-18 21:13 - 00000000 ____D () C:\ProgramData\Skype
2014-06-18 21:13 - 2014-06-18 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-18 21:13 - 2014-06-18 21:13 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-18 21:12 - 2014-06-18 21:12 - 01677440 _____ (Skype Technologies S.A.) C:\Users\camila\Downloads\SkypeSetup.exe
2014-06-18 16:41 - 2014-06-18 17:28 - 02736640 _____ () C:\Users\camila\Downloads\diario parte 2 - mód 3 - corrigido.xls
2014-06-16 17:08 - 2014-06-16 17:08 - 00012844 _____ () C:\Users\camila\Downloads\Prestação de contas Mariana.xlsx
2014-06-16 11:43 - 2014-06-30 18:55 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-16 11:43 - 2014-06-30 18:13 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-16 11:43 - 2014-06-16 11:43 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-16 11:43 - 2014-06-16 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-14 15:26 - 2014-06-30 18:11 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-14 15:26 - 2014-06-14 15:26 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-14 15:26 - 2014-06-14 15:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-14 15:26 - 2014-06-14 15:26 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-07 13:37 - 2014-06-07 13:37 - 00918952 _____ (Oracle Corporation) C:\Users\camila\Downloads\jxpiinstall.exe
2014-06-07 12:33 - 2014-06-07 12:33 - 00000000 ____D () C:\Users\camila\Documents\Blocos de Anotações do OneNote
2014-06-07 11:59 - 2014-06-07 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Organizer
2014-06-07 11:50 - 2009-09-18 22:03 - 00279552 _____ (PFU Limited) C:\Windows\system32\S1300u.dll
2014-06-07 11:50 - 2009-04-23 20:29 - 01990656 _____ (PFU Limited) C:\Windows\system32\ippi5s1300.dll
2014-06-07 11:50 - 2009-04-23 20:29 - 01302528 _____ (PFU Limited) C:\Windows\system32\ijl5s1300.dll
2014-06-07 11:50 - 2008-04-03 08:06 - 00021504 _____ (PFU) C:\Windows\system32\fj52usb.dll
2014-06-07 11:50 - 2007-08-17 16:32 - 00024064 _____ (PFU) C:\Windows\system32\Fjmcusb.dll
2014-06-07 11:50 - 2007-07-26 22:48 - 00264192 _____ (PFU Limited) C:\Windows\system32\s300u.dll
2014-06-07 11:50 - 2007-05-23 19:57 - 01990656 _____ (PFU Limited) C:\Windows\system32\ippi5s300.dll
2014-06-07 11:50 - 2007-05-23 19:57 - 01302528 _____ (PFU Limited) C:\Windows\system32\ijl5s300.dll
2014-06-07 11:50 - 2004-06-18 10:14 - 00000161 _____ () C:\Windows\DISPARAM.INI
2014-06-07 11:49 - 2014-06-07 11:50 - 00000000 ____D () C:\Windows\SSDriver
2014-06-07 11:49 - 2014-06-07 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager
2014-06-07 11:49 - 2005-02-17 11:55 - 00069632 _____ (PFU LIMITED) C:\Windows\system32\distortion.dll
2014-06-05 17:50 - 2014-06-05 17:50 - 00814080 _____ () C:\Users\camila\Downloads\aulaintro.ppt
2014-06-05 17:41 - 2014-06-05 17:41 - 00667136 _____ () C:\Users\camila\Downloads\[060317161125]direito.ppt
2014-06-05 17:41 - 2014-06-05 17:41 - 00504832 _____ () C:\Users\camila\Downloads\direitoTributario2datashow.ppt
2014-06-05 17:41 - 2014-06-05 17:41 - 00341504 _____ () C:\Users\camila\Downloads\SLIDES+DE+DIREITO+TRIBUTÁRIO+I+.ppt
2014-06-04 16:22 - 2014-06-04 16:22 - 04748896 _____ (Piriform Ltd) C:\Users\camila\Downloads\ccsetup414.exe
2014-06-04 15:57 - 2014-06-04 15:57 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-04 15:57 - 2014-06-04 15:57 - 00000000 ____D () C:\Users\camila\AppData\Roaming\TeamViewer
2014-06-04 15:57 - 2014-06-04 15:57 - 00000000 ____D () C:\Program Files\TeamViewer
2014-06-04 15:53 - 2014-06-04 15:54 - 06210256 _____ (TeamViewer GmbH) C:\Users\camila\Downloads\TeamViewer_Setup_pt.exe
2014-06-03 13:26 - 2014-06-03 13:26 - 00498797 _____ () C:\Users\camila\Downloads\GREVE - RH CS.pptx

