Ir ao conteúdo
  • Comunicados

    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.

catenorio

Membros Plenos
  • Total de itens

    39
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre catenorio

Informações gerais

  • Cidade e Estado
    João Pessoa, PB
  1. feito adicionado 0 minutos depois obrigado
  2. Não... não tem problema nenhum fora o bip. Até agora ele nem bipou no dia de hj
  3. Parece estar menos travado mas vez por outra escuto um bip como se fosse aquele bip de quando inicializa a máquina após o reset.
  4. Executei duas vezes... na primeira esqueci de executar como administrador. SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17] WebSite: www.safezone.cc DateLog: 19.09.2017 14:03:49 Path starting: C:\Users\Usuario\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Usuario VersionXML: 4.63is-18.09.2017 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x86) Professional Lang: Portuguese(0416) Installation date OS: 25.09.2012 17:41:26 LicenseStatus: Windows(R) 7, Professional edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files\Internet Explorer\iexplore.exe SystemDrive: C: FS: [NTFS] Capacity: [465.7 Gb] Used: [121.9 Gb] Free: [343.8 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.0.9600.17843 Warning! Download Update Online installation. Last version available when Windows update is enabled throught the Internet. User Account Control disabled The elevation prompt for administrators disabled ^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^ Never check for updates Date install updates: 2014-01-28 14:19:09 Windows Update (wuauserv) - The service is running Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------- [ HotFix ] -------------------------------- HotFix KB3115858 Warning! Download Update HotFix KB3140735 Warning! Download Update HotFix KB3138910 Warning! Download Update HotFix KB3138962 Warning! Download Update HotFix KB3145739 Warning! Download Update HotFix KB3146963 Warning! Download Update HotFix KB3156013 Warning! Download Update HotFix KB3156016 Warning! Download Update HotFix KB3156019 Warning! Download Update HotFix KB3155178 Warning! Download Update HotFix KB3153171 Warning! Download Update HotFix KB3170455 Warning! Download Update HotFix KB3178034 Warning! Download Update HotFix KB3185911 Warning! Download Update HotFix KB3184122 Warning! Download Update HotFix KB3192391 Warning! Download Update HotFix KB3197867 Warning! Download Update HotFix KB3205394 Warning! Download Update HotFix KB4012212 Warning! Download Update HotFix KB4019263 Warning! Download Update HotFix KB4022722 Warning! Download Update HotFix KB4015546 Warning! Download Update HotFix KB4025337 Warning! Download Update HotFix KB4034679 Warning! Download Update ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2007 v.12.0.6612.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Malwarebytes (enabled and out of date) ESET NOD32 Antivirus (disabled) --------------------------- [ FirewallWindows ] --------------------------- Firewall do Windows (MpsSvc) - The service is running Disabled the public profile of Windows Firewall Disabled the standard profile for Windows Firewall --------------------------- [ AntiSpyware_WMI ] --------------------------- ESET NOD32 Antivirus (disabled) Malwarebytes (enabled and out of date) Windows Defender (enabled and out of date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- ESET NOD32 Antivirus v.10.1.219.1 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes versão 3.2.2.2018 v.3.2.2.2018 --------------------------- [ OtherUtilities ] ---------------------------- FileZilla Client 3.0.2.1 v.3.0.2.1 Warning! Download Update TeamViewer 12 v.12.0.83369 WinRAR 5.01 (32-bit) v.5.01.0 Warning! Download Update Microsoft Silverlight v.5.1.20913.0 Warning! Download Update TeamViewer 12 (TeamViewer) - The service is running --------------------------------- [ IM ] ---------------------------------- Skype™ 6.21 v.6.21.104 Warning! Download Update -------------------------------- [ Java ] --------------------------------- Java 8 Update 144 v.8.0.1440.1 --------------------------- [ AppleProduction ] --------------------------- iTunes v.12.6.2.20 Warning! Download Update ^Please use Apple Software Update tool.^ --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 27 ActiveX v.27.0.0.130 Adobe Flash Player 18 NPAPI v.18.0.0.232 Warning! Download Update Adobe Acrobat Reader DC - Português v.17.012.20098 ------------------------------- [ Browser ] ------------------------------- Google Chrome v.60.0.3112.113 Warning! Download Update Mozilla Firefox 53.0.3 (x86 pt-BR) v.53.0.3 Warning! Download Update ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe v.10.1.215.0 ESET Service (ekrn) - The service is running C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe v.10.1.215.0 Malwarebytes Service (MBAMService) - The service is running C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.556 McAfee Validation Trust Protection Service (mfevtp) - The service is running C:\Windows\System32\mfevtps.exe v.15.6.0.1870 Windows Defender (WinDefend) - The service is running ---------------------------- [ UnwantedApps ] ----------------------------- Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems. ----------------------------- [ End of Log ] ------------------------------ SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17] WebSite: www.safezone.cc DateLog: 19.09.2017 14:07:08 Path starting: C:\Users\Usuario\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Usuario VersionXML: 4.63is-18.09.2017 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x86) Professional Lang: Portuguese(0416) Installation date OS: 25.09.2012 17:41:26 LicenseStatus: Windows(R) 7, Professional edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files\Internet Explorer\iexplore.exe SystemDrive: C: FS: [NTFS] Capacity: [465.7 Gb] Used: [121.9 Gb] Free: [343.8 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.0.9600.17843 Warning! Download Update Online installation. Last version available when Windows update is enabled throught the Internet. User Account Control disabled The elevation prompt for administrators disabled ^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^ Never check for updates Date install updates: 2014-01-28 14:19:09 Windows Update (wuauserv) - The service is running Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------- [ HotFix ] -------------------------------- HotFix KB3115858 Warning! Download Update HotFix KB3140735 Warning! Download Update HotFix KB3138910 Warning! Download Update HotFix KB3138962 Warning! Download Update HotFix KB3145739 Warning! Download Update HotFix KB3146963 Warning! Download Update HotFix KB3156013 Warning! Download Update HotFix KB3156016 Warning! Download Update HotFix KB3156019 Warning! Download Update HotFix KB3155178 Warning! Download Update HotFix KB3153171 Warning! Download Update HotFix KB3170455 Warning! Download Update HotFix KB3178034 Warning! Download Update HotFix KB3185911 Warning! Download Update HotFix KB3184122 Warning! Download Update HotFix KB3192391 Warning! Download Update HotFix KB3197867 Warning! Download Update HotFix KB3205394 Warning! Download Update HotFix KB4012212 Warning! Download Update HotFix KB4019263 Warning! Download Update HotFix KB4022722 Warning! Download Update HotFix KB4015546 Warning! Download Update HotFix KB4025337 Warning! Download Update HotFix KB4034679 Warning! Download Update ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2007 v.12.0.6612.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Malwarebytes (enabled and out of date) ESET NOD32 Antivirus (disabled) --------------------------- [ FirewallWindows ] --------------------------- Firewall do Windows (MpsSvc) - The service is running Disabled the public profile of Windows Firewall Disabled the standard profile for Windows Firewall --------------------------- [ AntiSpyware_WMI ] --------------------------- ESET NOD32 Antivirus (disabled) Malwarebytes (enabled and out of date) Windows Defender (enabled and out of date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- ESET NOD32 Antivirus v.10.1.219.1 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes versão 3.2.2.2018 v.3.2.2.2018 --------------------------- [ OtherUtilities ] ---------------------------- FileZilla Client 3.0.2.1 v.3.0.2.1 Warning! Download Update TeamViewer 12 v.12.0.83369 WinRAR 5.01 (32-bit) v.5.01.0 Warning! Download Update Microsoft Silverlight v.5.1.20913.0 Warning! Download Update TeamViewer 12 (TeamViewer) - The service is running --------------------------------- [ IM ] ---------------------------------- Skype™ 6.21 v.6.21.104 Warning! Download Update -------------------------------- [ Java ] --------------------------------- Java 8 Update 144 v.8.0.1440.1 --------------------------- [ AppleProduction ] --------------------------- iTunes v.12.6.2.20 Warning! Download Update ^Please use Apple Software Update tool.^ --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 27 ActiveX v.27.0.0.130 Adobe Flash Player 18 NPAPI v.18.0.0.232 Warning! Download Update Adobe Acrobat Reader DC - Português v.17.012.20098 ------------------------------- [ Browser ] ------------------------------- Google Chrome v.60.0.3112.113 Warning! Download Update Mozilla Firefox 53.0.3 (x86 pt-BR) v.53.0.3 Warning! Download Update ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe v.10.1.215.0 ESET Service (ekrn) - The service is running C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe v.10.1.215.0 Malwarebytes Service (MBAMService) - The service is running C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.556 McAfee Validation Trust Protection Service (mfevtp) - The service is running C:\Windows\System32\mfevtps.exe v.15.6.0.1870 Windows Defender (WinDefend) - The service is running ---------------------------- [ UnwantedApps ] ----------------------------- Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems. ----------------------------- [ End of Log ] ------------------------------
  5. Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 17-09-2017 01 Executado por Usuario (18-09-2017 13:20:14) Run:1 Executando a partir de C:\Users\Usuario\Desktop Perfis Carregados: Usuario (Perfis Disponíveis: Usuario & Correios & Convidado) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CreateRestorePoint: HKLM\...\Run: [] => [X] HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\MountPoints2: {387141f0-072f-11e2-9a13-806e6f6e6963} - D:\instala.exe CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO SearchScopes: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000 -> {3326DB91-C607-4A25-AE0D-5D44540600EB} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default FF DefaultSearchEngine: Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 -> Yahoo Web FF Homepage: Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 -> hxxps://br.yahoo.com/?type=orcl_hpset FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344\searchplugins\yahoo-ysp.xml [2016-01-26] CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms} CHR DefaultSearchKeyword: Default -> duckduckgo CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list CHR Extension: (Yahoo Partner) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-11-16] CHR HKLM\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-01-09] (Baidu, Inc.) AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8] AlternateDataStreams: C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:D0526E84_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:FCE2B18F_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:FCE2B18F_Cef.gbp [2] AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [569] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2174] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] C:\Windows\System32\drivers\Bhbase.sys EmptyTemp: end ***************** Error: (0) Falha ao criar um ponto de restauração. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => valor removido (a) com sucesso. HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{387141f0-072f-11e2-9a13-806e6f6e6963} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{387141f0-072f-11e2-9a13-806e6f6e6963} => chave não encontrado (a). HKLM\SOFTWARE\Policies\Google => chave removido (a) com sucesso. HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3326DB91-C607-4A25-AE0D-5D44540600EB} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{3326DB91-C607-4A25-AE0D-5D44540600EB} => chave não encontrado (a). Firefox DefaultSearchEngine removido (a) com sucesso. Firefox "homepage" removido (a) com sucesso. C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344\searchplugins\yahoo-ysp.xml => movido com sucesso Chrome DefaultSearchURL => removido (a) com sucesso. Chrome DefaultSearchKeyword => removido (a) com sucesso. Chrome DefaultSuggestURL => removido (a) com sucesso. CHR Extension: (Yahoo Partner) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-11-16] => Erro: Nenhuma correção automática foi encontrada para esta entrada. HKLM\SOFTWARE\Google\Chrome\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh => chave removido (a) com sucesso. Bhbase => Não foi possível finalizar o serviço. HKLM\System\CurrentControlSet\Services\Bhbase => chave removido (a) com sucesso. Bhbase => serviço removido (a) com sucesso. C:\Program Files\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso.. C:\Program Files\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso.. C:\Windows\System32 => ":D0526E84_Bb.gbp" ADS removido (a) com sucesso.. C:\Windows\System32 => ":FCE2B18F_Bb.gbp" ADS removido (a) com sucesso.. C:\Windows\System32 => ":FCE2B18F_Cef.gbp" ADS removido (a) com sucesso.. C:\Windows\system32\drivers => ":GbpKmAp.lst" ADS removido (a) com sucesso.. C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.. C:\ProgramData\GbPlugin => ":IncompleteStartGbprcm.cnt" ADS removido (a) com sucesso.. C:\Windows\System32\drivers\Bhbase.sys => movido com sucesso =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 102841582 B Java, Flash, Steam htmlcache => 892 B Windows/system/drivers => 207135567 B Edge => 0 B Chrome => 125350915 B Firefox => 11468519 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 445128 B LocalService => 178356 B NetworkService => 110745 B Usuario => 657961298 B Correios => 214025298 B Convidado => 142726 B RecycleBin => 0 B EmptyTemp: => 1.2 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 13:22:24 ====
  6. Desculpa Sam Spade. Estive viajando e quando voltei esqueci de postar. Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 14-09-2017 01 Executado por Usuario (administrador) em CARLOS-PC (15-09-2017 15:26:24) Executando a partir de C:\Users\Usuario\Desktop Perfis Carregados: Usuario (Perfis Disponíveis: Usuario & Correios & Convidado) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: IE) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (HP) C:\Windows\System32\HPSIsvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Scopus Soluções em TI Ltda) C:\Program Files\scpbrad\scpbradserv.exe (Banco Bradesco S.A.) C:\Program Files\Scpad\scpVista.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (Scopus Soluções em TI Ltda) C:\Program Files\scpbrad\scpbradguard.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (McAfee, Inc.) C:\Program Files\McAfee\Real Protect\RealProtect.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9874024 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [] => [X] HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-07-13] (Apple Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3487032 2017-09-06] (Dropbox, Inc.) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [818224 2017-07-11] (GAS Tecnologia LTDA) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267064 2017-07-14] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [5718904 2017-08-15] (McAfee, Inc.) Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil) Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2016-07-08] (Caixa Economica Federal) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-05-09] (Apple Inc.) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\MountPoints2: {387141f0-072f-11e2-9a13-806e6f6e6963} - D:\instala.exe SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Banco Bradesco S.A.) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1903328 2016-07-08] (Caixa Economica Federal) Startup: C:\Users\Correios\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Correio.lnk [2013-11-05] ShortcutTarget: Correio.lnk -> C:\Windows\CORREIO\CORREIO.exe (VisualSet©) Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Correio.lnk [2013-10-14] ShortcutTarget: Correio.lnk -> C:\Windows\CORREIO\CORREIO.exe (VisualSet©) Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2013-11-28] ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{521FFABB-32C5-4D4D-8DAD-0D81A737DDF0}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{72967C85-2141-4915-8831-EC2679CDED93}: [NameServer] 10.8.39.100,10.192.2.129 Tcpip\..