Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
caiohsramos

Proxy configurado sempre que o Windows inicia

Recommended Posts

caiohsramos    0

Olá,

Sempre que o Windows inicia um proxy é configurado no sistema, fazendo com que os sites de bancos não sejam as páginas verdadeiras. Consigo desativar as configurações de proxy manualmente para ter acesso aos bancos, porém gostaria que elas não voltassem toda vez que o sistema inicia. Segue o log do ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
diego_moicano    472

Caro @caiohsramos

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe Como Administrador

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Execute o jrt.exe Como Administrador

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
caiohsramos    0
  • Autor do tópico
  •  

     

    Seguem os logs:

    # AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 13 23:02:29 2017
    # Updated on 2017/05/08 by Malwarebytes 
    # Running on Windows 7 Ultimate (X86)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support
    
    ***** [ Services ] *****
    
    No malicious services deleted.
    
    ***** [ Folders ] *****
    
    Deleted: \Downloaded Installers\Hollywood FX
    Deleted: \Installer\Hollywood FX
    
    
    ***** [ Files ] *****
    
    No malicious files deleted.
    
    ***** [ DLL ] *****
    
    No malicious DLLs cleaned.
    
    ***** [ WMI ] *****
    
    No malicious WMI cleaned.
    
    ***** [ Shortcuts ] *****
    
    No malicious shortcuts cleaned.
    
    ***** [ Tasks ] *****
    
    No malicious tasks deleted.
    
    ***** [ Registry ] *****
    
    Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\Hollywood FX
    
    
    ***** [ Firefox (and derivatives) ] *****
    
    No malicious Firefox entries deleted.
    
    ***** [ Chromium (and derivatives) ] *****
    
    Plugin deleted: Search and New Tab by Yahoo - 
    
    
    *************************
    
    ::Tracing keys deleted
    ::IE policies deleted
    ::Chrome policies deleted
    ::Additional Actions: 0
    
    
    
    *************************
    
    C:/AdwCleaner/AdwCleaner[C0].txt - [5095 B] - [2017/8/10 14:44:46]
    C:/AdwCleaner/AdwCleaner[S0].txt - [6838 B] - [2014/9/9 12:15:51]
    C:/AdwCleaner/AdwCleaner[S1].txt - [6187 B] - [2015/4/30 11:45:12]
    C:/AdwCleaner/AdwCleaner[S2].txt - [5662 B] - [2017/8/10 14:42:56]
    C:/AdwCleaner/AdwCleaner[S3].txt - [1528 B] - [2017/8/13 23:1:16]
    
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 7 Ultimate x86 
    Ran by Marcelo (Administrator) on 13/08/2017 at 20:14:28,86
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    
    
    
    File System: 43 
    
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo (Folder) 
    Successfully deleted: C:\Users\Marcelo\Appdata\LocalLow\CertifiedToolbarBRToolbar (Folder) 
    Successfully deleted: C:\Windows\wininit.ini (File) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RB27BW3 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3W970RLO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YKBTF0W (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5U4XVQ1V (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CDR26WF (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LU76XA1 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9COXECVB (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALPFIQ7T (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4R3FL9J (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D65RFX3Y (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5F8JJR8 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY5R139V (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGDILLRA (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKJ5EYV6 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NX3Z3LUY (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9LV6UNX (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USDXVE6Z (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAMBW6F (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTTS3C9W (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN2YWY9R (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RB27BW3 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3W970RLO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YKBTF0W (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5U4XVQ1V (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CDR26WF (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LU76XA1 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9COXECVB (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALPFIQ7T (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4R3FL9J (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D65RFX3Y (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5F8JJR8 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY5R139V (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGDILLRA (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKJ5EYV6 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NX3Z3LUY (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9LV6UNX (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USDXVE6Z (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAMBW6F (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTTS3C9W (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YN2YWY9R (Temporary Internet Files Folder) 
    
    
    
    Registry: 5 
    
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
    
    
    
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 13/08/2017 at 21:40:29,39
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    ~ ZHPCleaner v2017.8.13.139 by Nicolas Coolman (2017/08/13)
    ~ Run by Marcelo (Administrator)  (13/08/2017 21:51:26)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Reparo
    ~ Report : C:\Users\Marcelo\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\Marcelo\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Activate
    ~ Boot Mode : Normal (Normal boot)
    Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
    
    
    ---\\  Serviços (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.
    
    
    ---\\  Navegadores de Internet (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.
    
    
    ---\\  Arquivo hosts (1)
    ~ O arquivo hosts é legítimo (3)
    
    
    ---\\  Tarefas automáticas agendadas. (1)
    SUPRIMIDO tarefas: [AutoKMS] [C:\Windows\Tasks\AutoKMS.job (Not File) ]  =>HackTool.AutoKMS
    
    
    ---\\  Explorer ( Arquivos, Pastas) (12)
    MOVIDO pasta: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427\storage\default\https+++adwcleaner.br.uptodown.com\.metadata    =>PUP.Optional.UpToDown
    MOVIDO pasta: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427\storage\default\https+++adwcleaner.br.uptodown.com\.metadata-v2    =>PUP.Optional.UpToDown
    MOVIDO pasta: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427\storage\default\https+++adwcleaner.br.uptodown.com\cache\caches.sqlite    =>PUP.Optional.UpToDown
    MOVIDO pasta: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427\storage\default\https+++adwcleaner.br.uptodown.com\cache\morgue\20\{dade9620-f28d-460c-a6bb-28bddcaa5414}.final    =>PUP.Optional.UpToDown
    MOVIDO pasta: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427\storage\default\https+++adwcleaner.br.uptodown.com\cache\morgue\138\{ff224f7b-4100-4b35-b5ca-edfcd5079a8a}.final    =>PUP.Optional.UpToDown
    MOVIDO pasta: C:\Windows\System32\drivers\mcvidrv.sys [Visicom Media Inc. - ManyCam Virtual Webcam Driver]  =>.SUP.VisicomMedia
    MOVIDO pasta: C:\Windows\System32\drivers\mcaudrv.sys [Visicom Media Inc. - ManyCam Virtual Microphone]  =>.SUP.VisicomMedia
    MOVIDO pasta: C:\Windows\Tasks\AutoKMS.job    =>HackTool.AutoKMS
    MOVIDO arquivo*: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
    MOVIDO arquivo*: C:\Users\Marcelo\AppData\Local\Temp\Popcorn Time  =>.SUP.PopcornTime
    MOVIDO arquivo*: C:\Program Files\QuickTime  =>Riskware.QuickTime
    MOVIDO arquivo*: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime
    
    
    ---\\  Registro ( Chaves, Valores, Dados ) (5)
    SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\ManyCam [C:\Windows\System32\drivers\mcvidrv.sys (Not File)]  =>.SUP.VisicomMedia
    SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\mcaudrv_simple [C:\Windows\System32\drivers\mcaudrv.sys (Not File)]  =>.SUP.VisicomMedia
    SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\GreenTree Applications SRL []  =>.SUP.GreenTreeApp
    SUPRIMIDO chave: HKCU\Software\GreenTree Applications SRL []  =>.SUP.GreenTreeApp
    SUPRIMIDO valor: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task ["C:\Program Files\QuickTime\QTTask.exe" -atboottime]  =>Riskware.QuickTime
    