==================== One Month Modified Files and Folders =======

2014-06-30 18:57 - 2014-06-30 18:57 - 00013769 _____ () C:\Users\camila\Desktop\FRST.txt
2014-06-30 18:57 - 2014-06-30 18:57 - 00000000 ____D () C:\FRST
2014-06-30 18:56 - 2014-06-30 18:56 - 01073664 _____ (Farbar) C:\Users\camila\Desktop\FRST.exe
2014-06-30 18:55 - 2014-06-16 11:43 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-30 18:46 - 2014-06-30 18:45 - 01016261 _____ (Thisisu) C:\Users\camila\Desktop\JRT.exe
2014-06-30 18:46 - 2014-06-27 00:00 - 00000000 ____D () C:\Users\camila\AppData\Local\CrashDumps
2014-06-30 18:21 - 2009-07-14 00:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 18:21 - 2009-07-14 00:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 18:17 - 2014-05-21 15:10 - 00278527 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 18:13 - 2014-06-27 07:08 - 00000168 _____ () C:\Windows\setupact.log
2014-06-30 18:13 - 2014-06-16 11:43 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 18:13 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 18:12 - 2014-06-27 07:08 - 00007166 _____ () C:\Windows\PFRO.log
2014-06-30 18:11 - 2014-06-26 16:27 - 00000000 ____D () C:\AdwCleaner
2014-06-30 18:11 - 2014-06-14 15:26 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 18:08 - 2014-06-30 18:07 - 01346519 _____ () C:\Users\camila\Downloads\AdwCleaner.exe
2014-06-30 17:58 - 2014-06-30 17:58 - 00001332 _____ () C:\Users\camila\Desktop\ZHPFixReport.txt
2014-06-30 17:58 - 2014-06-30 12:22 - 00000000 ____D () C:\Users\camila\AppData\Roaming\ZHP
2014-06-30 17:39 - 2014-06-30 17:39 - 00029321 _____ () C:\Users\camila\Desktop\ZHPDiag.txt
2014-06-30 17:22 - 2014-06-30 17:22 - 00109280 _____ () C:\Users\camila\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 17:16 - 2014-06-30 17:16 - 00002202 _____ () C:\Users\camila\Downloads\telelistas_320x396.html
2014-06-30 16:31 - 2014-06-30 16:31 - 00387148 _____ () C:\Users\camila\Desktop\HijackThis.exe
2014-06-30 12:25 - 2014-06-30 12:25 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-06-30 12:25 - 2014-06-30 12:22 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-06-30 12:22 - 2014-06-30 12:22 - 01283668 _____ () C:\Users\camila\Desktop\zoek.exe
2014-06-30 12:22 - 2014-06-30 12:22 - 00001933 _____ () C:\Users\camila\Desktop\ZHPFix.lnk
2014-06-30 12:22 - 2014-06-30 12:22 - 00001806 _____ () C:\Users\camila\Desktop\ZHPDiag.lnk
2014-06-30 12:22 - 2014-06-30 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-06-30 12:17 - 2014-06-30 12:17 - 00027505 _____ () C:\Users\camila\Downloads\PureRa.zip
2014-06-30 11:58 - 2014-05-22 12:01 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-06-30 11:58 - 2014-05-22 12:01 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-06-27 18:03 - 2014-06-27 18:02 - 06857095 _____ (Nicolas Coolman ) C:\Users\camila\Desktop\ZHPDiag2.exe
2014-06-27 17:33 - 2014-06-27 17:30 - 00009271 _____ () C:\lopR.txt
2014-06-27 17:33 - 2014-06-27 17:28 - 00000000 ____D () C:\Lop SD
2014-06-27 17:27 - 2014-06-27 17:27 - 00501736 _____ () C:\Users\camila\Desktop\LopSD.exe
2014-06-27 07:17 - 2014-06-27 07:16 - 17121424 _____ (Malwarebytes Corporation ) C:\Users\camila\Desktop\mbam-setup-2.0.2.1012 (1).exe
2014-06-27 07:08 - 2014-06-27 07:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-27 07:08 - 2014-06-26 16:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 00:28 - 2014-06-27 00:30 - 17178052 _____ (Malwarebytes Corporation ) C:\Users\camila\Desktop\mbam-setup-2.0.2.1012.exe.exe