\Interfaces\{C69525D8-E99D-4A87-8049-B401281212B4}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EDBBD74E-BCEC-4C29-80A6-6FAC52C044FF}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.transferweb.correios.com.br/sut/ect_agf/default.aspx HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000 -> DefaultScope {F1502797-1B80-46E9-886C-AE0A74397D3C} URL = hxxp://www.google.com/search?hl=en&q={searchTerms} SearchScopes: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000 -> {3326DB91-C607-4A25-AE0D-5D44540600EB} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000 -> {F1502797-1B80-46E9-886C-AE0A74397D3C} URL = hxxp://www.google.com/search?hl=en&q={searchTerms} BHO: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files\Scpad\scpsssh2.dll [2012-10-24] (Banco Bradesco S.A.) BHO: Sem Nome -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Nenhum Arquivo BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-02] (Oracle Corporation) BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2016-07-08] (Caixa Economica Federal) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-02] (Oracle Corporation) DPF: {DE64E08D-8F19-4D75-A277-855E9DE74AA5} hxxps://vpn1.correios.com.br/forticachecleaner.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 2ym6l5gq.default-1421254590344 FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 [2017-09-14] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 -> Yahoo Web FF Homepage: Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 -> hxxps://br.yahoo.com/?type=orcl_hpset FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344\searchplugins\yahoo-ysp.xml [2016-01-26] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [não assinado] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => não encontrado (a) FF HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\bb\xpi FF Extension: (GBBD Banco do Brasil) - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-05-19] [não assinado] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-02] () FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-02] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1000649665-1868635756-2260419189-1000: gastecnologia.com.br/sf/bb -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-05-19] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-1000649665-1868635756-2260419189-1000: gastecnologia.com.br/sf/cef -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-01-14] (GAS Tecnologia) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2017-08-11] <==== ATENÇÃO (Aponta para arquivo *.cfg) FF ExtraCheck: C:\Program Files\mozilla firefox\warsaw.cfg [2017-08-11] <==== ATENÇÃO Chrome: ======= CHR DefaultProfile: Default CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms} CHR DefaultSearchKeyword: Default -> duckduckgo CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2017-09-12] CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11] CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05] CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05] CHR Extension: (Favoritos do iCloud) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-08-21] CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29] CHR Extension: (Yahoo Partner) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-11-16] CHR Extension: (Skype) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-08] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-06] CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2013-11-26] CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08] CHR HKLM\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-11-26] ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) "Warsaw Technology" => serviço foi desbloqueado. <==== ATENÇÃO S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2013-11-07] (Intel Corporation) S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-09-06] (Dropbox, Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2069936 2017-06-13] (ESET) R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia) S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Arquivo não assinado] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes) R2 mfevtp; C:\Windows\system32\mfevtps.exe [328704 2017-08-15] (McAfee, Inc.) R2 scpbradserv; C:\Program Files\scpbrad\scpbradserv.exe [1995208 2017-06-26] (Scopus Soluções em TI Ltda) R2 scpVista; C:\Program Files\Scpad\scpVista.exe [360624 2012-10-24] (Banco Bradesco S.A.) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [818224 2017-07-11] (GAS Tecnologia LTDA) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2013-06-28] (Atheros Communications, Inc.) R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-01-09] (Baidu, Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113512 2017-06-22] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139384 2017-05-04] (ESET) R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [67712 2017-05-04] (ESET) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-08-24] () R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-08-26] (GAS Tecnologia) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [166848 2017-09-06] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [85440 2017-09-15] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-09-15] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221632 2017-09-15] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [65824 2017-09-15] (Malwarebytes) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [705552 2017-08-15] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [109584 2017-08-15] (McAfee, Inc.) R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-03-12] (GAS Tecnologia) S3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2014-03-15] (GbPlugin NDIS Device Driver) R3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [115200 2010-12-16] () R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [22744 2017-09-15] (GAS Tecnologia) R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [31864 2016-11-11] (GAS Tecnologia) S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [22624 2016-11-11] (GAS Tecnologia) R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [22624 2016-11-11] (GAS Tecnologia) S3 athur; system32\DRIVERS\athur.sys [X] S3 dbx; system32\DRIVERS\dbx.sys [X] S0 gbpddreg; system32\drivers\gbpddreg32.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-09-14 15:43 - 2017-09-14 15:43 - 000311742 _____ C:\Users\Usuario\Desktop\Minha_Fatura_CLÁSSICO PLATINUM MC-25-09-2017.pdf 2017-09-14 14:18 - 2017-09-14 14:18 - 000362473 _____ C:\Users\Usuario\Desktop\Minha_Fatura_MASTERCARD_25-09-2017.pdf 2017-09-08 15:59 - 2017-09-08 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-09-08 14:30 - 2017-09-08 14:30 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-09-08 10:36 - 2017-09-08 10:36 - 000155712 _____ C:\Users\Correios\Downloads\39643735400-IRPF-2017-2016-retif-imagem-declaracao.tif 2017-09-06 13:03 - 2017-09-15 09:35 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-06 13:03 - 2017-09-15 09:35 - 000085440 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-09-06 13:03 - 2017-09-15 09:35 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-09-06 13:03 - 2017-09-15 09:35 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-09-06 13:03 - 2017-09-06 13:03 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-09-06 13:03 - 2017-09-06 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-06 07:29 - 2017-09-06 07:29 - 000043336 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-09-06 07:29 - 2017-09-06 07:29 - 000035432 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-09-06 07:29 - 2017-09-06 07:29 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-09-06 07:29 - 2017-09-06 07:29 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-08-31 14:26 - 2017-09-15 15:24 - 000000000 ____D C:\Users\Usuario\Desktop\FRST-OlderVersion 2017-08-24 13:52 - 2017-08-24 13:52 - 000002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2017-08-24 13:52 - 2017-08-24 13:52 - 000002090 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2017-08-22 14:13 - 2017-08-22 14:13 - 000000000 ____D C:\Users\Todos os Usuários\ESET 2017-08-22 14:13 - 2017-08-22 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2017-08-22 14:13 - 2017-08-22 14:13 - 000000000 ____D C:\ProgramData\ESET 2017-08-22 14:13 - 2017-08-22 14:13 - 000000000 ____D C:\Program Files\ESET 2017-08-17 14:05 - 2017-08-17 14:05 - 000351696 _____ C:\Users\Usuario\Desktop\Shortcut.txt 2017-08-17 14:03 - 2017-08-31 14:31 - 000069722 _____ C:\Users\Usuario\Desktop\Addition.txt 2017-08-17 14:02 - 2017-09-15 15:28 - 000019933 _____ C:\Users\Usuario\Desktop\FRST.txt 2017-08-17 14:01 - 2017-09-15 15:26 - 000000000 ____D C:\FRST 2017-08-17 13:44 - 2017-09-15 15:24 - 001794560 _____ (Farbar) C:\Users\Usuario\Desktop\FRST.exe 2017-08-16 12:55 - 2017-08-16 12:55 - 000000000 _____ C:\Users\Usuario\Desktop\Stinger_16082017_125525.html 2017-08-16 12:50 - 2017-08-16 12:50 - 001034108 _____ C:\Users\Usuario\Desktop\runtime.dat 2017-08-16 12:50 - 2017-08-16 12:50 - 000000114 ___RH C:\Users\Usuario\Desktop\Stinger.opt ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-09-15 15:08 - 2013-10-14 10:19 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Scpad 2017-09-15 15:05 - 2013-10-11 10:08 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin 2017-09-15 15:05 - 2013-10-11 10:08 - 000000000 ____D C:\ProgramData\GbPlugin 2017-09-15 14:57 - 2015-06-03 17:26 - 000001012 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-09-15 13:30 - 2015-06-03 17:26 - 000001008 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-09-15 13:30 - 2014-03-26 15:02 - 000001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf491d8d133394.job 2017-09-15 13:30 - 2013-10-14 11:16 - 000000000 ____D C:\Windows\CORREIO 2017-09-15 09:42 - 2009-07-14 01:34 - 000022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-15 09:42 - 2009-07-14 01:34 - 000022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-15 09:35 - 2016-12-27 15:14 - 000022744 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2017-09-15 09:34 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-13 17:18 - 2013-10-14 13:25 - 000000000 ____D C:\Users\Correios\AppData\LocalLow\Scpad 2017-09-12 14:22 - 2017-08-02 14:49 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ESET 2017-09-11 18:14 - 2013-10-15 14:18 - 000000000 ____D C:\Program Files\TeamViewer 2017-09-11 16:37 - 2009-07-14 01:53 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-09-08 16:06 - 2013-10-14 10:09 - 000000000 ____D C:\Users\Usuario\AppData\Local\CutePDF Writer 2017-09-08 16:00 - 2015-06-03 17:26 - 000000000 ____D C:\Program Files\Dropbox 2017-09-06 14:13 - 2015-06-08 09:47 - 000000000 ____D C:\Users\Usuario\AppData\Local\Dropbox 2017-09-04 11:00 - 2015-10-01 14:40 - 000000000 ____D C:\Users\Usuario\Desktop\RecbibosSET 2017-09-04 10:58 - 2015-01-26 15:55 - 000000000 ____D C:\CLIENTES 2017-08-29 14:24 - 2015-11-06 10:07 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-29 13:31 - 2013-11-19 08:41 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-24 15:42 - 2013-10-15 14:18 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\TeamViewer 2017-08-24 15:25 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\system32\NDF 2017-08-24 13:52 - 2013-11-19 08:40 - 000000000 ____D C:\Program Files\Google 2017-08-24 11:27 - 2017-08-11 14:03 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys 2017-08-22 14:15 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf 2017-08-16 13:05 - 2017-08-15 13:15 - 000000000 ____D C:\Program Files\stinger ==================== Arquivos na raiz de alguns diretórios ======= 2015-03-05 08:33 - 2015-03-05 08:33 - 000017591 _____ () C:\Users\Usuario\AppData\Roaming\unins000.dat 2013-11-26 10:37 - 2013-11-26 10:37 - 000015270 _____ () C:\Users\Usuario\AppData\Roaming\unins001.dat 2017-07-26 15:52 - 2017-07-26 15:52 - 000000218 _____ () C:\Users\Usuario\AppData\Local\recently-used.xbel 2017-07-26 13:04 - 2017-07-31 14:38 - 000007607 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg 2013-01-07 11:04 - 2011-02-23 14:22 - 000024772 _____ () C:\ProgramData\P1100DEF.css 2013-01-07 11:04 - 2011-04-04 19:25 - 000004327 ____R () C:\ProgramData\P1100OS.HTM 2013-01-07 11:04 - 2011-02-23 14:22 - 000002944 _____ () C:\ProgramData\P1100SIG.GIF Alguns arquivos em TEMP: ==================== 2015-12-09 16:27 - 2015-12-09 16:28 - 000071168 _____ () C:\Users\Correios\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpltuyub.dll 2015-11-25 08:57 - 2015-11-25 08:58 - 000585824 _____ (Oracle Corporation) C:\Users\Correios\AppData\Local\Temp\jre-8u66-windows-au.exe 2016-03-15 11:26 - 2016-03-15 12:25 - 000001284 _____ () C:\Users\Correios\AppData\Local\Temp\{CE79EF1E-76A8-4894-8CC5-5BAE2A663297}-49.0.2623.87_48.0.2564.116_chrome_updater.exe 2017-08-02 12:54 - 2017-08-02 12:55 - 000740416 _____ (Oracle Corporation) C:\Users\Usuario\AppData\Local\Temp\jre-8u144-windows-au.exe Alguns com tamanho de zero byte arquivos/pastas: ========================== C:\Windows\System32\ECTSARA_TER_EPSON_TMSERIES.dll ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-09-12 11:00 ==================== Fim de FRST.txt ============================ Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 14-09-2017 01 Executado por Usuario (15-09-2017 15:29:36) Executando a partir de C:\Users\Usuario\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) (2012-09-25 17:41:26) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1000649665-1868635756-2260419189-500 - Administrator - Disabled) Convidado (S-1-5-21-1000649665-1868635756-2260419189-501 - Limited - Disabled) => C:\Users\Convidado Correios (S-1-5-21-1000649665-1868635756-2260419189-1003 - Administrator - Enabled) => C:\Users\Correios HomeGroupUser$ (S-1-5-21-1000649665-1868635756-2260419189-1011 - Limited - Enabled) Usuario (S-1-5-21-1000649665-1868635756-2260419189-1000 - Administrator - Enabled) => C:\Users\Usuario ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Malwarebytes (Enabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: ESET NOD32 Antivirus (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET NOD32 Antivirus (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Malwarebytes (Enabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated) Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Assistente de Conexão do Windows Live (HKLM\...\{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}) (Version: 5.000.818.5 - Microsoft Corporation) Componente de Segurança Bradesco (HKLM\...\scpbrad) (Version: 1.0.0 - Banco Bradesco S.A.) CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - ) Daossoft Excel Password Eraser (HKLM\...\Daossoft Excel Password Eraser) (Version: 7.0.0.1 - Daossoft) Dropbox (HKLM\...\Dropbox) (Version: 34.4.20 - Dropbox, Inc.) Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden Endereçador Escritório v2.1.2 (HKLM\...\Enderecador) (Version: - ) ESET NOD32 Antivirus (HKLM\...\{6007E939-6FBD-4D10-8F5E-DA98054956CE}) (Version: 10.1.219.1 - ESET, spol. s r.o.) Ferramenta de Carregamento do Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) FileZilla Client 3.0.2.1 (HKLM\...\FileZilla Client) (Version: 3.0.2.1 - ) Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: 2.2.1.1119 - Foxit Corporation) GBBD Caixa Economica Federal (HKLM\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - ) GBBD Caixa Economica Federal (HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: GBBD Caixa Economica Federal - ) Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Earth Pro (HKLM\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) hppLaserJetService (HKLM\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (HKLM\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (HKLM\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) iCloud (HKLM\...\{B7BC92A8-B3E5-40A6-9B21-B25E4E1D98F1}) (Version: 6.2.2.39 - Apple Inc.) Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - ) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2014) (Version: 1.4 - Receita Federal do Brasil) IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2015) (Version: 1.2 - Receita Federal do Brasil) iTunes (HKLM\...\{BE5DD9B6-9DF7-4163-A39E-E2141C7A7488}) (Version: 12.6.2.20 - Apple Inc.) Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) Malwarebytes versão 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microvisual (HKLM\...\{E38B19C5-5F9C-11D7-986F-00E07DE9E5DC}) (Version: 4.00.0000 - Microvisual) Módulo de Segurança - Banco do Brasil (HKLM\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.0.2 - ) Mozilla Firefox 53.0.3 (x86 pt-BR) (HKLM\...\Mozilla Firefox 53.0.3 (x86 pt-BR)) (Version: 53.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla) PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.) Receitanet (HKLM\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados) Scan Utility220 (HKLM\...\{D5897F1B-D919-4CFF-B77B-767A5810A27D}) (Version: 2.20 - ARGOX) Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype Web Plugin (HKLM\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.) Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Suporte para Aplicativos Apple (32-bit) (HKLM\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.) TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.83369 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Warsaw 1.18.1.2 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.18.1.2 - GAS Tecnologia) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Xml Viewer (HKLM\...\{F58E04CD-6E76-43C8-AAF1-482225C2910E}) (Version: 3 - MindFusion Limited) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000010-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000011-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000013-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000014-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000015-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000017-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000018-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000019-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000100-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000101-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000103-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000105-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000106-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000107-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000108-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000109-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025601-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025604-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025605-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025606-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025607-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025608-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025609-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0002560A-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686AA-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686AE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686AF-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B4-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B8-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B9-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686BD-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686BE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686C2-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686C3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686C7-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{13FA5947-561C-11D1-BE3F-00A0C95A6A5C}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{2200CD20-1176-101D-85F5-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\barcod32.ocx (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{2200CD24-1176-101D-85F5-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\barcod32.ocx (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{2F155EE4-C332-11CD-B23C-0000C0058192}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{35D7C407-EF75-11D1-B523-444553540000}\InprocServer32 -> C:\Windows\system32\aunzip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{35D7C408-EF75-11D1-B523-444553540000}\InprocServer32 -> C:\Windows\system32\aunzip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{41F841C1-AE16-11D5-8817-0050DA6EF5E5}\InprocServer32 -> C:\Windows\system32\SPR32X60.ocx (FarPoint Technologies, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{41F841C7-AE16-11D5-8817-0050DA6EF5E5}\InprocServer32 -> C:\Windows\system32\SPR32X60.ocx (FarPoint Technologies, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{5FEC78AE-BE49-101A-947B-00DD010F7B46}\InprocServer32 -> C:\Windows\system32\MSOUTL32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{62208F41-3D2D-11D3-8153-00C0DFC2E32C}\InprocServer32 -> C:\Windows\system32\FtpX.OCX (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{637206E2-F485-11D1-AE81-94B401C10000}\InprocServer32 -> C:\Windows\system32\azip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{648A5604-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{75347086-7260-11D1-BE46-00A0C95A6A5C}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{75C66E66-8949-11D2-BF6D-00A0C9DA4FA2}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{75C66E68-8949-11D2-BF6D-00A0C9DA4FA2}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7A080CC5-26E2-101B-AEBD-04021C009402}\InprocServer32 -> C:\Windows\system32\GAUGE32.OCX (MicroHelp, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> dwusplay.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> dwusplay.exe => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{973C8EE0-4546-11D0-86B1-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\mras32.ocx () CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{973C8EE4-4546-11D0-86B1-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\mras32.ocx () CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A0E5F37E-CA67-11D1-A817-00A0C92784CD}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A1067406-EB2F-11D1-AE81-94B401C10000}\InprocServer32 -> C:\Windows\system32\azip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A1067407-EB2F-11D1-AE81-94B401C10000}\InprocServer32 -> C:\Windows\system32\azip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A8C3B720-0B5A-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B37969E0-58B1-11D2-821F-000086075197}\InprocServer32 -> C:\Windows\system32\FtpX.OCX (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4741E10-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4741FD0-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4742170-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4742180-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4742190-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B47421A0-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B71A485A-57D1-11D2-821F-000086075197}\InprocServer32 -> C:\Windows\system32\FtpX.OCX (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{BE4F3AC5-AEC9-101A-947B-00DD010F7B46}\InprocServer32 -> C:\Windows\system32\MSOUTL32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{C4847596-972C-11D0-9567-00A0C9273C2A}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{C7D6D444-7FDE-101B-AFF8-00AA003E1700}\InprocServer32 -> C:\Windows\system32\GAUGE32.OCX (MicroHelp, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{D0FC8A81-2CB2-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{E0DC8C80-3486-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{F4392542-0CFE-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-06-13] (ESET) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2017-05-09] (Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal) ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-06-13] (ESET) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-09-06] (Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-07] (Intel Corporation) ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-06-13] (ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {124AE4BF-4354-4242-BC5F-AFA43133B31F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {1B535138-1EDD-4796-B53B-0711A5AC34A8} - System32\Tasks\GoogleUpdateTaskMachineCore1cf491d8d133394 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {34CCC427-F9A7-461D-8C12-4B44E53EBAFA} - System32\Tasks\GoogleUpdateTaskMachineUA1cf9098cf40b53f => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {38D73D34-D5FB-4101-9011-BB8A6D614F34} - System32\Tasks\{62025C73-F502-4F19-9ACE-768E1368A1FB} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Desktop\Inst_CobrancaCAIXA.exe -d C:\Users\Usuario\Desktop Task: {430441DA-294D-4720-AE2B-F557017BD4B0} - System32\Tasks\{355DCA3E-C7FE-4EF4-95F9-EDE2D7792597} => C:\Windows\system32\pcalua.exe -a "C:\Users\Correios\Downloads\iGBPCEFsf (7).exe" -d C:\Users\Correios\Downloads Task: {54220F11-1686-4899-A8EA-0E339F1FCFCA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {5F0411C0-C313-45A2-8066-7A1CC275176F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {62C9DDE3-1F1A-448C-9443-5020953B7CA5} - System32\Tasks\{B38BA845-256C-436C-B838-CCB9935D284D} => C:\Windows\system32\pcalua.exe -a G:\PenDrive2\Ativadores\IMPRESSORA-CUTEPDF\converter.exe -d G:\PenDrive2\Ativadores\IMPRESSORA-CUTEPDF Task: {6519A685-DC7C-43F4-806B-746985F3137B} - System32\Tasks\{1B9C65F8-83C7-4721-AA48-D26D26970134} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\Downloads\iGBPCEFsf (1).exe" -d C:\Users\Usuario\Downloads Task: {685340FF-A39B-4BCD-9915-D6BF51DEEEF3} - System32\Tasks\GoogleUpdateTaskMachineCore1d0418b48d22cff => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {893B2C03-CDC3-48C1-8F89-E6622F36DE25} - System32\Tasks\{568090BD-E064-4B54-AAAB-289E82CD182D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82TUZB4D\iGBPCEFgb.exe" -d C:\Users\Usuario\Desktop Task: {9A44EEB8-6B33-42E8-94FB-B079C8A072A9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {B3582C02-7DB6-4B9C-9330-0045E34DBAAD} - System32\Tasks\{17AFF89D-A2BE-4C94-86BA-F363E2D40E38} => C:\Windows\system32\pcalua.exe -a "C:\Users\Correios\Downloads\iGBPCEFsf (5).exe" -d C:\Users\Correios\Downloads Task: {BB9EB799-116A-4338-BCEB-471F8217719D} - System32\Tasks\{CBBAE917-BDCF-475F-BECA-407B0F3FFC94} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {CBEA7E1E-3288-42D6-B54E-98A141C4AF7F} - System32\Tasks\{0E9AFB20-151C-4A3A-A35B-F9969D756B86} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Desktop\Receitanet-1.07.exe -d C:\Users\Usuario\Desktop Task: {D94C5BD3-09B6-46CE-94B4-2DCEB4E66A1A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf491d8d133394.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Usuario\Dropbox\CobrançaUnicred.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://cobranca.unicrednne.com.br/cobv1/ ==================== Módulos Carregados (Whitelisted) ============== 2013-10-29 13:15 - 2007-07-12 22:33 - 000087552 _____ () C:\Windows\System32\cpwmon2k.dll 2012-10-08 17:39 - 2011-04-02 16:03 - 000151552 _____ () C:\Windows\System32\HP1100LM.DLL 2012-10-08 17:39 - 2011-04-02 16:03 - 000069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL 2012-10-08 17:39 - 2012-08-31 15:02 - 002306048 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\hp1100su.dll 2012-10-08 17:39 - 2012-08-31 15:01 - 000794624 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1100GC.dll 2017-07-13 20:51 - 2017-07-13 20:51 - 001041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-01 18:13 - 2016-09-01 18:13 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-08-11 14:03 - 2017-08-24 11:27 - 001724368 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2007-10-17 16:20 - 2007-10-17 16:20 - 000041472 _____ () C:\Program Files\FileZilla Client\fzshellext.dll 2012-09-25 15:12 - 2011-04-09 23:40 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll 2017-09-08 15:59 - 2017-09-06 07:29 - 000771392 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll 2017-09-08 15:59 - 2017-09-06 07:29 - 001804608 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll 2017-09-08 15:59 - 2017-09-06 07:29 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd 2017-09-08 15:59 - 2017-09-06 07:34 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd 2017-09-08 15:59 - 2017-09-06 07:31 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000125904 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd 2017-09-08 15:59 - 2017-09-06 07:31 - 001862992 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-09-08 15:59 - 2017-09-06 07:31 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll 2017-09-08 15:59 - 2017-09-06 07:29 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd 2017-09-08 15:59 - 2017-09-06 07:34 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll 2017-09-08 15:59 - 2017-09-06 07:34 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd 2017-09-08 15:59 - 2017-09-06 07:34 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd 2017-09-08 15:59 - 2017-09-06 07:31 - 000022336 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-09-08 15:59 - 2017-09-06 07:35 - 000023368 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd 2017-09-08 15:59 - 2017-09-06 07:34 - 000082264 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-09-08 15:59 - 2017-09-06 07:35 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 001826104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 001972024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 003928896 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000171336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000042816 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000531264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000133432 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000224064 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000207680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd 2017-09-08 15:59 - 2017-09-06 07:35 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-09-08 15:59 - 2017-09-06 07:35 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-09-08 15:59 - 2017-09-06 07:34 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-09-08 15:59 - 2017-09-06 07:35 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-09-08 15:59 - 2017-09-06 07:35 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2017-09-08 15:59 - 2017-09-06 07:31 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd 2017-09-08 15:59 - 2017-09-06 07:35 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000025936 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-09-08 15:59 - 2017-09-06 07:29 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll 2017-09-08 15:59 - 2017-09-06 07:31 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-09-08 15:59 - 2017-09-06 07:34 - 000030536 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.dll 2017-09-08 15:59 - 2017-09-06 07:32 - 001637688 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll 2017-09-08 15:59 - 2017-09-06 07:35 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-09-08 15:59 - 2017-09-06 07:34 - 000023368 _____ () C:\Program Files\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000546104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd 2017-09-08 15:59 - 2017-09-06 07:32 - 000357688 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd 2017-07-14 10:28 - 2017-07-14 10:28 - 001041720 _____ () C:\Program Files\iTunes\libxml2.dll 2017-07-14 10:28 - 2017-07-14 10:28 - 000080184 _____ () C:\Program Files\iTunes\zlib1.dll 2017-07-13 20:50 - 2017-07-13 20:50 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8] AlternateDataStreams: C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:D0526E84_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:FCE2B18F_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:FCE2B18F_Cef.gbp [2] AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [522] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2174] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""="" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\accesstage.com.br -> hxxps://www.accesstage.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\bb.com.br -> hxxps://seg.bb.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\caixa.gov.br -> imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\correios.com.br -> hxxps://vpn1.correios.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\jus.br -> hxxps://ejus.tjpb.jus.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:04 - 2016-06-04 08:47 - 000000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Firewall do Windows está desabilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{533911FE-61F9-4AB6-95C6-F2594040196F}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{2FEA682D-3EE2-4B31-A79C-6B5C62603901}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{1E2602B1-DEBC-4FB9-8C01-71196C83758B}] => (Allow) svchost.exe FirewallRules: [{46E054C4-47C8-4660-9E99-2F20BDC82D3B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{1EE64AD0-D205-4755-AC8A-DA4B3917455A}] => (Allow) C:\Program Files\SkypeWebPlugin\SkypeWebPlugin.exe FirewallRules: [{04ECA7D8-3F50-452B-9F04-E3CE87EA95EE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{AD50CD46-63E0-42A0-B2CA-40A8B3617AC5}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{DE120D25-2BE0-413B-A1B5-934DEDBC315B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{D2CEBDB6-BB65-4E75-88BE-145DDBB1DEE8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{F9B39C39-61E0-4494-858D-465FAF84DAC7}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{C6197B0F-E16C-4FFD-8918-57A0489597FD}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{93A74CC8-2424-4934-B5D5-CFE33D537BE0}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{B33133CA-90EF-4279-B62B-A671EC0FF570}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{CE6E444C-CF14-4377-A99F-649756F1B980}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{19ADC98D-44D0-4410-97AD-1DF5B511575C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{59893614-265C-4B28-86F9-E2E5C7D20017}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{FCA0EAFD-0E3D-47F9-ADDD-C60A8D445F9C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{A3662E4C-D761-4D64-A080-09367AAF7C54}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C9D58BB1-913C-492A-9CD6-5E1CCE9C1267}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7EE00F0B-0A97-485A-89CA-21EEADE2B5B7}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe FirewallRules: [{EED32D21-F871-4321-8241-5DD5F03C5A60}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{F907C13C-3587-4E09-9091-3C2DB1AA9340}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{45B8E6F7-E2EB-4B12-B5AD-2A471E03EDB7}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{7F12DE01-945F-4BD0-BD0B-D63836FF240F}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{D6514419-E0D5-4E0C-A243-E5FD44EDA9C3}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{688566F8-5F4C-4890-96F7-F41EFEF545C7}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe ==================== Pontos de Restauração ========================= ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Warsaw - Driver (PP) Description: Warsaw - Driver (PP) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wsddpp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (09/15/2017 03:07:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: iexplore.exe, versão: 11.0.9600.17840, carimbo de hora: 0x555fe1bb Nome do módulo de falhas: wslbscrwh32.