    
    ---\\  Resumo dos elementos encontrados na sua estação de trabalho (6)
    https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
    https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.UpToDown
    https://nicolascoolman.eu/2017/03/18/superfluous-visicommedia/  =>.SUP.VisicomMedia
    https://nicolascoolman.eu/2017/02/26/superfluous-popcorntime/  =>.SUP.PopcornTime
    https://nicolascoolman.eu/2017/01/15/riskware-quicktime/  =>Riskware.QuickTime
    https://www.anti-malware.top/2016/09/10/superfluous-greentreeapp/  =>.SUP.GreenTreeApp
    
    
    ---\\  Dodatkowe oczyszczenie. (11)
    ~ Chave de registro Tracing Supprimido (11)
    ~ Remover os relatórios antigos ZHPCleaner. (0)
    
    
    ---\\ Resultado de reparação
    Reparação efectuada com sucesso
    ~ Este navegador está faltando ! (Opera Software)
    
    
    ---\\ Estatísticas
    ~ Items scan : 1368
    ~ Items encontrado : 0
    ~ items cancelados : 0
    ~ Items réparo : 18
    
    
    ~ End of clean in 00h00mn36s
    ~====================
    ZHPCleaner-[R]-13082017-21_52_02.txt
    ZHPCleaner-[S]-13082017-21_49_29.txt
    

     

    Editado por caiohsramos

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @caiohsramos

     

    Amigo, por favor, não coloque os logs entre TAGs, obrigado. :)

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


    32 bit (x86) ou 64 bit (x64)

    • Clique com o botão direito e escolha Executar como Administrador;
    • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar;
    • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop);
    • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta;
    • Anexe o log Addition.txt.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    caiohsramos    0
  • Autor do tópico
  • Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 12-08-2017
    Executado por Marcelo (administrador) em SALETA (14-08-2017 18:27:08)
    Executando a partir de C:\Users\Marcelo\Desktop
    Perfis Carregados: Marcelo (Perfis Disponíveis: Marcelo)
    Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: Chrome)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\60.0.3112.25\remoting_host.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    (Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\60.0.3112.25\remoting_host.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
    (Fortinet Inc.) C:\Windows\System32\FortiSSLVPNdaemon.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
    () C:\Program Files\AppBrad\NetExpressUpdater.exe
    (Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
    (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    ( Beijing WatchData System Co., Ltd.) C:\Windows\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Spotify Ltd) C:\Users\Marcelo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIBE.EXE
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
    (Google, Inc) C:\Users\Marcelo\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgui.exe
    (Banco Bradesco S.A.) C:\Program Files\Scpad\scpVista.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Registro (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
    HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-07-15] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-08-01] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
    HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [818224 2017-07-11] (GAS Tecnologia LTDA)
    HKLM\...\Run: [wdbraz_certm] => C:\Windows\System32\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe [59440 2013-01-28] ( Beijing WatchData System Co., Ltd.)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [263232 2017-07-22] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
    Winlogon\Notify\ GbPluginAbn: C:\Program Files\GbPlugin\gbiehabn.dll [2013-09-23] (Banco Real)
    Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2017-03-31] (Banco do Brasil)
    Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2016-09-16] (Caixa Economica Federal)
    Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2015-09-04] (Banco Itaú Unibanco)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Run: [Facebook Update] => "C:\Users\Marcelo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Run: [Google Update] => C:\Users\Marcelo\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Run: [Spotify Web Helper] => C:\Users\Marcelo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-07-01] (Spotify Ltd)
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIBE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3777728 2017-02-07] (Disc Soft Ltd)
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Run: [One Drive] => C:\Users\Marcelo\OneDrive.exe [139264 2017-06-11] ()
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Run: [Google Photos Backup] => C:\Users\Marcelo\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATENÇÃO
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
    SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Banco Bradesco S.A.)
    ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES\GbPlugin\gbiehcef.dll [1903328 2016-09-16] (Caixa Economica Federal)
    ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll [1598520 2013-09-23] (Banco Real)
    ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES\GbPlugin\gbiehuni.dll [1896696 2015-09-04] (Banco Itaú Unibanco)
    ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1947872 2017-03-31] (Banco do Brasil)
    BootExecute: autocheck autochk * sdnclean.exe
    CHR HKU\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{100DD7C7-98FD-43D0-8D61-5FD4F6EBDD3A}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{2FB3FAC9-D9D2-4220-AAAB-A569823511AE}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{9D4270AC-B051-4F21-A00D-B0D59258422A}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{A2BCDADD-4787-42F3-B4AE-70E7A454EDA5}: [DhcpNameServer] 192.168.42.129

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-266472640-2542465631-3944757491-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
    BHO: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files\Scpad\scpsssh2.dll [2013-01-22] (Banco Bradesco S.A.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
    BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files\GbPlugin\gbieh.dll [2017-03-31] (Banco do Brasil)
    BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES\GBPLUGIN\gbiehCef.dll [2016-09-16] (Caixa Economica Federal)
    BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> C:\Program Files\GbPlugin\gbiehabn.dll [2013-09-23] (Banco Real)
    BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll [2015-09-04] (Banco Itaú Unibanco)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)
    DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} hxxp://reimate.ddns-intelbras.com.br/webrec.cab
    DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} hxxp://www.padariabancarios.ddns.com.br:3130/ActiveViewGUI.cab
    DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} hxxp://www.padariabancarios.ddns.com.br:3130/ActiveView.cab
    DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://www.panificadorasantaizabel.tecvozddns.com.br:3130/WebClient.exe
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  Nenhum Arquivo

    FireFox:
    ========
    FF DefaultProfile: a8vffnef.default-1497883390427
    FF ProfilePath: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427 [2017-08-14]
    FF NetworkProxy: Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427 -> autoconfig_url", "hxxps://s3-sa-east-1.amazonaws.com/mozillaproject/project1.png"
    FF NetworkProxy: Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427 -> type", 0
    FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [não assinado]
    FF HKLM\...\Firefox\Extensions: [bbassdigital@bb.com.br] - C:\Program Files\Banco do Brasil\Assinatura Digital\ext
    FF Extension: (Banco do Brasil - Assinatura Digital) - C:\Program Files\Banco do Brasil\Assinatura Digital\ext [2017-06-20]
    FF HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\abn\sf.xpi
    FF Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\abn\sf.xpi [2013-11-11] [não assinado]
    FF HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
    FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-04-17] [não assinado]
    FF HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
    FF Extension: (Guardião - Itaú 30 horas) - C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2015-04-17] [não assinado]
    FF HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => não encontrado (a)
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-02-26]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-02-06]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-06-10] (Adobe Systems, Inc.)
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [2013-12-25] ( )
    FF Plugin: @FortinetCacheClean -> C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll [2014-04-09] (Fortinet Inc.)
    FF Plugin: @FortinetCacheCleanEx -> C:\Program Files\Fortinet\SslvpnClient\npccpluginex.dll [2014-04-09] (Fortinet Inc.)
    FF Plugin: @FortinetTunnelControl -> C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll [2014-04-09] (Fortinet Inc.)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-03-20] (Foxit Corporation)
    FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-266472640-2542465631-3944757491-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marcelo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [Nenhum Arquivo]
    FF Plugin HKU\S-1-5-21-266472640-2542465631-3944757491-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Marcelo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-266472640-2542465631-3944757491-1001: @talk.google.com/O1DPlugin -> C:\Users\Marcelo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-266472640-2542465631-3944757491-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Marcelo\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin HKU\S-1-5-21-266472640-2542465631-3944757491-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Marcelo\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin HKU\S-1-5-21-266472640-2542465631-3944757491-1001: gastecnologia.com.br/sf/abn -> C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-12-27] (GAS Tecnologia)
    FF Plugin HKU\S-1-5-21-266472640-2542465631-3944757491-1001: gastecnologia.com.br/sf/cef -> C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2015-01-16] (GAS Tecnologia)
    FF Plugin HKU\S-1-5-21-266472640-2542465631-3944757491-1001: gastecnologia.com.br/sf/uni -> C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-08-26] (GAS Tecnologia)
    FF Plugin ProgramFiles/Appdata: C:\Users\Marcelo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Marcelo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2017-08-13] <==== ATENÇÃO (Aponta para arquivo *.cfg)
    FF ExtraCheck: C:\Program Files\mozilla firefox\warsaw.cfg [2017-08-13] <==== ATENÇÃO