2014-06-27 00:28 - 2014-06-27 00:26 - 17178052 _____ (Malwarebytes Corporation ) C:\Users\camila\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-27 00:13 - 2014-06-27 00:12 - 19695704 _____ () C:\Users\camila\Downloads\SUPERAntiSpyware.exe
2014-06-26 23:00 - 2014-06-26 17:39 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-06-26 21:43 - 2014-06-26 21:43 - 00000827 _____ () C:\Users\camila\Desktop\JRT.txt
2014-06-26 21:31 - 2014-06-26 21:31 - 00000000 ____D () C:\Windows\ERUNT
2014-06-26 21:27 - 2014-06-26 21:27 - 00016017 _____ () C:\ComboFix.txt
2014-06-26 21:27 - 2014-06-26 18:08 - 00000000 ____D () C:\Qoobox
2014-06-26 21:27 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Default
2014-06-26 21:27 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-06-26 21:25 - 2014-06-26 18:07 - 00000000 ____D () C:\Windows\erdnt
2014-06-26 21:24 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-26 21:19 - 2014-05-22 12:09 - 00000000 ____D () C:\Users\Todos os Usuários\Temp
2014-06-26 21:19 - 2014-05-22 12:09 - 00000000 ____D () C:\ProgramData\Temp
2014-06-26 18:28 - 2014-05-25 22:04 - 00000000 ____D () C:\Program Files\PDFCreator
2014-06-26 18:28 - 2014-05-21 16:35 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 18:28 - 2014-05-21 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 18:28 - 2014-05-21 16:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-26 18:09 - 2014-06-26 18:09 - 00000079 _____ () C:\Windows\wininit.ini
2014-06-26 18:09 - 2014-06-26 16:11 - 00000000 ____D () C:\Users\Todos os Usuários\Spybot - Search & Destroy
2014-06-26 18:09 - 2014-06-26 16:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-26 18:08 - 2014-06-26 18:08 - 00012568 _____ (Sysinternals - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] C:\Windows\system32\Drivers\PROCEXP113.SYS
2014-06-26 17:42 - 2014-06-26 17:42 - 00000000 ____D () C:\Program Files\ESET
2014-06-26 17:39 - 2014-06-26 17:39 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller
2014-06-26 17:39 - 2014-06-26 17:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-26 12:00 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-24 23:24 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-06-24 16:36 - 2014-05-21 15:48 - 00021412 _____ () C:\win lov 2.0.9.rar
2014-06-24 12:52 - 2014-06-24 12:52 - 00000000 ____D () C:\Users\camila\AppData\Roaming\AVAST Software
2014-06-24 12:51 - 2014-06-24 12:51 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-24 12:51 - 2014-06-24 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-24 12:50 - 2014-06-24 12:48 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-24 12:50 - 2014-06-24 12:48 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-24 12:50 - 2014-06-24 12:48 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-24 12:47 - 2014-06-24 12:48 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403628653791
2014-06-24 12:47 - 2014-06-24 12:48 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1403628653791