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x59316462 Código de exceção: 0xc0000005 Deslocamento com falha: 0x681790a0 Identificação do processo com falha: 0x1e6c Hora de início do aplicativo com falha: 0x01d32e473456b2c6 Caminho do aplicativo com falha: C:\Program Files\Internet Explorer\iexplore.exe FCaminho do módulo de falhas: wslbscrwh32.dll Identificação do Relatório: c1008885-9a40-11e7-a869-c86000eb4387 Error: (09/15/2017 02:23:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa iexplore.exe versão 11.0.9600.17840 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 12c4 Hora de Início: 01d32e424823f74a Hora de Término: 16 Caminho do Aplicativo: C:\Program Files\Internet Explorer\iexplore.exe Id do Relatório: Error: (09/15/2017 01:46:38 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa iexplore.exe versão 11.0.9600.17840 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: ad0 Hora de Início: 01d32e40fb453f47 Hora de Término: 78 Caminho do Aplicativo: C:\Program Files\Internet Explorer\iexplore.exe Id do Relatório: Error: (09/15/2017 10:42:00 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descrição = Ponto de Verificação Agendado; Erro = 0x80070422). Error: (09/15/2017 09:36:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/14/2017 05:29:48 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descrição = Ponto de Verificação Agendado; Erro = 0x80070422). Error: (09/14/2017 05:24:34 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Falha na geração de contexto de ativação para "C:\Program Files\Argox\Scan Utility V2.20\driver\DFU\Win8\x64\dpinst_amd64.exe". Assembly dependente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado. Error: (09/14/2017 05:24:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Falha na geração de contexto de ativação para "C:\Program Files\Argox\Scan Utility V2.20\driver\DFU\Win7\x64\dpinst_amd64.exe". Assembly dependente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado. Error: (09/14/2017 01:35:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2017 05:14:20 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descrição = Ponto de Verificação Agendado; Erro = 0x80070422). Erros de Sistema: ============= Error: (09/15/2017 03:05:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (09/15/2017 01:30:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (09/15/2017 09:37:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (09/15/2017 09:36:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço TeamViewer. Error: (09/15/2017 09:35:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: gbpddreg Error: (09/14/2017 04:25:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (09/14/2017 01:39:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Serviço Windows Update suspenso ao iniciar. Error: (09/14/2017 01:34:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (09/14/2017 01:34:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço TeamViewer. Error: (09/14/2017 01:33:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: gbpddreg CodeIntegrity: =================================== Date: 2017-08-22 14:12:29.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-22 14:12:29.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.618 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.618 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-31 19:20:08.235 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-31 19:20:08.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appid.sys because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz Percentagem de memória em uso: 69% RAM física total: 2986.3 MB RAM física disponível: 898.88 MB Virtual Total: 5970.9 MB Virtual disponível: 3221.48 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:343.4 GB) NTFS Drive d: (GPBe2008) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS Drive e: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)] Drive f: () (Fixed) (Total:148.95 GB) (Free:42.49 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 13BD13BD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================
  7. Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 20-08-2017 Executado por Usuario (31-08-2017 14:29:55) Executando a partir de C:\Users\Usuario\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) (2012-09-25 17:41:26) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1000649665-1868635756-2260419189-500 - Administrator - Disabled) Convidado (S-1-5-21-1000649665-1868635756-2260419189-501 - Limited - Disabled) => C:\Users\Convidado Correios (S-1-5-21-1000649665-1868635756-2260419189-1003 - Administrator - Enabled) => C:\Users\Correios HomeGroupUser$ (S-1-5-21-1000649665-1868635756-2260419189-1011 - Limited - Enabled) Usuario (S-1-5-21-1000649665-1868635756-2260419189-1000 - Administrator - Enabled) => C:\Users\Usuario ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: ESET NOD32 Antivirus (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET NOD32 Antivirus (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated) Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Assistente de Conexão do Windows Live (HKLM\...\{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}) (Version: 5.000.818.5 - Microsoft Corporation) Componente de Segurança Bradesco (HKLM\...\scpbrad) (Version: 1.0.0 - Banco Bradesco S.A.) CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - ) Daossoft Excel Password Eraser (HKLM\...\Daossoft Excel Password Eraser) (Version: 7.0.0.1 - Daossoft) Dropbox (HKLM\...\Dropbox) (Version: 33.4.23 - Dropbox, Inc.) Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden Endereçador Escritório v2.1.2 (HKLM\...\Enderecador) (Version: - ) ESET NOD32 Antivirus (HKLM\...\{6007E939-6FBD-4D10-8F5E-DA98054956CE}) (Version: 10.1.219.1 - ESET, spol. s r.o.) Ferramenta de Carregamento do Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) FileZilla Client 3.0.2.1 (HKLM\...\FileZilla Client) (Version: 3.0.2.1 - ) Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: 2.2.1.1119 - Foxit Corporation) GBBD Caixa Economica Federal (HKLM\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - ) GBBD Caixa Economica Federal (HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: GBBD Caixa Economica Federal - ) Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Earth Pro (HKLM\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) hppLaserJetService (HKLM\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (HKLM\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (HKLM\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) iCloud (HKLM\...\{B7BC92A8-B3E5-40A6-9B21-B25E4E1D98F1}) (Version: 6.2.2.39 - Apple Inc.) Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - ) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2014) (Version: 1.4 - Receita Federal do Brasil) IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2015) (Version: 1.2 - Receita Federal do Brasil) iTunes (HKLM\...\{BE5DD9B6-9DF7-4163-A39E-E2141C7A7488}) (Version: 12.6.2.20 - Apple Inc.) Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) Malwarebytes versão 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microvisual (HKLM\...\{E38B19C5-5F9C-11D7-986F-00E07DE9E5DC}) (Version: 4.00.0000 - Microvisual) Módulo de Segurança - Banco do Brasil (HKLM\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.0.2 - ) Mozilla Firefox 53.0.3 (x86 pt-BR) (HKLM\...\Mozilla Firefox 53.0.3 (x86 pt-BR)) (Version: 53.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla) PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.) Receitanet (HKLM\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados) Scan Utility220 (HKLM\...\{D5897F1B-D919-4CFF-B77B-767A5810A27D}) (Version: 2.20 - ARGOX) Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype Web Plugin (HKLM\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.) Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Suporte para Aplicativos Apple (32-bit) (HKLM\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.) TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.82216 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Warsaw 1.18.1.2 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.18.1.2 - GAS Tecnologia) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Xml Viewer (HKLM\...\{F58E04CD-6E76-43C8-AAF1-482225C2910E}) (Version: 3 - MindFusion Limited) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000010-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000011-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000013-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000014-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000015-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000017-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000018-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000019-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000100-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000101-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000103-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000105-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000106-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000107-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000108-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000109-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025601-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025604-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025605-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025606-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025607-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025608-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025609-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0002560A-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686AA-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686AE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686AF-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B4-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B8-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B9-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686BD-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686BE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686C2-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686C3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686C7-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{13FA5947-561C-11D1-BE3F-00A0C95A6A5C}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{2200CD20-1176-101D-85F5-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\barcod32.ocx (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{2200CD24-1176-101D-85F5-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\barcod32.ocx (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{2F155EE4-C332-11CD-B23C-0000C0058192}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{35D7C407-EF75-11D1-B523-444553540000}\InprocServer32 -> C:\Windows\system32\aunzip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{35D7C408-EF75-11D1-B523-444553540000}\InprocServer32 -> C:\Windows\system32\aunzip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{41F841C1-AE16-11D5-8817-0050DA6EF5E5}\InprocServer32 -> C:\Windows\system32\SPR32X60.ocx (FarPoint Technologies, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{41F841C7-AE16-11D5-8817-0050DA6EF5E5}\InprocServer32 -> C:\Windows\system32\SPR32X60.ocx (FarPoint Technologies, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{5FEC78AE-BE49-101A-947B-00DD010F7B46}\InprocServer32 -> C:\Windows\system32\MSOUTL32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{62208F41-3D2D-11D3-8153-00C0DFC2E32C}\InprocServer32 -> C:\Windows\system32\FtpX.OCX (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{637206E2-F485-11D1-AE81-94B401C10000}\InprocServer32 -> C:\Windows\system32\azip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{648A5604-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{75347086-7260-11D1-BE46-00A0C95A6A5C}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{75C66E66-8949-11D2-BF6D-00A0C9DA4FA2}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{75C66E68-8949-11D2-BF6D-00A0C9DA4FA2}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7A080CC5-26E2-101B-AEBD-04021C009402}\InprocServer32 -> C:\Windows\system32\GAUGE32.OCX (MicroHelp, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> dwusplay.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> dwusplay.exe => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{973C8EE0-4546-11D0-86B1-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\mras32.ocx () CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{973C8EE4-4546-11D0-86B1-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\mras32.ocx () CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A0E5F37E-CA67-11D1-A817-00A0C92784CD}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A1067406-EB2F-11D1-AE81-94B401C10000}\InprocServer32 -> C:\Windows\system32\azip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A1067407-EB2F-11D1-AE81-94B401C10000}\InprocServer32 -> C:\Windows\system32\azip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A8C3B720-0B5A-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B37969E0-58B1-11D2-821F-000086075197}\InprocServer32 -> C:\Windows\system32\FtpX.OCX (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4741E10-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4741FD0-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4742170-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4742180-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4742190-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B47421A0-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B71A485A-57D1-11D2-821F-000086075197}\InprocServer32 -> C:\Windows\system32\FtpX.OCX (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{BE4F3AC5-AEC9-101A-947B-00DD010F7B46}\InprocServer32 -> C:\Windows\system32\MSOUTL32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{C4847596-972C-11D0-9567-00A0C9273C2A}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{C7D6D444-7FDE-101B-AFF8-00AA003E1700}\InprocServer32 -> C:\Windows\system32\GAUGE32.OCX (MicroHelp, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{D0FC8A81-2CB2-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{E0DC8C80-3486-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{F4392542-0CFE-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-06-13] (ESET) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2017-05-09] (Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal) ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-06-13] (ESET) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-07] (Intel Corporation) ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2017-06-13] (ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {124AE4BF-4354-4242-BC5F-AFA43133B31F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {1B535138-1EDD-4796-B53B-0711A5AC34A8} - System32\Tasks\GoogleUpdateTaskMachineCore1cf491d8d133394 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {34CCC427-F9A7-461D-8C12-4B44E53EBAFA} - System32\Tasks\GoogleUpdateTaskMachineUA1cf9098cf40b53f => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {38D73D34-D5FB-4101-9011-BB8A6D614F34} - System32\Tasks\{62025C73-F502-4F19-9ACE-768E1368A1FB} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Desktop\Inst_CobrancaCAIXA.exe -d C:\Users\Usuario\Desktop Task: {430441DA-294D-4720-AE2B-F557017BD4B0} - System32\Tasks\{355DCA3E-C7FE-4EF4-95F9-EDE2D7792597} => C:\Windows\system32\pcalua.exe -a "C:\Users\Correios\Downloads\iGBPCEFsf (7).exe" -d C:\Users\Correios\Downloads Task: {54220F11-1686-4899-A8EA-0E339F1FCFCA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {5F0411C0-C313-45A2-8066-7A1CC275176F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {62C9DDE3-1F1A-448C-9443-5020953B7CA5} - System32\Tasks\{B38BA845-256C-436C-B838-CCB9935D284D} => C:\Windows\system32\pcalua.exe -a G:\PenDrive2\Ativadores\IMPRESSORA-CUTEPDF\converter.exe -d G:\PenDrive2\Ativadores\IMPRESSORA-CUTEPDF Task: {6519A685-DC7C-43F4-806B-746985F3137B} - System32\Tasks\{1B9C65F8-83C7-4721-AA48-D26D26970134} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\Downloads\iGBPCEFsf (1).exe" -d C:\Users\Usuario\Downloads Task: {685340FF-A39B-4BCD-9915-D6BF51DEEEF3} - System32\Tasks\GoogleUpdateTaskMachineCore1d0418b48d22cff => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {893B2C03-CDC3-48C1-8F89-E6622F36DE25} - System32\Tasks\{568090BD-E064-4B54-AAAB-289E82CD182D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82TUZB4D\iGBPCEFgb.exe" -d C:\Users\Usuario\Desktop Task: {9A44EEB8-6B33-42E8-94FB-B079C8A072A9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {B3582C02-7DB6-4B9C-9330-0045E34DBAAD} - System32\Tasks\{17AFF89D-A2BE-4C94-86BA-F363E2D40E38} => C:\Windows\system32\pcalua.exe -a "C:\Users\Correios\Downloads\iGBPCEFsf (5).exe" -d C:\Users\Correios\Downloads Task: {BB9EB799-116A-4338-BCEB-471F8217719D} - System32\Tasks\{CBBAE917-BDCF-475F-BECA-407B0F3FFC94} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {CBEA7E1E-3288-42D6-B54E-98A141C4AF7F} - System32\Tasks\{0E9AFB20-151C-4A3A-A35B-F9969D756B86} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Desktop\Receitanet-1.07.exe -d C:\Users\Usuario\Desktop Task: {D94C5BD3-09B6-46CE-94B4-2DCEB4E66A1A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf491d8d133394.