    Chrome:
    =======
    CHR DefaultProfile: Profile 1
    CHR Profile: C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default [2017-08-13]
    CHR Extension: (Google Apresentações) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-14]
    CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface [2017-07-14]
    CHR Extension: (Banco do Brasil - Assinatura Digital) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\adllellfifhkdgekblogkphpalcbfooh [2017-07-14]
    CHR Extension: (Google Docs) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-14]
    CHR Extension: (Google Drive) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-14]
    CHR Extension: (YouTube) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-14]
    CHR Extension: (Adobe Acrobat) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-14]
    CHR Extension: (Planilhas do Google) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-14]
    CHR Extension: (Documentos Google off-line) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-14]
    CHR Extension: (Skype) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-14]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-14]
    CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2017-07-14]
    CHR Extension: (Gmail) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-14]
    CHR Extension: (Chrome Media Router) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
    CHR Profile: C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-06-24]
    CHR Profile: C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-08-14]
    CHR Extension: (Google Apresentações) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-04]
    CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\abmojiekfpcmkkfamgfcpgfgipocface [2017-06-04]
    CHR Extension: (Banco do Brasil - Assinatura Digital) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\adllellfifhkdgekblogkphpalcbfooh [2017-06-20]
    CHR Extension: (Google Docs) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-04]
    CHR Extension: (Google Drive) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-05]
    CHR Extension: (YouTube) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-04]
    CHR Extension: (Adobe Acrobat) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-06]
    CHR Extension: (Planilhas do Google) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-04]
    CHR Extension: (Documentos Google off-line) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-05]
    CHR Extension: (Skype) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-30]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-04]
    CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nnjbodopomfddehlalfilheomcahbpei [2017-06-04]
    CHR Extension: (Gmail) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-04]
    CHR Extension: (Chrome Media Router) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
    CHR Profile: C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-24]
    CHR HKLM\...\Chrome\Extension: [adllellfifhkdgekblogkphpalcbfooh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [abmojiekfpcmkkfamgfcpgfgipocface] - C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx [2013-09-04]
    CHR HKU\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Marcelo\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-15]
    CHR HKU\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Marcelo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-10-17]

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    "Warsaw Technology" => serviço foi desbloqueado. <==== ATENÇÃO

    R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [264432 2017-07-22] (AVG Technologies CZ, s.r.o.)
    S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5866488 2017-07-22] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-08-01] (AVG Technologies CZ, s.r.o.)
    R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\60.0.3112.25\remoting_host.exe [71512 2017-06-08] (Google Inc.)
    R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1142464 2017-02-07] (Disc Soft Ltd)
    R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
    R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2012-02-21] (SEIKO EPSON CORPORATION)
    R2 FortiSslvpnDaemon; C:\Windows\system32\FortiSSLVPNdaemon.exe [954080 2014-04-09] (Fortinet Inc.)
    R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [631520 2016-06-23] (GAS Tecnologia)
    R2 LMIGuardianSvc; C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe [411632 2015-11-19] (LogMeIn, Inc.)
    R2 NetExpress Updater; C:\Program Files\AppBrad\NetExpressUpdater.exe [13312 2016-03-16] () [Arquivo não assinado]
    R2 scpVista; C:\Program Files\Scpad\scpVista.exe [360640 2013-01-13] (Banco Bradesco S.A.) [Arquivo não assinado]
    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
    R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
    R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
    R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [818224 2017-07-11] (GAS Tecnologia LTDA)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R1 avgbdisk; C:\Windows\system32\drivers\avgbdiskx.sys [135872 2017-07-22] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdriverx.sys [260616 2017-07-22] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\Windows\system32\drivers\avgbidshx.sys [151024 2017-07-22] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\Windows\system32\drivers\avgblogx.sys [270344 2017-07-22] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\Windows\system32\drivers\avgbunivx.sys [43992 2017-07-22] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [35264 2017-07-22] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [116344 2017-08-10] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [91976 2017-07-22] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [63280 2017-07-22] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [766728 2017-08-10] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [489416 2017-07-22] (AVG Technologies CZ, s.r.o.)
    S2 avgStm; C:\Windows\system32\drivers\avgStm.sys [140136 2017-07-22] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [288728 2017-07-22] (AVG Technologies CZ, s.r.o.)
    S3 CTL511Plus; C:\Windows\System32\DRIVERS\webc3vid.sys [166504 2001-11-07] (Creative Technology Ltd.)
    R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2017-05-26] (Disc Soft Ltd)
    R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2017-05-26] (Disc Soft Ltd)
    S2 Fix8; C:\Windows\System32\DRIVERS\Fix8v2.sys [257936 2009-02-13] (Windows (R) 2000 DDK provider)
    R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-08-26] (GAS Tecnologia)
    S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
    S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
    R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
    R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
    S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
    R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-03-14] (GAS Tecnologia)
    S3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2017-08-13] (GbPlugin NDIS Device Driver)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13312 2010-09-02] (June Fabrics Technology Inc.)
    R3 pppop; C:\Windows\System32\DRIVERS\pppop.sys [36384 2009-07-21] (Fortinet Inc.)
    S3 PsSdk41; C:\Windows\system32\Drivers\pssdk41.sys [36928 2014-08-06] (microOLAP Technologies LTD)
    S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
    S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-10-10] (AnchorFree Inc)
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-04-25] (Apple, Inc.) [Arquivo não assinado]
    S3 vtcdrv; C:\Windows\System32\DRIVERS\vtcdrv.sys [18688 2009-10-15] (Windows (R) Codename Longhorn DDK provider) [Arquivo não assinado]
    R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [22744 2017-08-13] (GAS Tecnologia)
    R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [31864 2016-06-16] (GAS Tecnologia)
    S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [22624 2016-11-11] (GAS Tecnologia)
    S3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [22624 2016-11-11] (GAS Tecnologia)