2014-06-24 12:47 - 2014-06-24 12:48 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-24 12:47 - 2014-06-24 12:48 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-24 12:47 - 2014-06-24 12:48 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-24 12:47 - 2014-06-24 12:48 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-24 12:47 - 2014-06-24 12:48 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-24 12:47 - 2014-06-24 12:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-24 12:47 - 2014-06-24 12:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-24 12:47 - 2014-06-24 12:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-24 12:45 - 2014-06-24 12:45 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-06-24 12:45 - 2014-06-24 12:45 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-24 12:40 - 2014-05-21 15:39 - 00000000 ____D () C:\Users\Todos os Usuários\Package Cache
2014-06-24 12:40 - 2014-05-21 15:39 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-24 11:54 - 2014-05-28 17:35 - 00000000 ____D () C:\Users\Todos os Usuários\Syscon
2014-06-24 11:54 - 2014-05-28 17:35 - 00000000 ____D () C:\ProgramData\Syscon
2014-06-24 11:54 - 2014-05-28 17:11 - 00000000 ____D () C:\Users\camila\Documents\ScanSnap
2014-06-18 21:29 - 2014-06-18 21:13 - 00000000 ____D () C:\Users\camila\AppData\Roaming\Skype
2014-06-18 21:14 - 2014-06-18 21:14 - 00000000 ____D () C:\Users\camila\AppData\Local\Skype
2014-06-18 21:13 - 2014-06-18 21:13 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-18 21:13 - 2014-06-18 21:13 - 00000000 ___RD () C:\Program Files\Skype
2014-06-18 21:13 - 2014-06-18 21:13 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2014-06-18 21:13 - 2014-06-18 21:13 - 00000000 ____D () C:\ProgramData\Skype
2014-06-18 21:13 - 2014-06-18 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-18 21:13 - 2014-06-18 21:13 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-18 21:12 - 2014-06-18 21:12 - 01677440 _____ (Skype Technologies S.A.) C:\Users\camila\Downloads\SkypeSetup.exe
2014-06-18 20:16 - 2014-05-22 12:02 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-06-18 20:16 - 2014-05-22 12:02 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-06-18 17:28 - 2014-06-18 16:41 - 02736640 _____ () C:\Users\camila\Downloads\diario parte 2 - mód 3 - corrigido.xls
2014-06-16 17:08 - 2014-06-16 17:08 - 00012844 _____ () C:\Users\camila\Downloads\Prestação de contas Mariana.xlsx
2014-06-16 11:44 - 2014-05-21 15:29 - 00000000 ____D () C:\Users\camila\AppData\Local\Google
2014-06-16 11:43 - 2014-06-16 11:43 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-16 11:43 - 2014-06-16 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-16 11:43 - 2014-05-21 15:30 - 00000000 ____D () C:\Program Files\Google
2014-06-16 11:43 - 2014-05-21 15:29 - 00000000 ____D () C:\Users\camila\AppData\Local\Deployment
2014-06-14 15:26 - 2014-06-14 15:26 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-14 15:26 - 2014-06-14 15:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-14 15:26 - 2014-06-14 15:26 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-14 14:33 - 2014-01-11 16:42 - 00663804 _____ () C:\Windows\system32\prfh0416.dat
2014-06-14 14:33 - 2014-01-11 16:42 - 00128094 _____ () C:\Windows\system32\prfc0416.dat
2014-06-14 14:33 - 2010-11-20 17:01 - 01517030 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-07 13:37 - 2014-06-07 13:37 - 00918952 _____ (Oracle Corporation) C:\Users\camila\Downloads\jxpiinstall.exe
2014-06-07 12:33 - 2014-06-07 12:33 - 00000000 ____D () C:\Users\camila\Documents\Blocos de Anotações do OneNote