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Usuario\Dropbox\CobrançaUnicred.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://cobranca.unicrednne.com.br/cobv1/ ==================== Módulos Carregados (Whitelisted) ============== 2013-10-29 13:15 - 2007-07-12 22:33 - 000087552 _____ () C:\Windows\System32\cpwmon2k.dll 2012-10-08 17:39 - 2011-04-02 16:03 - 000151552 _____ () C:\Windows\System32\HP1100LM.DLL 2012-10-08 17:39 - 2011-04-02 16:03 - 000069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL 2012-10-08 17:39 - 2012-08-31 15:02 - 002306048 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\hp1100su.dll 2012-10-08 17:39 - 2012-08-31 15:01 - 000794624 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1100GC.dll 2017-07-13 20:51 - 2017-07-13 20:51 - 001041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-01 18:13 - 2016-09-01 18:13 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2007-10-17 16:20 - 2007-10-17 16:20 - 000041472 _____ () C:\Program Files\FileZilla Client\fzshellext.dll 2012-09-25 15:12 - 2011-04-09 23:40 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll 2017-08-23 14:05 - 2017-08-22 13:55 - 000757568 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll 2017-08-23 14:05 - 2017-08-22 13:55 - 001787200 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll 2017-08-23 14:06 - 2017-08-22 13:53 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd 2017-08-23 14:06 - 2017-08-22 13:57 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd 2017-08-23 14:04 - 2017-08-22 13:56 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000125904 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd 2017-08-23 14:04 - 2017-08-22 13:56 - 001862992 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-08-23 14:04 - 2017-08-22 13:56 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-08-23 14:05 - 2017-08-22 13:53 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd 2017-08-23 14:05 - 2017-08-22 13:55 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll 2017-08-23 14:06 - 2017-08-22 13:53 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd 2017-08-23 14:06 - 2017-08-22 13:57 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd 2017-08-23 14:05 - 2017-08-22 13:53 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd 2017-08-23 14:05 - 2017-08-22 13:55 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll 2017-08-23 14:06 - 2017-08-22 13:57 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd 2017-08-23 14:06 - 2017-08-22 13:57 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd 2017-08-23 14:04 - 2017-08-22 13:56 - 000022336 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-08-23 14:06 - 2017-08-22 13:57 - 000082264 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-08-23 14:06 - 2017-08-22 13:57 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 003928896 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 001826104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 001972024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000171336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000042816 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000531264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000133432 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000224064 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000207680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd 2017-08-23 14:06 - 2017-08-22 13:57 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-08-23 14:06 - 2017-08-22 13:57 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-08-23 14:06 - 2017-08-22 13:57 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-08-23 14:06 - 2017-08-22 13:57 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-08-23 14:06 - 2017-08-22 13:57 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2017-08-23 14:05 - 2017-08-22 13:56 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-08-23 14:06 - 2017-08-22 13:53 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd 2017-08-23 14:06 - 2017-08-22 13:58 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000025936 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-08-23 14:05 - 2017-08-22 13:55 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll 2017-08-23 14:05 - 2017-08-22 13:56 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-08-23 14:06 - 2017-08-22 13:57 - 000030536 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.dll 2017-08-23 14:05 - 2017-08-22 13:57 - 001637688 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll 2017-08-23 14:06 - 2017-08-22 13:57 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-08-23 14:06 - 2017-08-22 13:57 - 000023368 _____ () C:\Program Files\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000546104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd 2017-08-23 14:05 - 2017-08-22 13:57 - 000357688 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd 2017-07-14 10:28 - 2017-07-14 10:28 - 001041720 _____ () C:\Program Files\iTunes\libxml2.dll 2017-07-14 10:28 - 2017-07-14 10:28 - 000080184 _____ () C:\Program Files\iTunes\zlib1.dll 2017-07-13 20:50 - 2017-07-13 20:50 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll 2013-10-14 11:26 - 2007-06-21 10:08 - 000223744 _____ () C:\Windows\system32\kripto.dll 2009-02-26 13:46 - 2009-02-26 13:46 - 000064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll 2013-07-10 18:07 - 2013-07-10 18:07 - 000756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8] AlternateDataStreams: C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:D0526E84_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:FCE2B18F_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:FCE2B18F_Cef.gbp [2] AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [569] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2174] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""="" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\accesstage.com.br -> hxxps://www.accesstage.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\bb.com.br -> hxxps://seg.bb.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\caixa.gov.br -> imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\correios.com.br -> hxxps://vpn1.correios.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\jus.br -> hxxps://ejus.tjpb.jus.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:04 - 2016-06-04 08:47 - 000000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Firewall do Windows está desabilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{533911FE-61F9-4AB6-95C6-F2594040196F}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{2FEA682D-3EE2-4B31-A79C-6B5C62603901}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{1E2602B1-DEBC-4FB9-8C01-71196C83758B}] => (Allow) svchost.exe FirewallRules: [{46E054C4-47C8-4660-9E99-2F20BDC82D3B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{1EE64AD0-D205-4755-AC8A-DA4B3917455A}] => (Allow) C:\Program Files\SkypeWebPlugin\SkypeWebPlugin.exe FirewallRules: [{04ECA7D8-3F50-452B-9F04-E3CE87EA95EE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{AD50CD46-63E0-42A0-B2CA-40A8B3617AC5}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{DE120D25-2BE0-413B-A1B5-934DEDBC315B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{D2CEBDB6-BB65-4E75-88BE-145DDBB1DEE8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{F9B39C39-61E0-4494-858D-465FAF84DAC7}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{C6197B0F-E16C-4FFD-8918-57A0489597FD}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{93A74CC8-2424-4934-B5D5-CFE33D537BE0}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{B33133CA-90EF-4279-B62B-A671EC0FF570}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{353E4179-E30A-46D6-A7FD-7E8885A3C25C}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{278054F6-840E-4E74-9452-74D3D5BB0FDB}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{B4F14A23-2356-4F93-AA8B-257D7BCBCD34}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{A8AE8FB5-8856-46F7-8DEC-083EF2AE9164}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{CE6E444C-CF14-4377-A99F-649756F1B980}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{92ABD225-57BD-4CA1-9CE6-C9B47F553E23}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{C943C3EC-AF84-445E-B1DE-613795259991}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{E17CFCEB-FE33-45F6-A64C-39F4251FD89C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{52DAEA37-770C-40EF-86B0-9F1238E68FF4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A6EAB930-6E26-4FB5-B155-246C44EE325B}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe FirewallRules: [{19ADC98D-44D0-4410-97AD-1DF5B511575C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Pontos de Restauração ========================= ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Warsaw - Driver (PP) Description: Warsaw - Driver (PP) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wsddpp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (08/31/2017 01:02:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/30/2017 01:45:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/29/2017 06:13:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: OUTLOOK.EXE, versão: 12.0.6680.5000, carimbo de hora: 0x51c3d112 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea91c Código de exceção: 0xc0000005 Deslocamento com falha: 0x0003224d Identificação do processo com falha: 0x1a8c Hora de início do aplicativo com falha: 0x01d320fc8ab3be82 Caminho do aplicativo com falha: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: d6d2c177-8cfe-11e7-a5fe-c86000eb4387 Error: (08/29/2017 03:10:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: OUTLOOK.EXE, versão: 12.0.6680.5000, carimbo de hora: 0x51c3d112 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea91c Código de exceção: 0xc0000005 Deslocamento com falha: 0x0003224d Identificação do processo com falha: 0x1234 Hora de início do aplicativo com falha: 0x01d320e1e63cd11e Caminho do aplicativo com falha: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: 46078126-8ce5-11e7-a5fe-c86000eb4387 Error: (08/29/2017 01:28:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: CORREIO.exe, versão: 6.4.0.94, carimbo de hora: 0x598c7d84 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea91c Código de exceção: 0xc0000005 Deslocamento com falha: 0x000533a8 Identificação do processo com falha: 0x121c Hora de início do aplicativo com falha: 0x01d320e1bccac61d Caminho do aplicativo com falha: C:\Windows\CORREIO\CORREIO.exe FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: 1ac925a8-8cd7-11e7-a5fe-c86000eb4387 Error: (08/29/2017 01:28:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: core.exe, versão: 2.8.4.40429, carimbo de hora: 0x59242548 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea91c Código de exceção: 0xc0000005 Deslocamento com falha: 0x00052d37 Identificação do processo com falha: 0x8cc Hora de início do aplicativo com falha: 0x01d320e180ef88dc Caminho do aplicativo com falha: C:\Program Files\Diebold\Warsaw\core.exe FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: 18fdbc13-8cd7-11e7-a5fe-c86000eb4387 Error: (08/29/2017 01:13:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/25/2017 02:26:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/24/2017 04:12:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: OUTLOOK.EXE, versão: 12.0.6680.5000, carimbo de hora: 0x51c3d112 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea91c Código de exceção: 0xc0000005 Deslocamento com falha: 0x0003224d Identificação do processo com falha: 0x178c Hora de início do aplicativo com falha: 0x01d31cf6ce850756 Caminho do aplicativo com falha: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: 241d3569-8900-11e7-906f-c86000eb4387 Error: (08/24/2017 01:34:41 PM) (Source: Microsoft Office 12) (EventID: 2001) (User: ) Description: Rejected Safe Mode action : Microsoft Office Outlook. Erros de Sistema: ============= Error: (08/31/2017 01:30:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (08/31/2017 01:02:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (08/31/2017 01:02:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço TeamViewer. Error: (08/31/2017 01:00:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: gbpddreg Error: (08/30/2017 01:46:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (08/30/2017 01:46:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço TeamViewer. Error: (08/30/2017 01:44:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: gbpddreg Error: (08/29/2017 01:38:31 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: O seguinte alerta fatal foi gerado: 40. O estado do erro interno é 252. Error: (08/29/2017 01:38:31 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: O seguinte alerta fatal foi gerado: 40. O estado do erro interno é 252. Error: (08/29/2017 01:28:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. CodeIntegrity: =================================== Date: 2017-08-22 14:12:29.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-22 14:12:29.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.618 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.618 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-31 19:20:08.235 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-31 19:20:08.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appid.sys because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz Percentagem de memória em uso: 42% RAM física total: 2986.3 MB RAM física disponível: 1709.34 MB Virtual Total: 5970.9 MB Virtual disponível: 3830.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:344.06 GB) NTFS Drive d: (GPBe2008) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS Drive e: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)] Drive f: () (Fixed) (Total:148.95 GB) (Free:42.49 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 13BD13BD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================