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Três Meses Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-08-14 18:27 - 2017-08-14 18:27 - 000031440 _____ C:\Users\Marcelo\Desktop\FRST.txt
    2017-08-14 18:26 - 2017-08-14 18:27 - 000000000 ____D C:\FRST
    2017-08-14 18:26 - 2017-08-14 18:26 - 001792000 _____ (Farbar) C:\Users\Marcelo\Desktop\FRST.exe
    2017-08-13 21:49 - 2017-08-13 21:52 - 000004521 _____ C:\Users\Marcelo\Desktop\ZHPCleaner.txt
    2017-08-13 21:41 - 2017-08-13 21:52 - 000000000 ____D C:\Users\Marcelo\AppData\Roaming\ZHP
    2017-08-13 21:41 - 2017-08-13 21:41 - 000000838 _____ C:\Users\Marcelo\Desktop\ZHPCleaner.lnk
    2017-08-13 21:41 - 2017-08-13 21:41 - 000000000 ____D C:\Users\Marcelo\AppData\Local\ZHP
    2017-08-13 21:40 - 2017-08-13 21:40 - 000007986 _____ C:\Users\Marcelo\Desktop\JRT.txt
    2017-08-13 20:19 - 2017-08-13 20:19 - 002852224 _____ C:\Users\Marcelo\Desktop\ZHPCleaner.exe
    2017-08-13 20:09 - 2017-08-13 20:09 - 000001550 _____ C:\Users\Marcelo\Desktop\AdwCleaner.txt
    2017-08-13 20:01 - 2017-08-13 20:01 - 001790024 _____ (Malwarebytes) C:\Users\Marcelo\Desktop\JRT.exe
    2017-08-13 19:57 - 2017-08-13 19:57 - 008185288 _____ (Malwarebytes) C:\Users\Marcelo\Desktop\adwcleaner_7.0.1.0(1).exe
    2017-08-13 19:23 - 2017-08-13 19:23 - 001434880 _____ (Fortinet Inc.) C:\Users\Marcelo\Downloads\SslvpnClient.exe
    2017-08-13 19:19 - 2017-08-13 19:19 - 000004096 _____ C:\Users\Marcelo\Downloads\1502662774614.xls
    2017-08-12 13:27 - 2017-08-12 13:27 - 000033179 _____ C:\Users\Marcelo\Desktop\Exame CNH.pdf
    2017-08-10 14:13 - 2017-08-10 14:13 - 000026422 _____ C:\ZA-Scan.txt
    2017-08-10 13:41 - 2017-08-10 13:41 - 001370112 _____ C:\Users\Marcelo\Desktop\ZA-Scan.exe
    2017-08-10 12:36 - 2017-08-10 13:51 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
    2017-08-10 12:36 - 2017-08-10 13:16 - 000000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
    2017-08-10 12:36 - 2017-08-10 13:16 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-08-10 12:31 - 2017-08-10 12:33 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Marcelo\Downloads\spybotsd-2.6.46.exe
    2017-08-10 11:56 - 2017-08-10 11:57 - 005103792 _____ (Enigma Software Group USA, LLC.) C:\Users\Marcelo\Downloads\SpyHunter-Installer (1).exe
    2017-08-10 11:56 - 2017-08-10 11:56 - 005103792 _____ (Enigma Software Group USA, LLC.) C:\Users\Marcelo\Downloads\SpyHunter-Installer.exe
    2017-08-10 11:40 - 2017-08-10 11:41 - 008185288 _____ (Malwarebytes) C:\Users\Marcelo\Downloads\adwcleaner_7.0.1.0.exe
    2017-08-10 11:20 - 2017-08-10 11:25 - 000000000 ____D C:\LinhaDefensiva
    2017-08-10 11:19 - 2017-08-10 11:19 - 000178597 _____ (Igor Pavlov) C:\Users\Marcelo\Downloads\bankerfix.exe
    2017-08-10 11:09 - 2017-08-10 11:09 - 000013039 _____ C:\Users\Marcelo\Downloads\ZA-Scan.txt
    2017-08-10 11:09 - 2017-08-10 11:09 - 000002659 _____ C:\Users\Marcelo\Downloads\FSS.txt
    2017-08-08 23:41 - 2017-08-08 23:42 - 000018581 _____ C:\Users\Marcelo\Desktop\08-08-2017.xlsx
    2017-08-08 22:12 - 2017-08-08 22:12 - 000297688 _____ C:\Users\Marcelo\Downloads\7562-170808.pdf
    2017-08-06 22:59 - 2017-08-06 22:59 - 000000000 ____D C:\Users\Marcelo\Downloads\InSUBs_0e41c0549d877437070fb0097f545db8
    2017-08-06 22:58 - 2017-08-06 22:58 - 000071111 _____ C:\Users\Marcelo\Downloads\InSUBs_0e41c0549d877437070fb0097f545db8.rar
    2017-08-06 13:47 - 2017-08-06 13:47 - 000000000 ____D C:\Program Files\Common Files\Java
    2017-08-04 09:37 - 2017-08-04 09:37 - 000075734 _____ C:\Users\Marcelo\Downloads\eSocial_Demonstrativo_Recibo_Julho-2017.pdf
    2017-08-04 09:37 - 2017-08-04 09:37 - 000062338 _____ C:\Users\Marcelo\Downloads\ESocial_Relatorio_Consolidado_Remuneracoes_Julho-2017.pdf
    2017-08-04 09:36 - 2017-08-04 09:36 - 000122119 _____ C:\Users\Marcelo\Downloads\GuiaPagamento_10369555830_040820170936086893.PDF
    2017-08-03 10:54 - 2017-08-03 10:54 - 000203377 _____ C:\Users\Marcelo\Downloads\ImpressaoResultados_0479495923000_20170803.pdf
    2017-08-03 09:55 - 2017-08-04 09:37 - 000000000 ____D C:\Users\Marcelo\Desktop\Arezzo
    2017-08-02 09:26 - 2017-08-02 09:26 - 000002687 _____ C:\Users\Public\Desktop\Skype.lnk
    2017-08-02 09:26 - 2017-08-02 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2017-08-02 09:26 - 2017-08-02 09:26 - 000000000 ____D C:\Program Files\Common Files\Skype
    2017-08-02 09:23 - 2015-07-18 10:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-08-02 09:23 - 2015-07-18 10:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-08-02 09:22 - 2015-07-18 10:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-08-02 08:16 - 2017-08-02 08:16 - 000006845 _____ C:\Users\Marcelo\Desktop\Contador Amigo.pdf
    2017-07-28 12:03 - 2017-07-28 12:03 - 000002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
    2017-07-28 12:03 - 2017-07-28 12:03 - 000002139 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
    2017-07-22 00:31 - 2017-07-22 00:31 - 000304400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
    2017-07-14 13:24 - 2017-07-29 00:00 - 000000000 ____D C:\Users\Marcelo\Desktop\Fotos Daniel
    2017-07-14 12:32 - 2017-07-14 12:32 - 000002368 _____ C:\Users\Marcelo\Desktop\Marcelo - Chrome.lnk
    2017-07-11 15:36 - 2017-07-11 15:36 - 000000000 ____D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
    2017-06-23 14:26 - 2017-06-23 14:26 - 000000000 ____D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
    2017-06-20 19:30 - 2017-06-20 19:30 - 000000000 ____D C:\Program Files\Banco do Brasil
    2017-06-19 11:42 - 2017-06-19 11:42 - 000001126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-06-19 11:42 - 2017-06-19 11:42 - 000001114 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-06-13 09:09 - 2017-06-13 09:09 - 000000000 ___HD C:\$AV_AVG
    2017-06-11 19:08 - 2017-06-11 19:08 - 000139264 _____ () C:\Users\Marcelo\OneDrive.exe
    2017-06-11 19:08 - 2017-06-11 19:08 - 000001239 _____ C:\Users\Marcelo\OneDrive.bat
    2017-06-11 19:08 - 2017-06-11 19:08 - 000000058 _____ C:\Users\Marcelo\OneDrive.txt
    2017-06-08 08:56 - 2017-06-12 08:17 - 000000000 ____D C:\Users\Marcelo\Desktop\Músicas Duda (22-06-2012 21-33-10)
    2017-06-05 08:35 - 2017-06-05 08:36 - 000000000 ____D C:\LocalStorage
    2017-06-05 08:34 - 2014-07-23 14:42 - 000036600 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\sadp_npf64.sys
    2017-06-05 08:34 - 2014-07-23 14:42 - 000036600 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\sadp_npf.sys
    2017-06-05 08:33 - 2017-06-05 08:33 - 000000000 ____D C:\Program Files\TecViewer Station
    2017-06-05 08:32 - 2017-06-05 08:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    2017-06-05 08:32 - 2017-06-05 08:32 - 000000000 ____D C:\Program Files\WinPcap
    2017-06-05 08:19 - 2017-06-05 08:19 - 000875200 _____ C:\Users\Marcelo\Desktop\WebClient.exe
    2017-06-04 19:19 - 2017-06-04 19:19 - 012009472 _____ C:\Users\Marcelo\Desktop\chromeremotedesktophost.msi
    2017-06-04 19:18 - 2017-06-04 19:18 - 000000000 ____D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
    2017-06-04 19:18 - 2017-06-04 19:18 - 000000000 ____D C:\Users\Marcelo\AppData\Roaming\Google
    2017-06-01 09:18 - 2017-07-18 01:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2017-06-01 09:11 - 2017-08-10 00:36 - 000766728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys
    2017-06-01 09:11 - 2017-08-10 00:36 - 000116344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys
    2017-06-01 09:11 - 2017-07-22 00:31 - 000489416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
    2017-06-01 09:11 - 2017-07-22 00:31 - 000288728 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
    2017-06-01 09:11 - 2017-07-22 00:31 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
    2017-06-01 09:11 - 2017-07-22 00:31 - 000260616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
    2017-06-01 09:11 - 2017-07-22 00:31 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
    2017-06-01 09:11 - 2017-07-22 00:31 - 000140136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
    2017-06-01 09:11 - 2017-07-22 00:31 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
    2017-06-01 09:11 - 2017-07-22 00:31 - 000091976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
    2017-06-01 09:11 - 2017-07-22 00:31 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
    2017-06-01 09:11 - 2017-07-22 00:31 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
    2017-06-01 09:11 - 2017-07-22 00:31 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
    2017-06-01 09:09 - 2017-07-18 01:22 - 000000978 _____ C:\Users\Public\Desktop\AVG.lnk
    2017-05-26 18:40 - 2017-05-26 18:40 - 000000970 _____ C:\Users\Marcelo\Desktop\Free DVD ISO Burner.lnk
    2017-05-26 18:40 - 2017-05-26 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniDVDSoft
    2017-05-26 18:40 - 2017-05-26 18:40 - 000000000 ____D C:\Program Files\Free DVD ISO Burner
    2017-05-26 18:26 - 2017-05-26 18:26 - 000000000 ____D C:\Users\Marcelo\AppData\Local\Disc_Soft_Ltd
    2017-05-26 18:19 - 2017-05-26 18:19 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
    2017-05-26 18:18 - 2017-05-26 18:18 - 000040504 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
    2017-05-26 18:17 - 2017-06-19 22:24 - 000000000 ____D C:\Users\Marcelo\AppData\Roaming\DAEMON Tools Lite
    2017-05-26 18:17 - 2017-05-26 18:19 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
    2017-05-26 18:17 - 2017-05-26 18:17 - 000026168 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
    2017-05-26 18:17 - 2017-05-26 18:17 - 000001935 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    2017-05-26 18:17 - 2017-05-26 18:17 - 000000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
    2017-05-26 18:17 - 2017-05-26 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    2017-05-26 18:17 - 2017-05-26 18:17 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
    2017-05-25 12:08 - 2017-08-13 06:07 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-05-25 12:08 - 2017-05-25 12:08 - 000002026 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2017-05-25 12:07 - 2017-05-25 12:07 - 000000000 ____D C:\Program Files\Adobe
    2017-05-24 20:20 - 2017-05-24 21:29 - 000002076 _____ C:\Users\Marcelo\Desktop\Retaguarda Cigam Franquia.RDP
    2017-05-24 19:52 - 2017-05-24 19:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FortiClient
    2017-05-24 19:52 - 2017-05-24 19:52 - 000000000 ____D C:\Program Files\Fortinet
    2017-05-24 19:48 - 2017-05-24 19:48 - 000001389 _____ C:\Users\Marcelo\Desktop\Internet Explorer.lnk
    2017-05-22 18:35 - 2017-05-22 18:35 - 065636092 _____ C:\Users\Marcelo\Desktop\Moisés.mp4
    2017-05-18 11:37 - 2017-05-18 11:37 - 004616192 _____ C:\Users\Marcelo\Desktop\bb_modulo_assinatura.msi
    2017-05-18 11:16 - 2017-05-18 11:13 - 000438465 _____ C:\Users\Marcelo\Documents\CRV_Fiorino 2.PDF