2014-06-07 12:33 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-07 12:00 - 2014-06-07 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Organizer
2014-06-07 11:58 - 2014-05-21 15:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-07 11:50 - 2014-06-07 11:49 - 00000000 ____D () C:\Windows\SSDriver
2014-06-07 11:50 - 2014-06-07 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager
2014-06-05 17:50 - 2014-06-05 17:50 - 00814080 _____ () C:\Users\camila\Downloads\aulaintro.ppt
2014-06-05 17:41 - 2014-06-05 17:41 - 00667136 _____ () C:\Users\camila\Downloads\[060317161125]direito.ppt
2014-06-05 17:41 - 2014-06-05 17:41 - 00504832 _____ () C:\Users\camila\Downloads\direitoTributario2datashow.ppt
2014-06-05 17:41 - 2014-06-05 17:41 - 00341504 _____ () C:\Users\camila\Downloads\SLIDES+DE+DIREITO+TRIBUTÁRIO+I+.ppt
2014-06-04 17:19 - 2014-05-28 17:10 - 00000000 ____D () C:\Users\camila\AppData\Roaming\Fujitsu
2014-06-04 17:19 - 2014-05-28 17:07 - 00000000 ____D () C:\Program Files\Fujitsu
2014-06-04 17:19 - 2014-05-28 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader for ScanSnap (TM) 4.1
2014-06-04 17:19 - 2014-05-28 16:50 - 00000000 ____D () C:\Program Files\ABBYY FineReader for ScanSnap
2014-06-04 17:19 - 2014-05-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardMinder
2014-06-04 17:19 - 2014-05-25 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-06-04 17:19 - 2014-05-25 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-06-04 17:19 - 2014-05-22 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-04 17:19 - 2014-05-22 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeSign Standard
2014-06-04 17:19 - 2014-05-21 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-04 17:19 - 2014-05-21 15:15 - 00000000 ____D () C:\Users\camila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-04 17:19 - 2014-05-21 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-04 17:19 - 2014-05-21 15:14 - 00000000 ___RD () C:\Users\camila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-04 17:19 - 2014-05-21 15:14 - 00000000 ___RD () C:\Users\camila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-04 17:19 - 2014-05-21 15:14 - 00000000 ____D () C:\Users\camila
2014-06-04 17:19 - 2009-07-14 00:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-04 17:19 - 2009-07-14 00:33 - 00414776 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-04 17:19 - 2009-07-13 22:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-04 17:19 - 2009-07-13 22:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-04 17:19 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2014-06-04 17:19 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2014-06-04 16:22 - 2014-06-04 16:22 - 04748896 _____ (Piriform Ltd) C:\Users\camila\Downloads\ccsetup414.exe
2014-06-04 15:57 - 2014-06-04 15:57 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-04 15:57 - 2014-06-04 15:57 - 00000000 ____D () C:\Users\camila\AppData\Roaming\TeamViewer
2014-06-04 15:57 - 2014-06-04 15:57 - 00000000 ____D () C:\Program Files\TeamViewer
2014-06-04 15:54 - 2014-06-04 15:53 - 06210256 _____ (TeamViewer GmbH) C:\Users\camila\Downloads\TeamViewer_Setup_pt.exe
2014-06-04 15:30 - 2014-05-22 12:02 - 00000000 ____D () C:\Program Files\GbPlugin
2014-06-03 13:26 - 2014-06-03 13:26 - 00498797 _____ () C:\Users\camila\Downloads\GREVE - RH CS.pptx
2014-06-01 11:13 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Public\Libraries