  8. Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 20-08-2017 Executado por Usuario (administrador) em CARLOS-PC (31-08-2017 14:27:46) Executando a partir de C:\Users\Usuario\Desktop Perfis Carregados: Usuario (Perfis Disponíveis: Usuario & Correios & Convidado) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: IE) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (HP) C:\Windows\System32\HPSIsvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Scopus Soluções em TI Ltda) C:\Program Files\scpbrad\scpbradserv.exe (Banco Bradesco S.A.) C:\Program Files\Scpad\scpVista.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (Scopus Soluções em TI Ltda) C:\Program Files\scpbrad\scpbradguard.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe (McAfee, Inc.) C:\Program Files\McAfee\Real Protect\RealProtect.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (VisualSet©) C:\Windows\CORREIO\CORREIO.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9874024 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [] => [X] HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-07-13] (Apple Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3487032 2017-08-22] (Dropbox, Inc.) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [818224 2017-07-11] (GAS Tecnologia LTDA) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267064 2017-07-14] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [5718904 2017-08-15] (McAfee, Inc.) Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil) Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2016-07-08] (Caixa Economica Federal) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-05-09] (Apple Inc.) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\MountPoints2: {387141f0-072f-11e2-9a13-806e6f6e6963} - D:\instala.exe SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Banco Bradesco S.A.) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1903328 2016-07-08] (Caixa Economica Federal) Startup: C:\Users\Correios\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Correio.lnk [2013-11-05] ShortcutTarget: Correio.lnk -> C:\Windows\CORREIO\CORREIO.exe (VisualSet©) Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Correio.lnk [2013-10-14] ShortcutTarget: Correio.lnk -> C:\Windows\CORREIO\CORREIO.exe (VisualSet©) Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2013-11-28] ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{521FFABB-32C5-4D4D-8DAD-0D81A737DDF0}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{72967C85-2141-4915-8831-EC2679CDED93}: [NameServer] 10.8.39.100,10.192.2.129 Tcpip\..\Interfaces\{C69525D8-E99D-4A87-8049-B401281212B4}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EDBBD74E-BCEC-4C29-80A6-6FAC52C044FF}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.transferweb.correios.com.br/sut/ect_agf/default.aspx HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000 -> DefaultScope {F1502797-1B80-46E9-886C-AE0A74397D3C} URL = hxxp://www.google.com/search?hl=en&q={searchTerms} SearchScopes: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000 -> {3326DB91-C607-4A25-AE0D-5D44540600EB} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000 -> {F1502797-1B80-46E9-886C-AE0A74397D3C} URL = hxxp://www.google.com/search?hl=en&q={searchTerms} BHO: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files\Scpad\scpsssh2.dll [2012-10-24] (Banco Bradesco S.A.) BHO: Sem Nome -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Nenhum Arquivo BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-02] (Oracle Corporation) BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2016-07-08] (Caixa Economica Federal) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-02] (Oracle Corporation) DPF: {DE64E08D-8F19-4D75-A277-855E9DE74AA5} hxxps://vpn1.correios.com.br/forticachecleaner.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 2ym6l5gq.default-1421254590344 FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 [2017-08-31] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 -> Yahoo Web FF Homepage: Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 -> hxxps://br.yahoo.com/?type=orcl_hpset FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344\searchplugins\yahoo-ysp.xml [2016-01-26] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [não assinado] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => não encontrado (a) FF HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\bb\xpi FF Extension: (GBBD Banco do Brasil) - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-05-19] [não assinado] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-02] () FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-02] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1000649665-1868635756-2260419189-1000: gastecnologia.com.br/sf/bb -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-05-19] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-1000649665-1868635756-2260419189-1000: gastecnologia.com.br/sf/cef -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-01-14] (GAS Tecnologia) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2017-08-11] <==== ATENÇÃO (Aponta para arquivo *.cfg) FF ExtraCheck: C:\Program Files\mozilla firefox\warsaw.cfg [2017-08-11] <==== ATENÇÃO Chrome: ======= CHR DefaultProfile: Default CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms} CHR DefaultSearchKeyword: Default -> duckduckgo CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2017-08-18] CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11] CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05] CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05] CHR Extension: (Favoritos do iCloud) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-08-21] CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29] CHR Extension: (Yahoo Partner) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-11-16] CHR Extension: (Skype) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-08] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14] CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2013-11-26] CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08] CHR HKLM\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-11-26] ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) "Warsaw Technology" => serviço foi desbloqueado. <==== ATENÇÃO S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2013-11-07] (Intel Corporation) S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-08-22] (Dropbox, Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2069936 2017-06-13] (ESET) R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia) S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Arquivo não assinado] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes) R2 mfevtp; C:\Windows\system32\mfevtps.exe [328704 2017-08-15] (McAfee, Inc.) R2 scpbradserv; C:\Program Files\scpbrad\scpbradserv.exe [1995208 2017-06-26] (Scopus Soluções em TI Ltda) R2 scpVista; C:\Program Files\Scpad\scpVista.exe [360624 2012-10-24] (Banco Bradesco S.A.) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [818224 2017-07-11] (GAS Tecnologia LTDA) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2013-06-28] (Atheros Communications, Inc.) R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-01-09] (Baidu, Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113512 2017-06-22] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139384 2017-05-04] (ESET) R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [67712 2017-05-04] (ESET) R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-08-26] (GAS Tecnologia) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-08-31] (Malwarebytes) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [705552 2017-08-15] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [109584 2017-08-15] (McAfee, Inc.) R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-03-12] (GAS Tecnologia) S3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2014-03-15] (GbPlugin NDIS Device Driver) R3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [115200 2010-12-16] () R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [22744 2017-08-31] (GAS Tecnologia) R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [31864 2016-11-11] (GAS Tecnologia) S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [22624 2016-11-11] (GAS Tecnologia) R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [22624 2016-11-11] (GAS Tecnologia) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-08-31 14:26 - 2017-08-31 14:27 - 000000000 ____D C:\Users\Usuario\Desktop\FRST-OlderVersion 2017-08-24 13:52 - 2017-08-24 13:52 - 000002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2017-08-24 13:52 - 2017-08-24 13:52 - 000002090 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2017-08-23 14:07 - 2017-08-23 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-08-22 14:13 - 2017-08-22 14:13 - 000000000 ____D C:\Users\Todos os Usuários\ESET 2017-08-22 14:13 - 2017-08-22 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2017-08-22 14:13 - 2017-08-22 14:13 - 000000000 ____D C:\ProgramData\ESET 2017-08-22 14:13 - 2017-08-22 14:13 - 000000000 ____D C:\Program Files\ESET 2017-08-22 13:55 - 2017-08-22 13:55 - 000043336 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-08-22 13:55 - 2017-08-22 13:55 - 000035432 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-08-22 13:55 - 2017-08-22 13:55 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-08-22 13:55 - 2017-08-22 13:55 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-08-17 14:05 - 2017-08-17 14:05 - 000351696 _____ C:\Users\Usuario\Desktop\Shortcut.txt 2017-08-17 14:03 - 2017-08-17 14:05 - 000070512 _____ C:\Users\Usuario\Desktop\Addition.txt 2017-08-17 14:02 - 2017-08-31 14:29 - 000019286 _____ C:\Users\Usuario\Desktop\FRST.txt 2017-08-17 14:01 - 2017-08-31 14:27 - 000000000 ____D C:\FRST 2017-08-17 13:44 - 2017-08-31 14:26 - 001792512 _____ (Farbar) C:\Users\Usuario\Desktop\FRST.exe 2017-08-16 12:55 - 2017-08-16 12:55 - 000000000 _____ C:\Users\Usuario\Desktop\Stinger_16082017_125525.html 2017-08-16 12:50 - 2017-08-16 12:50 - 001034108 _____ C:\Users\Usuario\Desktop\runtime.dat 2017-08-16 12:50 - 2017-08-16 12:50 - 000000114 ___RH C:\Users\Usuario\Desktop\Stinger.opt 2017-08-15 21:24 - 2017-08-15 21:38 - 000000863 _____ C:\Users\Usuario\Desktop\Stinger_15082017_212432.html 2017-08-15 16:57 - 2017-08-15 17:10 - 000000863 _____ C:\Users\Usuario\Desktop\Stinger_15082017_165702.html 2017-08-15 16:56 - 2017-08-15 16:56 - 000000825 _____ C:\Users\Usuario\Desktop\Stinger_15082017_165623.html 2017-08-15 16:56 - 2017-08-15 16:56 - 000000000 ____D C:\Quarantine 2017-08-15 14:55 - 2017-08-15 15:11 - 000000000 ____D C:\Users\Usuario\Desktop\Bebeta 2017-08-15 13:16 - 2017-08-15 13:16 - 000705552 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys 2017-08-15 13:16 - 2017-08-15 13:16 - 000328704 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe 2017-08-15 13:16 - 2017-08-15 13:16 - 000109584 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys 2017-08-15 13:16 - 2017-08-15 13:16 - 000000000 _____ C:\Users\Usuario\Desktop\Stinger_15082017_131624.html 2017-08-15 13:15 - 2017-08-16 13:05 - 000000000 ____D C:\Program Files\stinger 2017-08-15 13:15 - 2017-08-15 13:15 - 000000000 ____D C:\Program Files\McAfee 2017-08-15 13:12 - 2017-08-15 13:13 - 016472944 _____ (McAfee Inc) C:\Users\Usuario\Desktop\stinger32.exe 2017-08-14 14:32 - 2017-08-14 14:37 - 000002405 _____ C:\Users\Usuario\Desktop\ZHPCleaner.txt 2017-08-14 14:24 - 2017-08-14 14:37 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP 2017-08-14 14:24 - 2017-08-14 14:24 - 000000833 _____ C:\Users\Usuario\Desktop\ZHPCleaner.lnk 2017-08-14 14:24 - 2017-08-14 14:24 - 000000000 ____D C:\Users\Usuario\AppData\Local\ZHP 2017-08-14 14:17 - 2017-08-14 14:17 - 000004517 _____ C:\Users\Usuario\Desktop\JRT.txt 2017-08-14 13:34 - 2017-08-14 13:34 - 002852224 _____ C:\Users\Usuario\Desktop\ZHPCleaner.exe 2017-08-14 13:30 - 2017-08-14 13:30 - 001790024 _____ (Malwarebytes) C:\Users\Usuario\Desktop\JRT.exe 2017-08-14 13:23 - 2017-08-14 13:24 - 008185288 _____ (Malwarebytes) C:\Users\Usuario\Desktop\AdwCleaner.exe 2017-08-11 15:08 - 2017-08-11 15:08 - 000001576 _____ C:\Users\Usuario\Desktop\Mbam.txt 2017-08-11 14:04 - 2017-08-31 13:01 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-11 14:04 - 2017-08-11 14:04 - 000162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-08-11 14:04 - 2017-08-11 14:04 - 000085400 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-08-11 14:04 - 2017-08-11 14:04 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-08-11 14:04 - 2017-08-11 14:04 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-08-11 14:03 - 2017-08-11 14:03 - 000001984 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-08-11 14:03 - 2017-08-11 14:03 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes 2017-08-11 14:03 - 2017-08-11 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-11 14:03 - 2017-08-11 14:03 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-11 14:03 - 2017-06-27 12:06 - 000059936 _____ C:\Windows\system32\Drivers\mbae.sys 2017-08-11 13:59 - 2017-08-11 14:00 - 065033984 _____ (Malwarebytes ) C:\Users\Usuario\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe 2017-08-11 13:37 - 2008-08-18 19:18 - 000077824 _____ (Fox Magic Software) C:\Windows\system32\fmcodec.DLL 2017-08-09 14:51 - 2017-08-09 14:51 - 000019017 _____ C:\ZA-Scan.txt 2017-08-08 16:45 - 2017-08-08 16:45 - 000000000 ____D C:\zoek_backup 2017-08-08 16:43 - 2017-08-08 16:45 - 001370112 _____ C:\Users\Usuario\Desktop\ZA-Scan.exe 2017-08-08 15:45 - 2017-08-08 15:45 - 000000000 ____D C:\Users\Usuario\AppData\Local\CrashRpt 2017-08-02 14:49 - 2017-08-02 14:49 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ESET 2017-08-02 13:05 - 2017-08-02 13:05 - 000000000 ____D C:\Program Files\Common Files\Java ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-08-31 14:20 - 2013-10-14 10:19 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Scpad 2017-08-31 13:57 - 2015-06-03 17:26 - 000001012 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-08-31 13:30 - 2013-10-11 10:08 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin 2017-08-31 13:30 - 2013-10-11 10:08 - 000000000 ____D C:\ProgramData\GbPlugin 2017-08-31 13:09 - 2009-07-14 01:34 - 000022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-31 13:09 - 2009-07-14 01:34 - 000022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-31 13:03 - 2013-10-14 11:16 - 000000000 ____D C:\Windows\CORREIO 2017-08-31 13:01 - 2016-12-27 15:14 - 000022744 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2017-08-31 13:01 - 2015-06-03 17:26 - 000001008 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-08-31 13:01 - 2014-03-26 15:02 - 000001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf491d8d133394.job 2017-08-31 13:00 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-29 14:24 - 2015-11-06 10:07 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-29 13:31 - 2013-11-19 08:41 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-24 15:42 - 2013-10-15 14:18 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\TeamViewer 2017-08-24 15:25 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\system32\NDF 2017-08-24 13:52 - 2013-11-19 08:40 - 000000000 ____D C:\Program Files\Google 2017-08-23 14:08 - 2015-06-03 17:26 - 000000000 ____D C:\Program Files\Dropbox 2017-08-22 14:15 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf 2017-08-22 13:58 - 2013-10-15 14:18 - 000000000 ____D C:\Program Files\TeamViewer 2017-08-22 13:57 - 2017-07-31 13:54 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-08-15 13:12 - 2014-10-20 12:25 - 000000000 ___RD C:\Program Files\Skype 2017-08-14 13:54 - 2017-07-26 13:08 - 000000000 ____D C:\AdwCleaner 2017-08-10 13:57 - 2014-09-01 10:39 - 000000000 ____D C:\Users\Usuario\AppData\Local\Adobe 2017-08-10 13:56 - 2013-11-07 14:58 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-08-10 13:56 - 2013-11-07 14:58 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-08-10 13:56 - 2013-10-11 10:02 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-07 13:42 - 2012-09-25 14:57 - 000000000 ___HD C:\Program Files\InstallShield Installation Information 2017-08-07 13:34 - 2009-07-14 01:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-08-03 14:31 - 2013-10-14 10:09 - 000000000 ____D C:\Users\Usuario\AppData\Local\CutePDF Writer 2017-08-02 13:12 - 2013-10-11 16:27 - 000000000 ____D C:\Users\Todos os Usuários\Oracle 2017-08-02 13:12 - 2013-10-11 16:27 - 000000000 ____D C:\ProgramData\Oracle 2017-08-02 13:07 - 2014-10-17 10:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-08-02 13:07 - 2013-10-24 12:28 - 000000000 ____D C:\Program Files\Java 2017-08-02 13:02 - 2014-10-17 10:19 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll ==================== Arquivos na raiz de alguns diretórios ======= 2015-03-05 08:33 - 2015-03-05 08:33 - 000017591 _____ () C:\Users\Usuario\AppData\Roaming\unins000.dat 2013-11-26 10:37 - 2013-11-26 10:37 - 000015270 _____ () C:\Users\Usuario\AppData\Roaming\unins001.dat 2017-07-26 15:52 - 2017-07-26 15:52 - 000000218 _____ () C:\Users\Usuario\AppData\Local\recently-used.xbel 2017-07-26 13:04 - 2017-07-31 14:38 - 000007607 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg 2013-01-07 11:04 - 2011-02-23 14:22 - 000024772 _____ () C:\ProgramData\P1100DEF.css 2013-01-07 11:04 - 2011-04-04 19:25 - 000004327 ____R () C:\ProgramData\P1100OS.HTM 2013-01-07 11:04 - 2011-02-23 14:22 - 000002944 _____ () C:\ProgramData\P1100SIG.GIF Alguns arquivos em TEMP: ==================== 2015-12-09 16:27 - 2015-12-09 16:28 - 000071168 _____ () C:\Users\Correios\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpltuyub.dll 2015-11-25 08:57 - 2015-11-25 08:58 - 000585824 _____ (Oracle Corporation) C:\Users\Correios\AppData\Local\Temp\jre-8u66-windows-au.exe 2016-03-15 11:26 - 2016-03-15 12:25 - 000001284 _____ () C:\Users\Correios\AppData\Local\Temp\{CE79EF1E-76A8-4894-8CC5-5BAE2A663297}-49.0.2623.87_48.0.2564.116_chrome_updater.exe 2017-08-02 12:54 - 2017-08-02 12:55 - 000740416 _____ (Oracle Corporation) C:\Users\Usuario\AppData\Local\Temp\jre-8u144-windows-au.exe Alguns com tamanho de zero byte arquivos/pastas: ========================== C:\Windows\System32\ECTSARA_TER_EPSON_TMSERIES.dll ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-08-07 16:01 ==================== Fim de FRST.txt ============================