    ==================== Três Meses Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-08-14 18:22 - 2016-11-18 15:11 - 000000000 ____D C:\Users\Marcelo\AppData\LocalLow\Mozilla
    2017-08-14 15:34 - 2012-07-08 21:24 - 000001082 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-266472640-2542465631-3944757491-1001UA.job
    2017-08-14 10:57 - 2016-01-18 17:46 - 000000000 ____D C:\Users\Marcelo\AppData\Roaming\vlc
    2017-08-14 09:30 - 2014-08-06 10:40 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin
    2017-08-14 09:30 - 2014-08-06 10:40 - 000000000 ____D C:\ProgramData\GbPlugin
    2017-08-14 09:00 - 2014-06-03 10:39 - 000057864 _____ C:\Users\Marcelo\Desktop\Acerto Tata e Padaria.xlsx
    2017-08-14 08:59 - 2017-04-19 12:04 - 000016484 _____ C:\Users\Marcelo\Desktop\TATA - R. Cons. Moreira de Barros.xlsx
    2017-08-14 08:18 - 2009-07-14 01:52 - 000000000 ____D C:\Windows\system32\FxsTmp
    2017-08-13 22:25 - 2009-07-14 01:34 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-08-13 22:25 - 2009-07-14 01:34 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-08-13 22:18 - 2016-12-29 13:49 - 000022744 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
    2017-08-13 22:17 - 2014-03-15 11:07 - 000031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\gbpndisrd.sys
    2017-08-13 22:17 - 2011-03-19 12:50 - 000000000 ____D C:\Users\Marcelo\AppData\LocalLow\Scpad
    2017-08-13 22:17 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-08-13 21:16 - 2012-02-13 20:31 - 000000000 ____D C:\Users\Marcelo\AppData\Local\CrashDumps
    2017-08-13 20:02 - 2014-09-09 09:14 - 000000000 ____D C:\AdwCleaner
    2017-08-13 18:34 - 2012-07-08 21:24 - 000001060 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-266472640-2542465631-3944757491-1001Core.job
    2017-08-10 13:03 - 2013-10-28 12:57 - 004707840 ___SH C:\Users\Marcelo\Desktop\Thumbs.db
    2017-08-10 13:02 - 2017-04-14 18:10 - 000000000 ____D C:\Users\Marcelo\Desktop\senar
    2017-08-10 12:28 - 2014-09-14 09:50 - 000170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-08-10 11:57 - 2011-03-17 14:43 - 000000000 ____D C:\Users\Marcelo
    2017-08-10 11:24 - 2011-03-22 20:53 - 000000000 ____D C:\Users\Marcelo\AppData\Roaming\Skype
    2017-08-09 01:14 - 2012-05-14 18:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2017-08-09 01:14 - 2011-06-20 21:26 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2017-08-09 01:14 - 2011-03-17 21:59 - 000000000 ____D C:\Windows\system32\Macromed
    2017-08-08 18:36 - 2014-07-30 12:15 - 000000000 ____D C:\Program Files\TeamViewer
    2017-08-07 20:05 - 2013-10-16 08:24 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-08-07 20:05 - 2013-10-16 08:24 - 000002136 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-08-06 13:47 - 2016-08-05 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-08-06 13:47 - 2011-03-24 00:24 - 000000000 ____D C:\Program Files\Java
    2017-08-06 13:46 - 2016-08-05 16:16 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2017-08-06 10:53 - 2013-06-18 20:20 - 000027450 _____ C:\Users\Marcelo\Desktop\Comparativo_anual.xlsx
    2017-08-02 09:26 - 2014-08-01 15:56 - 000000000 ____D C:\Users\Marcelo\AppData\Local\Skype
    2017-08-02 09:26 - 2011-03-22 20:53 - 000000000 ___RD C:\Program Files\Skype
    2017-08-02 09:26 - 2011-03-22 20:53 - 000000000 ____D C:\Users\Todos os Usuários\Skype
    2017-08-02 09:26 - 2011-03-22 20:53 - 000000000 ____D C:\ProgramData\Skype
    2017-08-02 09:21 - 2014-09-19 09:37 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
    2017-08-02 09:21 - 2014-09-19 09:37 - 000000000 ____D C:\ProgramData\Package Cache
    2017-07-28 12:03 - 2011-05-16 19:22 - 000000000 ____D C:\Program Files\Google
    2017-07-28 10:33 - 2015-08-03 11:23 - 000000000 ____D C:\Users\LogMeInRemoteUser
    2017-07-27 10:57 - 2017-02-08 20:38 - 000000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
    2017-07-27 10:57 - 2017-02-08 20:38 - 000000926 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
    2017-07-19 13:56 - 2011-03-17 14:44 - 000000000 ____D C:\Users\Marcelo\AppData\Local\VirtualStore