Some content of TEMP:
====================
C:\Users\camila\AppData\Local\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-18 15:29

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by camila at 2014-06-30 18:58:36
Running from C:\Users\camila\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

ABBYY FineReader for ScanSnap (TM) 4.1 (HKLM\...\{FB400000-0002-0000-0000-074957833700}) (Version: 8.02.380.7259 - ABBYY)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
CardMinder (HKLM\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L10 - PFU)
CardMinder V4.1 (Version: 4.1.10.1 - PFU) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.130.0.62 - Conexant)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo EasyCamera (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.96.2018.12 - Lenovo EasyCamera)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 29.0.1 (x86 pt-BR)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Pacote de Compatibilidade para o sistema Office 2007 (HKLM\...\{90120000-0020-0416-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
SafeSign (HKLM\...\{2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}) (Version: 3.0.87 - A.E.T. Europe B.V.)
ScanSnap (Version: 5.0.21.1 - PFU Limited) Hidden
ScanSnap Manager (HKLM\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.0L21 - PFU)
ScanSnap Organizer (HKLM\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L11 - PFU)
ScanSnap Organizer (Version: 4.1.11.3 - PFU LIMITED) Hidden
Skype

6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Suplemento Microsoft Salvar como PDF ou XPS para programas do Microsoft Office 2007 (HKLM\...\{90120000-00B2-0416-0000-0000000FF1CE}) (Version: 12.0.4518.1019 - Microsoft Corporation)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points =========================

07-06-2014 15:56:33 Removido ScanSnap Organizer
07-06-2014 15:58:04 Instalado ScanSnap Organizer
24-06-2014 16:46:47 avast! antivirus system restore point
26-06-2014 22:10:23 ComboFix created restore point
30-06-2014 16:12:37 avast! antivirus system restore point
30-06-2014 21:27:59 ZHPFix Restore System Point
30-06-2014 21:57:25 ZHPFix Restore System Point

==================== Hosts content: ==========================

2009-07-13 22:04 - 2014-06-26 21:24 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05D77A0F-71FE-4CF1-BDBA-01FA86649C53} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-24] (AVAST Software)
Task: {24467258-5AFD-47EB-9A24-136114CA33E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-16] (Google Inc.)
Task: {7CC7641C-B06D-4099-A75C-08D4670D47DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-16] (Google Inc.)
Task: {94F484AF-50B8-42DB-9A18-75445C290C2D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-14] (Adobe Systems Incorporated)
Task: {E912D582-5E04-477A-9B17-CBD50ACF876E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-30 16:21 - 2014-06-30 16:21 - 02789376 _____ () C:\Program Files\AVAST Software\Avast\defs\14063001\algo.dll
2009-08-11 15:10 - 2009-08-11 15:10 - 00132384 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2014-06-24 12:47 - 2014-06-24 12:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-21 15:21 - 2009-06-06 21:25 - 00360448 _____ () C:\Windows\system\BisonC07.dll
2014-06-16 11:43 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-16 11:43 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-16 11:43 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-16 11:43 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-16 11:43 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2009-04-16 17:49 - 2009-04-16 17:49 - 00756040 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-06-16 11:43 - 2014-06-05 09:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2014 06:46:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: chrome.exe, versão: 35.0.1916.153, carimbo de hora: 0x538fb354
Nome do módulo de falhas: chrome_child.dll, versão: 35.0.1916.153, carimbo de hora: 0x538fb2e4
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00004b64
Identificação do processo com falha: 0x11d8
Hora de início do aplicativo com falha: 0xchrome.exe0
Caminho do aplicativo com falha: chrome.exe1
FCaminho do módulo de falhas: chrome.exe2
Identificação do Relatório: chrome.exe3

Error: (06/30/2014 06:26:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: chrome.exe, versão: 35.0.1916.153, carimbo de hora: 0x538fb354
Nome do módulo de falhas: chrome_child.dll, versão: 35.0.1916.153, carimbo de hora: 0x538fb2e4
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00004b64
Identificação do processo com falha: 0x11d0
Hora de início do aplicativo com falha: 0xchrome.exe0
Caminho do aplicativo com falha: chrome.exe1
FCaminho do módulo de falhas: chrome.exe2
Identificação do Relatório: chrome.exe3

Error: (06/30/2014 06:14:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 04:27:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: chrome.exe, versão: 35.0.1916.153, carimbo de hora: 0x538fb354
Nome do módulo de falhas: chrome_child.dll, versão: 35.0.1916.153, carimbo de hora: 0x538fb2e4
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00aeebc3
Identificação do processo com falha: 0x63c
Hora de início do aplicativo com falha: 0xchrome.exe0
Caminho do aplicativo com falha: chrome.exe1
FCaminho do módulo de falhas: chrome.exe2
Identificação do Relatório: chrome.exe3

Error: (06/30/2014 00:12:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.

Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {a5fbe781-016b-4042-8797-96da91ff3f94}

Error: (06/27/2014 06:03:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: chrome.exe, versão: 35.0.1916.153, carimbo de hora: 0x538fb354
Nome do módulo de falhas: chrome_child.dll, versão: 35.0.1916.153, carimbo de hora: 0x538fb2e4
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00004b64
Identificação do processo com falha: 0x778
Hora de início do aplicativo com falha: 0xchrome.exe0
Caminho do aplicativo com falha: chrome.exe1
FCaminho do módulo de falhas: chrome.exe2
Identificação do Relatório: chrome.exe3

Error: (06/27/2014 04:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2014 07:10:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2014 00:05:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: iexplore.exe, versão: 11.0.9600.16428, carimbo de hora: 0x525b664c
Nome do módulo de falhas: aswWebRepIE.dll, versão: 9.0.2018.95, carimbo de hora: 0x534d3c5b
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00004497
Identificação do processo com falha: 0x900
Hora de início do aplicativo com falha: 0xiexplore.exe0
Caminho do aplicativo com falha: iexplore.exe1
FCaminho do módulo de falhas: iexplore.exe2
Identificação do Relatório: iexplore.exe3

Error: (06/27/2014 00:05:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: iexplore.exe, versão: 11.0.9600.16428, carimbo de hora: 0x525b664c
Nome do módulo de falhas: aswWebRepIE.dll, versão: 9.0.2018.95, carimbo de hora: 0x534d3c5b
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00028182
Identificação do processo com falha: 0x900
Hora de início do aplicativo com falha: 0xiexplore.exe0
Caminho do aplicativo com falha: iexplore.exe1
FCaminho do módulo de falhas: iexplore.exe2
Identificação do Relatório: iexplore.exe3

System errors:
=============
Error: (06/30/2014 06:14:30 PM) (Source: WudfUsbccidDriver) (EventID: 6) (User: AUTORIDADE NT)
Description: VendorIoctl0x313520

Error: (06/30/2014 06:14:30 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Gemplus USB SmartCard Reader 00x313520XX XX XX XX

Error: (06/30/2014 05:11:07 PM) (Source: WudfUsbccidDriver) (EventID: 6) (User: AUTORIDADE NT)
Description: VendorIoctl0x313520

Error: (06/30/2014 05:11:07 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Gemplus USB SmartCard Reader 00x313520XX XX XX XX

Error: (06/30/2014 04:20:11 PM) (Source: WudfUsbccidDriver) (EventID: 6) (User: AUTORIDADE NT)
Description: VendorIoctl0x313520

Error: (06/30/2014 04:20:11 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Gemplus USB SmartCard Reader 00x313520XX XX XX XX

Error: (06/30/2014 04:19:31 PM) (Source: WudfUsbccidDriver) (EventID: 6) (User: AUTORIDADE NT)
Description: VendorIoctl0x313520

Error: (06/30/2014 04:19:31 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Gemplus USB SmartCard Reader 00x313520XX XX XX XX

Error: (06/30/2014 04:19:29 PM) (Source: WudfUsbccidDriver) (EventID: 6) (User: AUTORIDADE NT)
Description: VendorIoctl0x313520

Error: (06/30/2014 04:19:28 PM) (Source: WudfUsbccidDriver) (EventID: 6) (User: AUTORIDADE NT)
Description: VendorIoctl0x313520

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 75%
Total physical RAM: 1910.85 MB
Available physical RAM: 470.85 MB
Total Pagefile: 3821.7 MB
Available Pagefile: 2005.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:147.53 GB) (Free:122.93 GB) NTFS
Drive d: (Backup) (Fixed) (Total:135.61 GB) (Free:99.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool

(Size: 298 GB) (Disk ID: 4DA30F4A)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=136 GB) - (Type=OF Extended)

==================== End Of Log ============================

Obs: A SmartCard que deu erro ali é a leitora de Certificado Digital que esqueci de desconectar no not.

por Camila Marques Covre Seg 30 Jun 2014, 20:13

Preciso sair!

Retorno daqui a 3h aproximadamente, ai entro para ver as novas orientações.

Agradeço a atenção!