  9. Não... deve ser do trojan mesmo. Coloquei tudo em branco novamente.
  10. Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 16-08-2017 Executado por Usuario (administrador) em CARLOS-PC (17-08-2017 14:02:09) Executando a partir de C:\Users\Usuario\Desktop Perfis Carregados: Usuario (Perfis Disponíveis: Usuario & Correios & Convidado) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: IE) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (HP) C:\Windows\System32\HPSIsvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Scopus Soluções em TI Ltda) C:\Program Files\scpbrad\scpbradserv.exe (Banco Bradesco S.A.) C:\Program Files\Scpad\scpVista.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Scopus Soluções em TI Ltda) C:\Program Files\scpbrad\scpbradguard.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9874024 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [] => [X] HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-07-13] (Apple Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3487032 2017-08-10] (Dropbox, Inc.) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [818224 2017-07-11] (GAS Tecnologia LTDA) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267064 2017-07-14] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [5718904 2017-08-15] (McAfee, Inc.) Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil) Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2016-07-08] (Caixa Economica Federal) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-05-09] (Apple Inc.) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\MountPoints2: {387141f0-072f-11e2-9a13-806e6f6e6963} - D:\instala.exe SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Banco Bradesco S.A.) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1903328 2016-07-08] (Caixa Economica Federal) Startup: C:\Users\Correios\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Correio.lnk [2013-11-05] ShortcutTarget: Correio.lnk -> C:\Windows\CORREIO\CORREIO.exe (VisualSet©) Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Correio.lnk [2013-10-14] ShortcutTarget: Correio.lnk -> C:\Windows\CORREIO\CORREIO.exe (VisualSet©) Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2013-11-28] ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyServer: [S-1-5-21-1000649665-1868635756-2260419189-1000] => 192.168.10.69:80 AutoConfigURL: [S-1-5-21-1000649665-1868635756-2260419189-1000] => 192.168.10.69:80 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{521FFABB-32C5-4D4D-8DAD-0D81A737DDF0}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{72967C85-2141-4915-8831-EC2679CDED93}: [NameServer] 10.8.39.100,10.192.2.129 Tcpip\..\Interfaces\{C69525D8-E99D-4A87-8049-B401281212B4}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EDBBD74E-BCEC-4C29-80A6-6FAC52C044FF}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.transferweb.correios.com.br/sut/ect_agf/default.aspx HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000 -> DefaultScope {F1502797-1B80-46E9-886C-AE0A74397D3C} URL = hxxp://www.google.com/search?hl=en&q={searchTerms} SearchScopes: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000 -> {3326DB91-C607-4A25-AE0D-5D44540600EB} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000 -> {F1502797-1B80-46E9-886C-AE0A74397D3C} URL = hxxp://www.google.com/search?hl=en&q={searchTerms} BHO: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files\Scpad\scpsssh2.dll [2012-10-24] (Banco Bradesco S.A.) BHO: Sem Nome -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Nenhum Arquivo BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-02] (Oracle Corporation) BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2016-07-08] (Caixa Economica Federal) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-02] (Oracle Corporation) DPF: {DE64E08D-8F19-4D75-A277-855E9DE74AA5} hxxps://vpn1.correios.com.br/forticachecleaner.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 2ym6l5gq.default-1421254590344 FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 [2017-08-17] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 -> Yahoo Web FF Homepage: Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 -> hxxps://br.yahoo.com/?type=orcl_hpset FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344\searchplugins\yahoo-ysp.xml [2016-01-26] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [não assinado] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => não encontrado (a) FF HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\bb\xpi FF Extension: (GBBD Banco do Brasil) - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-05-19] [não assinado] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-02] () FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-02] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1000649665-1868635756-2260419189-1000: gastecnologia.com.br/sf/bb -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-05-19] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-1000649665-1868635756-2260419189-1000: gastecnologia.com.br/sf/cef -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-01-14] (GAS Tecnologia) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2017-08-11] <==== ATENÇÃO (Aponta para arquivo *.cfg) FF ExtraCheck: C:\Program Files\mozilla firefox\warsaw.cfg [2017-08-11] <==== ATENÇÃO Chrome: ======= CHR DefaultProfile: Default CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms} CHR DefaultSearchKeyword: Default -> duckduckgo CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2017-08-17] CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11] CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05] CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05] CHR Extension: (Favoritos do iCloud) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-08-21] CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29] CHR Extension: (Yahoo Partner) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-11-16] CHR Extension: (Skype) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-08-08] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14] CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2013-11-26] CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29] CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08] CHR HKLM\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-11-26] ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) "Warsaw Technology" => serviço foi desbloqueado. <==== ATENÇÃO S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2013-11-07] (Intel Corporation) S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-08-10] (Dropbox, Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2241992 2016-12-14] (ESET) R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia) S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Arquivo não assinado] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes) R2 mfevtp; C:\Windows\system32\mfevtps.exe [328704 2017-08-15] (McAfee, Inc.) R2 scpbradserv; C:\Program Files\scpbrad\scpbradserv.exe [1995208 2017-06-26] (Scopus Soluções em TI Ltda) R2 scpVista; C:\Program Files\Scpad\scpVista.exe [360624 2012-10-24] (Banco Bradesco S.A.) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [818224 2017-07-11] (GAS Tecnologia LTDA) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2013-06-28] (Atheros Communications, Inc.) R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-01-09] (Baidu, Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113544 2017-01-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [140984 2017-01-17] (ESET) R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [62528 2017-01-17] (ESET) R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-08-26] (GAS Tecnologia) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-08-16] (Malwarebytes) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [705552 2017-08-15] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [109584 2017-08-15] (McAfee, Inc.) R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-03-12] (GAS Tecnologia) S3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2014-03-15] (GbPlugin NDIS Device Driver) R3 PciSPorts; C:\Windows\System32\DRIVERS\PciSPorts.sys [115200 2010-12-16] () R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [22744 2017-08-16] (GAS Tecnologia) R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [31864 2016-11-11] (GAS Tecnologia) S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [22624 2016-11-11] (GAS Tecnologia) R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [22624 2016-11-11] (GAS Tecnologia) ========================== MD5 dos Drivers ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 é legítimo C:\Windows\System32\drivers\ACPI.sys ==> MD5 é legítimo C:\Windows\system32\drivers\acpipmi.sys ==> MD5 é legítimo C:\Windows\system32\drivers\adp94xx.sys ==> MD5 é legítimo C:\Windows\system32\drivers\adpahci.sys ==> MD5 é legítimo C:\Windows\system32\drivers\adpu320.sys ==> MD5 é legítimo C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913 C:\Windows\system32\drivers\agp440.sys ==> MD5 é legítimo C:\Windows\system32\drivers\djsvs.sys ==> MD5 é legítimo C:\Windows\system32\drivers\aliide.sys ==> MD5 é legítimo C:\Windows\system32\drivers\amdagp.sys ==> MD5 é legítimo C:\Windows\system32\drivers\amdide.sys ==> MD5 é legítimo C:\Windows\system32\drivers\amdk8.sys ==> MD5 é legítimo C:\Windows\system32\drivers\amdppm.sys ==> MD5 é legítimo C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC C:\Windows\system32\drivers\amdsbs.sys ==> MD5 é legítimo C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2 C:\Windows\system32\drivers\appid.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\athuw.sys 7141E281D840699D9D79B18F4062DD58 C:\Windows\system32\drivers\arc.sys ==> MD5 é legítimo C:\Windows\system32\drivers\arcsas.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 é legítimo C:\Windows\System32\drivers\atapi.sys ==> MD5 é legítimo C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 é legítimo C:\Windows\system32\Drivers\Beep.sys ==> MD5 é legítimo C:\Windows\System32\drivers\Bhbase.sys 36D995EE7DD05E77E50DD0DD4F953F94 C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 é legítimo C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 é legítimo C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 é legítimo C:\Windows\System32\Drivers\Brserid.sys ==> MD5 é legítimo C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 é legítimo C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 é legítimo C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 é legítimo C:\Windows\system32\drivers\bthmodem.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 é legítimo C:\Windows\system32\drivers\circlass.sys ==> MD5 é legítimo C:\Windows\System32\CLFS.sys ==> MD5 é legítimo C:\Windows\system32\drivers\CmBatt.sys ==> MD5 é legítimo C:\Windows\system32\drivers\cmdide.sys ==> MD5 é legítimo C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB C:\Windows\system32\drivers\compbatt.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 é legítimo C:\Windows\system32\drivers\crcdisk.sys ==> MD5 é legítimo C:\Windows\System32\drivers\csc.sys ==> MD5 é legítimo C:\Windows\System32\Drivers\dfsc.sys ==> MD5 é legítimo C:\Windows\System32\drivers\discache.sys ==> MD5 é legítimo C:\Windows\System32\drivers\disk.sys ==> MD5 é legítimo C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E C:\Windows\system32\drivers\drmkaud.sys ==> MD5 é legítimo C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E C:\Windows\System32\DRIVERS\eamonm.sys E4886DA861390319998F5ECAEB81A636 C:\Windows\system32\drivers\evbdx.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\ehdrv.sys 1D44C037FCE6DF6EC63112416CB54B08 C:\Windows\system32\drivers\elxstor.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\epfwwfpr.sys 1C778B69F30B1C42E1066B41667A78AF C:\Windows\system32\drivers\errdev.sys ==> MD5 é legítimo C:\Windows\system32\Drivers\exfat.sys ==> MD5 é legítimo C:\Windows\system32\Drivers\fastfat.sys ==> MD5 é legítimo C:\Windows\system32\drivers\fdc.sys ==> MD5 é legítimo C:\Windows\System32\drivers\fileinfo.sys ==> MD5 é legítimo C:\Windows\System32\drivers\filetrace.sys ==> MD5 é legítimo C:\Windows\system32\drivers\flpydisk.sys ==> MD5 é legítimoB C:\Windows\System32\drivers\fltmgr.sys ==> MD5 é legítimo C:\Windows\System32\drivers\FsDepends.sys ==> MD5 é legítimo C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05 C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 é legítimo C:\Windows\System32\drivers\gbpkm.sys 4EC1CC0AB9AC26F0C25AB23829F404C1 C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 é legítimo C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972 C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 é legítimo C:\Windows\system32\drivers\HidBatt.sys ==> MD5 é legítimo C:\Windows\system32\drivers\hidbth.sys ==> MD5 é legítimo C:\Windows\system32\drivers\hidir.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 é legítimo C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 é legítimo C:\Windows\System32\drivers\HTTP.sys ==> MD5 é legítimo C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 é legítimo C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E C:\Windows\System32\DRIVERS\igdkmd32.sys C520DD440B57DBD54A4FD1838058879A C:\Windows\system32\drivers\iirsp.sys ==> MD5 é legítimo C:\Windows\System32\drivers\RTKVHDA.sys 5294F1C52A6D8C2A15FFD2945C552736 C:\Windows\system32\drivers\intelide.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 é legítimo C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 é legítimo C:\Windows\System32\drivers\ipnat.sys ==> MD5 é legítimo C:\Windows\System32\drivers\irenum.sys ==> MD5 é legítimo C:\Windows\system32\drivers\isapnp.sys ==> MD5 é legítimo C:\Windows\system32\drivers\msiscsi.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 é legítimo C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1 C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 é legítimo C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 é legítimo C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 é legítimo C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 é legítimo C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 é legítimo C:\Windows\system32\drivers\luafv.sys ==> MD5 é legítimo C:\Windows\System32\drivers\MBAMSwissArmy.sys B72EBB5C4727E67BAFDBC7FEA5A8D49F C:\Windows\system32\drivers\megasas.sys ==> MD5 é legítimo C:\Windows\system32\drivers\MegaSR.sys ==> MD5 é legítimo C:\Windows\System32\drivers\mfehidk.sys C842498CCDB10F136AF490F28E1D6519 C:\Windows\System32\drivers\mferkdet.sys 79BF5FB818CE1C993836B0F7B89943BB C:\Windows\System32\drivers\modem.