    ==================== Arquivos na raiz de alguns diretórios =======

    2014-08-29 22:01 - 2017-05-18 11:38 - 000005309 _____ () C:\Users\Marcelo\AppData\Roaming\BB_WATCH.log
    2012-08-31 18:15 - 2012-08-31 18:16 - 000041472 ___SH () C:\Users\Marcelo\AppData\Roaming\Thumbs.db
    2013-09-04 07:57 - 2013-09-04 07:57 - 000013660 _____ () C:\Users\Marcelo\AppData\Roaming\unins001.dat
    2013-10-17 09:31 - 2013-10-17 09:31 - 000017403 _____ () C:\Users\Marcelo\AppData\Roaming\unins002.dat
    2014-08-20 10:18 - 2014-08-20 10:18 - 000015397 _____ () C:\Users\Marcelo\AppData\Roaming\unins003.dat
    2011-03-26 13:45 - 2014-07-27 13:41 - 000014336 _____ () C:\Users\Marcelo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-21 18:01 - 2012-09-22 13:11 - 001426411 _____ () C:\Users\Marcelo\AppData\Local\Tempmusic.ogg
    2011-03-22 20:54 - 2011-03-22 20:54 - 000000056 ____H () C:\ProgramData\ezsidmv.dat

    Arquivos para serem movidos ou deletados:
    ====================
    C:\Users\Marcelo\OneDrive.bat
    C:\Users\Marcelo\OneDrive.exe


    Alguns arquivos em TEMP:
    ====================
    2017-08-06 13:38 - 2017-08-06 13:38 - 000740416 _____ (Oracle Corporation) C:\Users\Marcelo\AppData\Local\Temp\jre-8u144-windows-au.exe
    2017-08-02 09:19 - 2017-08-02 09:19 - 058740704 _____ (Skype Technologies S.A.) C:\Users\Marcelo\AppData\Local\Temp\SkypeSetup.exe
    2017-08-02 09:20 - 2017-08-02 09:20 - 014456872 _____ (Microsoft Corporation) C:\Users\Marcelo\AppData\Local\Temp\vc_redist.x86.exe

    Alguns com tamanho de zero byte arquivos/pastas:
    ==========================
    C:\Windows\System32\Drivers\DUMP_WMIMMC.SYS

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\Windows\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

    LastRegBack: 2017-08-11 00:20

    ==================== Fim de FRST.txt ============================

    Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @caiohsramos

     

    Ative o firewall do Windows. ;)

     

    Amigo este computador é pessoal ou particular (empresa, firma etc)?

     

    Conhece (URLs):

     

    Citação

    DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} hxxp://reimate.ddns-intelbras.com.br/webrec.cab
    DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} hxxp://www.padariabancarios.ddns.com.br:3130/ActiveViewGUI.cab
    DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} hxxp://www.padariabancarios.ddns.com.br:3130/ActiveView.cab
    DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://www.panificadorasantaizabel.tecvozddns.com.br:3130/WebClient.exe

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    caiohsramos    0
  • Autor do tópico
  • É um computador pessoal (do meu pai no caso). O firewall foi desativado para fazer o scan, mas logo depois foi ativado. Todos esses endereços são de câmeras de vigilância que estão ativas e sendo usadas.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @caiohsramos

     

    Amigo, não precisa desativar o firewall durante os scans, somente o AV.

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o arquivo (fixlist.txt) no anexo deste post e salve-o na Área de Trabalho (Desktop).

    Execute o FRST.exe (ou FRST64.exe) e clique no botão Corrigir.

    Aguarde... ao final será gerado o log Fixlog.txt  salvo em sua Área de Trabalho (Desktop).

    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    fixlist.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    caiohsramos    0
  • Autor do tópico
  • Agora parece que o problema foi resolvido, obrigado.

     

    Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 16-08-2017
    Executado por Marcelo (17-08-2017 15:42:58) Run:1
    Executando a partir de C:\Users\Marcelo\Desktop
    Perfis Carregados: Marcelo (Perfis Disponíveis: Marcelo)
    Modo da Inicialização: Normal

    ==============================================

    fixlist Conteúdo:
    *****************

    CreateRestorePoint:
    CloseProcesses:
    CMD: bitsadmin /util /setieproxy localsystem NO_PROXY RESET
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
    CHR HKU\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-266472640-2542465631-3944757491-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  Nenhum Arquivo
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATENÇÃO
    FF DefaultProfile: a8vffnef.default-1497883390427
    FF ProfilePath: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427 [2017-08-14]
    FF NetworkProxy: Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427 -> autoconfig_url", "hxxps://s3-sa-east-1.amazonaws.com/mozillaproject/project1.png"
    FF NetworkProxy: Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427 -> type", 0
    C:\Users\Marcelo\OneDrive.bat
    C:\Users\Marcelo\OneDrive.exe
    2017-08-06 13:38 - 2017-08-06 13:38 - 000740416 _____ (Oracle Corporation) C:\Users\Marcelo\AppData\Local\Temp\jre-8u144-windows-au.exe
    2017-08-02 09:19 - 2017-08-02 09:19 - 058740704 _____ (Skype Technologies S.A.) C:\Users\Marcelo\AppData\Local\Temp\SkypeSetup.exe
    2017-08-02 09:20 - 2017-08-02 09:20 - 014456872 _____ (Microsoft Corporation) C:\Users\Marcelo\AppData\Local\Temp\vc_redist.x86.exe
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> Nenhum Arquivo
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
    Task: {02EAEEC8-17F5-4A4A-B91F-4FB95D8885A6} - System32\Tasks\{1CEDAF6D-1E62-45ED-9416-FD86E35B620A} => C:\Users\Marcelo\Desktop\FSS.exe
    Task: {EB8CBCCE-9915-44FB-B2AC-49E9E3FC4B04} - \Protected Search\Protected Search -> Nenhum Arquivo <==== ATENÇÃO
    RemoveProxy:
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    EmptyTemp:

    *****************

    Ponto de Restauração criado com sucesso.
    Processos fechados com sucesso.