Até mais!

consigo - Não consigo instalar programas de proteção e acessar sites de segurança. 648673379

consigo - Não consigo instalar programas de proteção e acessar sites de segurança. 648673379

por **Power Max** Seg 30 Jun 2014, 20:22

Ok, ficamos na espera. isso aí!

por **Power Max** Seg 30 Jun 2014, 21:33

Quase nada de errado foi detectado pelo Farbar também.

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Clique com o botão direito do mouse sobre o FRST, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem].

Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

por Camila Marques Covre Seg 30 Jun 2014, 23:32

Voltei!
:rindo_ate_agor

Segue:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by camila at 2014-06-30 22:28:57 Run:1
Running from C:\Users\camila\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope value is missing.
CHR Extension: (Avira Browser Safety) - C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-27]
end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\camila\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Moved successfully.

==== End of Fixlog ====

por **Power Max** Seg 30 Jun 2014, 23:45

Como está o PC?

por Camila Marques Covre Ter 01 Jul 2014, 00:09

Eeee
:rindo_atoa:
Parece que agora sarou!
Baixei de novo o Malwarebyte e o Spybot e agora consegui instalá-los. Tentei entrar no site da Caixa e do BB e não tive problemas.
Só o JRT que ainda não roda, pergunta se desejo permitir blá blá blá, clico sim, faz que vai abrir e não abre.

Vamos às dúvidas:
Antivírus, mantenho o Avast mesmo? Ou tem alguma outra sugestão?
Baixei os dois acima só para ter certeza que tinha sido resolvido o problema, já que a princípio não conseguia nem baixá-los e depois não conseguia instalá-los. Aconselha a mantê-los ou vale aquela ideia de que é melhor não ter muitos programas?

Escaneei com o Malwarebyte e nada foi encontrato.

Mais alguma coisa?

por **Power Max** Ter 01 Jul 2014, 00:17

Sugiro que você desinstale o Spybot e deixe só o Malwarebytes instalado e mantenha ele atualizado e faça escaneamentos no PC de tempos em tempos com ele.
______________________________________________________________________________________________

Quanto ao antivirus, sugiro que desinstale o Avast e baixe um ótimo antivirus gratuito para você, como o Bitdefender Antivirus Free Edition.

Para instalar e usar corretamente o Bitdefender é só seguir as dicas deste tutorial:

Mantenha seu PC protegido com a versão gratuita do antivirus Bitdefender
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_________________________________________________________________________________________

Você disse que fez a verificação com o Malwarebytes. Mas caso não tenha feito desta forma que vou passar no tutorial abaixo, sugiro que repita desta forma pois ela é mais completa:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
______________________________________________________________________________________________

Depois disto nos diga, por gentileza, como está o PC.

por Camila Marques Covre Ter 01 Jul 2014, 01:07

Desinstalado!

Vou baixar este que indicou.

Estou escaneando novamente, pelo jeito vai demorar um bocado. Quando terminar volto para dizer como ficou.

Obrigada!

por **Power Max** Ter 01 Jul 2014, 12:22

Ok, fico na espera. isso aí!

por Camila Marques Covre Ter 01 Jul 2014, 16:58

Oie! :rindo_ate_agor

Demorei mas voltei!

Segue relatório do Malwarebyte ... achou algumas coisinhas.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 30/06/2014
Hora da Verificação: 23:34:24
Logfile: log malwarebyte.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.07.01.01
Rootkit Database: v2014.06.30.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: camila

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 354002
Tempo Decorrido: 58 min, 52 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 0
(No malicious items detected)

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 2
Hacktool.Agent, D:\Programas\win lov 2.0.9.rar, Quarantined, [76dfa3f7f784989e3b44292656ab01ff],
Hacktool.Agent, D:\Programas\win lov 2.0.9\WinLov2.0.9\Windows Loader.exe, Quarantined, [4a0b1981790216207c0359f646bb48b8],

Physical Sectors: 0
(No malicious items detected)

(end)

Ah! Só para constar, o JRT ainda não roda.

por Conteúdo patrocinado

Não consigo instalar programas de proteção e acessar sites de segurança.

Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Re: Não consigo instalar programas de proteção e acessar sites de segurança.

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30