    ========= bitsadmin /util /setieproxy localsystem NO_PROXY RESET =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    Internet proxy settings for account localsystem set to NO_PROXY.
    (connection = default)


    ========= Fim de CMD: =========

    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => chave removido (a) com sucesso.
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\Policies\Google => chave removido (a) com sucesso.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
    HKLM\Software\Classes\PROTOCOLS\Handler\linkscanner => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => chave não encontrado (a).
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => valor removido (a) com sucesso.

    ========================= FF DefaultProfile: a8vffnef.default-1497883390427 ========================

    "FF DefaultProa8vffnef.default-1497883390427" => não encontrado (a).
    ====== Fim de File: ======

    C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427 => movido com sucesso
    C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427 => caminho removido (a) com sucesso.
    FF NetworkProxy: Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427 -> autoconfig_url", "hxxps://s3-sa-east-1.amazonaws.com/mozillaproject/project1.png" => não encontrado (a)
    FF NetworkProxy: Mozilla\Firefox\Profiles\a8vffnef.default-1497883390427 -> type", 0 => não encontrado (a)
    C:\Users\Marcelo\OneDrive.bat => movido com sucesso
    C:\Users\Marcelo\OneDrive.exe => movido com sucesso
    C:\Users\Marcelo\AppData\Local\Temp\jre-8u144-windows-au.exe => movido com sucesso
    C:\Users\Marcelo\AppData\Local\Temp\SkypeSetup.exe => movido com sucesso
    C:\Users\Marcelo\AppData\Local\Temp\vc_redist.x86.exe => movido com sucesso
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => chave não encontrado (a).
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => chave não encontrado (a).
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => chave não encontrado (a).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02EAEEC8-17F5-4A4A-B91F-4FB95D8885A6} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02EAEEC8-17F5-4A4A-B91F-4FB95D8885A6} => chave removido (a) com sucesso.
    C:\Windows\System32\Tasks\{1CEDAF6D-1E62-45ED-9416-FD86E35B620A} => movido com sucesso
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1CEDAF6D-1E62-45ED-9416-FD86E35B620A} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB8CBCCE-9915-44FB-B2AC-49E9E3FC4B04} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB8CBCCE-9915-44FB-B2AC-49E9E3FC4B04} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Protected Search\Protected Search => chave não encontrado (a).

    ========= RemoveProxy: =========

    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => chave removido (a) com sucesso.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
    HKU\S-1-5-21-266472640-2542465631-3944757491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


    ========= Fim de RemoveProxy: =========


    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    0 out of 0 jobs canceled.

    ========= Fim de CMD: =========


    ========= ipconfig /flushdns =========


    Configura‡Æo de IP do Windows

    Libera‡Æo do Cache do DNS Resolver bem-sucedida.

    ========= Fim de CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54310538 B
    Java, Flash, Steam htmlcache => 1019 B
    Windows/system/drivers => 64208621 B
    Edge => 0 B
    Chrome => 882142483 B
    Firefox => 387381841 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 88940 B
    LocalService => 33125 B
    NetworkService => 260 B
    Marcelo => 117496061 B
    LogMeInRemoteUser => 0 B
    LogMeInRemoteUser => 0 B

    RecycleBin => 261053169 B
    EmptyTemp: => 1.7 GB de dados temporários Removidos.

    ================================


    O sistema precisou ser reiniciado.

    ==== Fim de Fixlog 15:46:35 ====

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @caiohsramos

     

    Acesse o site Malwarebytes, clique em Download Gratuito e baixe o arquivo para sua Área de Trabalho (Desktop).

     

    Desative antivírus, antispywares, enfim, programas de prevenção para não causar conflitos.

     

    Clique com o botão direito do mouse no arquivo setup.exe e escolha: Executar como Administrador

     

    • Siga os passos para a instalação;
    • Ao clicar em Concluir aguarde o programa ser aberto;
    • No alto à direita clique em Atualizar agora;
    • O navegador irá abrir, pode fechá-lo e aguarde o término das atualizações;
    • No painel à esquerda clique em Configurações;
    • Na aba Proteção ative Procurar rootkits;
    • Depois clique em Análise no painel à esquerda;
    • Então clique no botão Iniciar Análise e aguarde;
    • Quando o scan terminar uma janela irá se abrir próximo ao relógio;
    • Nela clique em Ver Resultado;
    • Deixe todas as entradas marcadas e clique no botão Colocar em Quarentena;
    • Na janela que abrir clique em Sim para que o computador seja reiniciado;
    • Uma vez reiniciado, abra novamente o Malwarebytes e clique em Histórico e cliquem em Excluir Tudo (opcional);
    • O log será salvo automaticamente pelo programa.
    • Para exportá-lo, clique na aba Histórico > Registros do aplicativo na janela principal do programa;
    • Clique duas vezes em cima do log mais atual e exporte em .TXT;
    • Poste em sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    caiohsramos    0
  • Autor do tópico
  • Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 18/08/17
    Hora da análise: 10:11
    Arquivo de registro: relatorio.txt
    Administrador: Sim

    -Informação do software-
    Versão: 3.1.2.1733
    Versão de componentes: 1.0.160
    Versão do pacote de definições: 1.0.2612
    Licença: Grátis

    -Informação do sistema-
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x86
    Sistema de arquivos: NTFS
    Usuário: SALETA\Marcelo

    -Resumo da análise-
    Tipo de análise: Análise de Ameaças
    Resultado: Concluído
    Objetos verificados: 310100
    Ameaças detectadas: 4
    Ameaças em quarentena: 4
    Tempo decorrido: 17 min, 58 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Habilitado
    PUM: Habilitado

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 1
    PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER, Quarentena, [918], [331708],1.0.2612

    Valor de registro: 1
    PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER|IMAGEPATH, Quarentena, [918], [331708],1.0.2612

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 0
    (Nenhum item malicioso detectado)

    Arquivo: 2
    PUP.Optional.SpyHunter, C:\USERS\MARCELO\DOWNLOADS\SPYHUNTER-INSTALLER (1).EXE, Quarentena, [918], [345850],1.0.2612
    PUP.Optional.SpyHunter, C:\USERS\MARCELO\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, Quarentena, [918], [345850],1.0.2612

    Setor físico: 0
    (Nenhum item malicioso detectado)


    (end)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @caiohsramos

     

    Faça um novo log com o FRST, porém antes de clicar no botão Examinar, marque a opção Addition.

     

    Anexe os logs, por favor.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @caiohsramos

     

    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Baixe o Stinger e salve em sua Área de trabalho (Desktop).
    32 bit (x86) ou 64 bit (x64)

    • Execute o arquivo Stinger.exe como Administrador.
    • Clique no botão “I Accept”


    Stinger%20a.png

    Na nova janela clique em “Advanced” e depois “Settings”

    Stinger%20b.png

    Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

    9hnsyu.png

    Clique em “Customize my Scan”

    Stinger%20f.png

    Selecione as unidades do sistema e em seguida clique no botão “Scan”

    Stinger%20g.png

    Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    caiohsramos    0
  • Autor do tópico
  • McAfee® Labs Stinger™ Version 12.1.0.2466 built on Aug 22 2017 at 03:03:02 Copyright© 2015, McAfee, Inc. All Rights Reserved. AV Engine version v5900.7806 for Windows. Virus data file v1000.0 created on Aug 22, 2017 Ready to scan for 10203 viruses, trojans and variants. Custom scan initiated on terça-feira, agosto 22, 2017 15:57:40 Rootkit scan result : Clean. C:\Users\Marcelo\Dropbox\hi-s4a.apk [MD5:288faf69c482ad44526991fec0995801] is infected with Artemis!288FAF69C482 C:\Users\Marcelo\Dropbox\hi-s4a.apk has been Deleted D:\Caio\Backup pendrive caio\Android\Rom 2.1 spica\AM_OMGv1.22.12.10.zip\Superuser.apk is infected with Artemis!EA45131378B1 D:\Caio\Backup pendrive caio\Android\Rom 2.1 spica\AM_OMGv1.22.12.10.zip\Superuser.apk has been Deleted D:\Caio\Backup pendrive caio\Android\Rom 2.2 spica\SamdroidMod-2.2.2_a9.zip\Superuser.apk is infected with Artemis!C8FA07720FB4 D:\Caio\Backup pendrive caio\Android\Rom 2.2 spica\SamdroidMod-2.2.2_a9.zip\Superuser.apk has been Deleted Summary Report on C: D: File(s) TotalFiles:............ 894811 Clean:................. 230966 Not Scanned:........... 663842 Possibly Infected:..... 3 Time: 02:51:00 Scan completed on terça-feira, agosto 22, 2017 18:48:40

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @caiohsramos

     

    Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

     

    Execute o arquivo como Administrador

    • Aguarde enquanto a ferramenta faz o exame.
    • Ao final salve log como SecurityCheck.html
    • Abra o arquivo com o bloco de notas;
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    caiohsramos    0
  • Autor do tópico
  • SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17]
    WebSite: www.safezone.cc
    DateLog: 24.08.2017 13:06:08
    Path starting: C:\Users\Marcelo\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
    Log directory: C:\SecurityCheck\
    IsAdmin: True
    User: Marcelo
    VersionXML: 4.57is-21.08.2017
    ___________________________________________________________________________

    Windows 7(6.1.7601) Service Pack 1 (x86) Ultimate Lang: Portuguese(0416)
    Installation date OS: 17.03.2011 17:43:53
    LicenseStatus: Windows(R) 7, Ultimate edition The machine is permanently activated.
    Boot Mode: Normal
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    SystemDrive: C: FS: [NTFS] Capacity: [156.2 Gb] Used: [111.3 Gb] Free: [44.9 Gb]
    ------------------------------- [ Windows ] -------------------------------
    Internet Explorer 11.0.9600.17801 Warning! Download Update
    Online installation. Last version available when Windows update is enabled throught the Internet.
    User Account Control enabled
    Notify before download
    Windows Update (wuauserv) - The service is running
    Central de Segurança (wscsvc) - The service is running
    Registro remoto (RemoteRegistry) - The service has stopped
    Descoberta SSDP (SSDPSRV) - The service is running
    Serviços de Área de Trabalho Remota (TermService) - The service has stopped
    Windows Remote Management (WS-Management) (WinRM) - The service has stopped
    ------------------------------ [ MS Office ] ------------------------------
    Microsoft Office 2010 x86 v.14.0.4763.1000
    ---------------------------- [ Antivirus_WMI ] ----------------------------
    AVG Antivirus (enabled and up to date)
    --------------------------- [ FirewallWindows ] ---------------------------
    Firewall do Windows (MpsSvc) - The service is running
    --------------------------- [ AntiSpyware_WMI ] ---------------------------
    Windows Defender (disabled and up to date)
    AVG Antivirus (enabled and up to date)
    ---------------------- [ AntiVirusFirewallInstall ] -----------------------
    AVG AntiVirus FREE v.17.5.3022
    FortiClient SSLVPN v4.0.2300 v.4.0.2300
    -------------------------- [ SecurityUtilities ] --------------------------
    Malwarebytes versão 3.1.2.1733 v.3.1.2.1733
    --------------------------- [ OtherUtilities ] ----------------------------
    Foxit Reader v.4.3.1.218 Warning! Download Update
    TeamViewer 12 v.12.0.82216 [+]
    VLC media player v.2.2.1 Warning! Download Update
    Arquivo do WinRAR
    Microsoft Silverlight v.5.1.40728.0 Warning! Download Update
    TeamViewer 12 (TeamViewer) - The service is running
    --------------------------------- [ IM ] ----------------------------------
    Skype™ 7.39 v.7.39.102
    --------------------------------- [ P2P ] ---------------------------------
    µTorrent v.3.4.7.42330 Warning! P2P-client.
    -------------------------------- [ Java ] ---------------------------------
    Java 8 Update 144 v.8.0.1440.1
    --------------------------- [ AppleProduction ] ---------------------------
    QuickTime 7 v.7.78.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
    Bonjour Service (Bonjour Service) - The service is running
    --------------------------- [ AdobeProduction ] ---------------------------
    Adobe Flash Player 26 ActiveX v.26.0.0.151
    Adobe Flash Player 26 NPAPI v.26.0.0.151
    Adobe Shockwave Player 11.6 v.11.6.0.626 Warning! Download Update
    Adobe Acrobat Reader DC - Português v.17.012.20095 [+]
    ------------------------------- [ Browser ] -------------------------------
    Google Chrome v.60.0.3112.101
    Mozilla Firefox 54.0.1 (x86 pt-BR) v.54.0.1 Warning! Download Update
    --------------------------- [ RunningProcess ] ----------------------------
    C:\Program Files\Mozilla Firefox\firefox.exe v.54.0.1.6388
    ------------------ [ AntivirusFirewallProcessServices ] -------------------
    C:\Program Files\AVG\Antivirus\aswidsagent.exe v.17.5.3.9168
    AVG Antivirus (AVG Antivirus) - The service is running
    C:\Program Files\AVG\Antivirus\AVGSvc.exe v.17.5.3585.0
    AVG Service (avgsvc) - The service is running
    AVG Service (avgsvc) - The service is running
    C:\Program Files\AVG\Framework\Common\avgsvcx.exe v.1.222.3.10832
    C:\Program Files\AVG\Antivirus\avgui.exe v.17.5.3585.203
    C:\Program Files\AVG\Framework\Common\avguix.exe v.1.222.3.10832
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1068
    Malwarebytes Service (MBAMService) - The service is running
    C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.479
    McAfee Validation Trust Protection Service (mfevtp) - The service is running
    C:\Windows\System32\mfevtps.exe v.15.6.0.1870
    Windows Defender (WinDefend) - The service has stopped
    ---------------------------- [ UnwantedApps ] -----------------------------
    Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
    ----------------------------- [ End of Log ] ------------------------------

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @caiohsramos

     

    Como está seu Windows?

     

    # Etapa nº 1 #

     

    Baixe o Delfix by Xplode e salve na sua área de trabalho.

     

    Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

     

    ** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

     

    2mez6ld.png

     

    Clique no botão Executar.

     

    Ao final será gerado um log, mas não é necessário postar.

    # Etapa nº 2 #

    imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.

    Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).

    Basta clicar no Download Update de cada aviso (post acima), que irá para o site do desenvolvedor.

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

     

    # Etapa nº 3 #

     

    O Ccleaner é um excelente utilitário de limpeza para o computador.

     

    Faça o download dele aqui Ccleaner

     

    • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
    • Clique duas vezes nesta pasta;
    • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
    • Coloque o nome de backups.
    • Abra o programa e clique em Executar Limpeza;
    • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    caiohsramos    0
  • Autor do tópico
  • Obrigado por todas as dicas... Aparentemente o problema foi resolvido. Obrigado :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×