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 é legítimo C:\Windows\System32\drivers\mountmgr.sys ==> MD5 é legítimo C:\Windows\system32\drivers\mpio.sys ==> MD5 é legítimo C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 é legítimo C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25 C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E C:\Windows\system32\drivers\msahci.sys ==> MD5 é legítimo C:\Windows\system32\drivers\msdsm.sys ==> MD5 é legítimo C:\Windows\system32\Drivers\Msfs.sys ==> MD5 é legítimo C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 é legítimo C:\Windows\System32\drivers\msisadrv.sys ==> MD5 é legítimo C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 é legítimo C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 é legítimo C:\Windows\System32\drivers\MSPQM.sys ==> MD5 é legítimo C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 é legítimo C:\Windows\System32\drivers\MSTEE.sys ==> MD5 é legítimo C:\Windows\system32\drivers\MTConfig.sys ==> MD5 é legítimo C:\Windows\System32\Drivers\mup.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 é legítimo C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\gbpndisrdn.sys A5C914C5CBCFF645434535234BFCEACA C:\Windows\System32\DRIVERS\gbpndisrd.sys B7CC2AF3D5604EFDC5F82AF7A5B21FB1 C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 é legítimo C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\netaapl.sys 9213AA35BCA94EB79D366DA254E4BDF5 C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 é legítimo C:\Windows\system32\drivers\nfrd960.sys ==> MD5 é legítimo C:\Windows\system32\Drivers\Npfs.sys ==> MD5 é legítimo C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 é legítimo C:\Windows\system32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE C:\Windows\system32\Drivers\Null.sys ==> MD5 é legítimo C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0 C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4 C:\Windows\system32\drivers\nv_agp.sys ==> MD5 é legítimo C:\Windows\system32\drivers\ohci1394.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\parport.sys ==> MD5 é legítimo C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 é legítimo C:\Windows\System32\drivers\pci.sys ==> MD5 é legítimo C:\Windows\System32\drivers\pciide.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\PciSPorts.sys F1CD23597C138F9D5D87CEBD7CF59771 C:\Windows\system32\drivers\pcmcia.sys ==> MD5 é legítimo C:\Windows\System32\drivers\pcw.sys ==> MD5 é legítimo C:\Windows\System32\drivers\peauth.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 é legítimo C:\Windows\system32\drivers\processr.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 é legítimo C:\Windows\system32\drivers\ql2300.sys ==> MD5 é legítimo C:\Windows\system32\drivers\ql40xx.sys ==> MD5 é legítimo C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 é legítimo C:\Windows\System32\drivers\rdpdr.sys ==> MD5 é legítimo C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 é legítimo C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 é legítimo C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6 C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\Rt86win7.sys 5283B9A27FF230F2FF70D92451FF409A C:\Windows\system32\drivers\vms3cap.sys ==> MD5 é legítimo C:\Windows\system32\drivers\sbp2port.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 é legítimo C:\Windows\system32\Drivers\secdrv.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\serial.sys ==> MD5 é legítimo C:\Windows\system32\drivers\sermouse.sys ==> MD5 é legítimo C:\Windows\system32\drivers\sffdisk.sys ==> MD5 é legítimo C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 é legítimo C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 é legítimo C:\Windows\system32\drivers\sfloppy.sys ==> MD5 é legítimo C:\Windows\system32\drivers\sisagp.sys ==> MD5 é legítimo C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 é legítimo C:\Windows\system32\drivers\sisraid4.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\smb.sys ==> MD5 é legítimo C:\Windows\system32\Drivers\spldr.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46 C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC C:\Windows\system32\drivers\stexstor.sys ==> MD5 é legítimo C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 é legítimo C:\Windows\system32\drivers\storvsc.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 é legítimo C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3 C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3 C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B C:\Windows\System32\drivers\tdpipe.sys ==> MD5 é legítimo C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101 C:\Windows\System32\drivers\tsusbflt.sys 9CE253214ACAA5A7D323327D2055EFAA C:\Windows\system32\drivers\TsUsbGD.sys 57C527AF84748B5C2F5178C499C0B81F C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 é legítimo C:\Windows\system32\drivers\uagp35.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 é legítimo C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 é legítimo C:\Windows\system32\drivers\umpass.sys ==> MD5 é legítimo C:\Windows\System32\Drivers\usbaapl.sys A176718F0DF45F60F545CF3E14F4D108 C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46 C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041 C:\Windows\system32\drivers\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6 C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97 C:\Windows\system32\drivers\usbprint.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB C:\Windows\System32\DRIVERS\usb8023x.sys AF77716205C97E902E6C5B78DECE2CCA C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 é legítimo C:\Windows\System32\drivers\vga.sys ==> MD5 é legítimo C:\Windows\system32\drivers\vhdmp.sys ==> MD5 é legítimo C:\Windows\system32\drivers\viaagp.sys ==> MD5 é legítimo C:\Windows\system32\drivers\viac7.sys ==> MD5 é legítimo C:\Windows\system32\drivers\viaide.sys ==> MD5 é legítimo C:\Windows\system32\drivers\vmbus.sys ==> MD5 é legítimo C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 é legítimo C:\Windows\System32\drivers\volmgr.sys ==> MD5 é legítimo C:\Windows\System32\drivers\volmgrx.sys ==> MD5 é legítimo C:\Windows\System32\drivers\volsnap.sys ==> MD5 é legítimo C:\Windows\system32\drivers\vsmraid.sys ==> MD5 é legítimo C:\Windows\System32\drivers\vwifibus.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7 C:\Windows\system32\drivers\wacompen.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 é legítimo C:\Windows\system32\drivers\wd.sys ==> MD5 é legítimo C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 é legítimo C:\Windows\System32\drivers\wimmount.sys ==> MD5 é legítimo C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708 C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 é legítimo C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 é legítimo C:\Windows\System32\drivers\wsddfac.sys 07D7EAECA773498E67DF38048A8A652D C:\Windows\System32\DRIVERS\wsddntf.sys 6B8AC0C154BA413B1DA389DBB6331E7B C:\Windows\system32\drivers\wsddpp.sys 1F2FB1C5B86465DCAF92EF027A5CFC92 C:\Windows\system32\drivers\wsddprm.sys A49EA24F30B043B281B292FF33AC6074 C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-08-17 14:02 - 2017-08-17 14:03 - 000036642 _____ C:\Users\Usuario\Desktop\FRST.txt 2017-08-17 14:01 - 2017-08-17 14:02 - 000000000 ____D C:\FRST 2017-08-17 13:44 - 2017-08-17 13:46 - 001792512 _____ (Farbar) C:\Users\Usuario\Desktop\FRST.exe 2017-08-17 06:17 - 2017-08-17 06:17 - 000002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2017-08-17 06:17 - 2017-08-17 06:17 - 000002090 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2017-08-16 12:55 - 2017-08-16 12:55 - 000000000 _____ C:\Users\Usuario\Desktop\Stinger_16082017_125525.html 2017-08-16 12:50 - 2017-08-16 12:50 - 001034108 _____ C:\Users\Usuario\Desktop\runtime.dat 2017-08-16 12:50 - 2017-08-16 12:50 - 000000114 ___RH C:\Users\Usuario\Desktop\Stinger.opt 2017-08-15 21:24 - 2017-08-15 21:38 - 000000863 _____ C:\Users\Usuario\Desktop\Stinger_15082017_212432.html 2017-08-15 16:57 - 2017-08-15 17:10 - 000000863 _____ C:\Users\Usuario\Desktop\Stinger_15082017_165702.html 2017-08-15 16:56 - 2017-08-15 16:56 - 000000825 _____ C:\Users\Usuario\Desktop\Stinger_15082017_165623.html 2017-08-15 16:56 - 2017-08-15 16:56 - 000000000 ____D C:\Quarantine 2017-08-15 14:55 - 2017-08-15 15:11 - 000000000 ____D C:\Users\Usuario\Desktop\Bebeta 2017-08-15 13:16 - 2017-08-15 13:16 - 000705552 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys 2017-08-15 13:16 - 2017-08-15 13:16 - 000328704 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe 2017-08-15 13:16 - 2017-08-15 13:16 - 000109584 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys 2017-08-15 13:16 - 2017-08-15 13:16 - 000000000 _____ C:\Users\Usuario\Desktop\Stinger_15082017_131624.html 2017-08-15 13:15 - 2017-08-16 13:05 - 000000000 ____D C:\Program Files\stinger 2017-08-15 13:15 - 2017-08-15 13:15 - 000000000 ____D C:\Program Files\McAfee 2017-08-15 13:12 - 2017-08-15 13:13 - 016472944 _____ (McAfee Inc) C:\Users\Usuario\Desktop\stinger32.exe 2017-08-14 14:32 - 2017-08-14 14:37 - 000002405 _____ C:\Users\Usuario\Desktop\ZHPCleaner.txt 2017-08-14 14:24 - 2017-08-14 14:37 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP 2017-08-14 14:24 - 2017-08-14 14:24 - 000000833 _____ C:\Users\Usuario\Desktop\ZHPCleaner.lnk 2017-08-14 14:24 - 2017-08-14 14:24 - 000000000 ____D C:\Users\Usuario\AppData\Local\ZHP 2017-08-14 14:17 - 2017-08-14 14:17 - 000004517 _____ C:\Users\Usuario\Desktop\JRT.txt 2017-08-14 13:34 - 2017-08-14 13:34 - 002852224 _____ C:\Users\Usuario\Desktop\ZHPCleaner.exe 2017-08-14 13:30 - 2017-08-14 13:30 - 001790024 _____ (Malwarebytes) C:\Users\Usuario\Desktop\JRT.exe 2017-08-14 13:23 - 2017-08-14 13:24 - 008185288 _____ (Malwarebytes) C:\Users\Usuario\Desktop\AdwCleaner.exe 2017-08-11 15:08 - 2017-08-11 15:08 - 000001576 _____ C:\Users\Usuario\Desktop\Mbam.txt 2017-08-11 14:04 - 2017-08-16 15:14 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-11 14:04 - 2017-08-11 14:04 - 000162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-08-11 14:04 - 2017-08-11 14:04 - 000085400 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-08-11 14:04 - 2017-08-11 14:04 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-08-11 14:04 - 2017-08-11 14:04 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-08-11 14:03 - 2017-08-11 14:03 - 000001984 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-08-11 14:03 - 2017-08-11 14:03 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes 2017-08-11 14:03 - 2017-08-11 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-11 14:03 - 2017-08-11 14:03 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-11 14:03 - 2017-06-27 12:06 - 000059936 _____ C:\Windows\system32\Drivers\mbae.sys 2017-08-11 13:59 - 2017-08-11 14:00 - 065033984 _____ (Malwarebytes ) C:\Users\Usuario\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe 2017-08-11 13:37 - 2008-08-18 19:18 - 000077824 _____ (Fox Magic Software) C:\Windows\system32\fmcodec.DLL 2017-08-11 12:57 - 2017-08-11 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-08-10 14:03 - 2017-08-10 14:03 - 000043336 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-08-10 14:03 - 2017-08-10 14:03 - 000035432 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-08-10 14:03 - 2017-08-10 14:03 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-08-10 14:03 - 2017-08-10 14:03 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-08-09 14:51 - 2017-08-09 14:51 - 000019017 _____ C:\ZA-Scan.txt 2017-08-08 16:45 - 2017-08-08 16:45 - 000000000 ____D C:\zoek_backup 2017-08-08 16:43 - 2017-08-08 16:45 - 001370112 _____ C:\Users\Usuario\Desktop\ZA-Scan.exe 2017-08-08 15:45 - 2017-08-08 15:45 - 000000000 ____D C:\Users\Usuario\AppData\Local\CrashRpt 2017-08-02 14:49 - 2017-08-02 14:49 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ESET 2017-08-02 13:05 - 2017-08-02 13:05 - 000000000 ____D C:\Program Files\Common Files\Java 2017-07-31 15:10 - 2017-07-31 15:10 - 001178710 _____ C:\Users\Usuario\Documents\cc_20170731_150952.reg 2017-07-31 13:54 - 2017-07-31 13:54 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-07-27 15:51 - 2017-07-27 15:51 - 000081408 _____ C:\Users\Usuario\Desktop\AGF_RODOVIARIA_PB_425224_2015.XLS 2017-07-27 15:50 - 2017-07-27 15:50 - 000081408 _____ C:\Users\Usuario\Desktop\AGF_RODOVIARIA_PB_425224_2014.XLS 2017-07-27 15:47 - 2017-07-27 15:47 - 000088064 _____ C:\Users\Usuario\Desktop\AGF_RODOVIARIA_PB_425224_2013.xls 2017-07-27 15:46 - 2017-07-27 15:46 - 000088064 _____ C:\Users\Usuario\Desktop\AGF_RODOVIARIA_PB_425224_2016.xls 2017-07-26 15:52 - 2017-07-26 15:52 - 000000218 _____ C:\Users\Usuario\AppData\Local\recently-used.xbel 2017-07-26 13:45 - 2017-07-26 13:45 - 000000000 ____D C:\Program Files\Malwarebytes 2017-07-26 13:08 - 2017-08-14 13:54 - 000000000 ____D C:\AdwCleaner 2017-07-26 13:04 - 2017-07-31 14:38 - 000007607 _____ C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg 2017-07-25 14:11 - 2017-07-25 14:17 - 000078848 _____ C:\Users\Usuario\Desktop\AGF_RODOVIARIA_PB_425224.XLS 2017-07-25 14:08 - 2017-07-25 14:08 - 000001713 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-07-25 14:08 - 2017-07-25 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-07-25 14:04 - 2017-07-25 14:08 - 000000000 ____D C:\Program Files\iTunes 2017-07-24 15:52 - 2017-07-24 15:52 - 000006768 _____ C:\Users\Usuario\Desktop\86724072017.pdf 2017-07-21 15:44 - 2017-07-21 15:44 - 000122285 _____ C:\Users\Correios\Downloads\GuiaPagamento_82641692449_210720171544187096.PDF 2017-07-21 15:43 - 2017-07-21 15:43 - 000122288 _____ C:\Users\Correios\Downloads\GuiaPagamento_82641692449_210720171543402234.PDF ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-08-17 13:57 - 2015-06-03 17:26 - 000001012 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-08-17 13:42 - 2013-10-14 10:19 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Scpad 2017-08-17 13:26 - 2013-10-15 14:18 - 000000000 ____D C:\Program Files\TeamViewer 2017-08-17 13:25 - 2013-10-14 11:16 - 000000000 ____D C:\Windows\CORREIO 2017-08-17 13:25 - 2013-10-11 10:08 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin 2017-08-17 13:25 - 2013-10-11 10:08 - 000000000 ____D C:\ProgramData\GbPlugin 2017-08-17 13:24 - 2015-06-03 17:26 - 000001008 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-08-17 13:24 - 2014-03-26 15:02 - 000001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf491d8d133394.job 2017-08-17 06:17 - 2013-11-19 08:40 - 000000000 ____D C:\Program Files\Google 2017-08-16 15:20 - 2009-07-14 01:34 - 000022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-16 15:20 - 2009-07-14 01:34 - 000022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-16 15:14 - 2016-12-27 15:14 - 000022744 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2017-08-16 15:13 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-15 15:03 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\system32\NDF 2017-08-15 13:12 - 2014-10-20 12:25 - 000000000 ___RD C:\Program Files\Skype 2017-08-14 13:31 - 2015-11-06 10:07 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-11 13:37 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf 2017-08-11 12:57 - 2015-06-03 17:26 - 000000000 ____D C:\Program Files\Dropbox 2017-08-10 13:57 - 2014-09-01 10:39 - 000000000 ____D C:\Users\Usuario\AppData\Local\Adobe 2017-08-10 13:56 - 2013-11-07 14:58 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-08-10 13:56 - 2013-11-07 14:58 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-08-10 13:56 - 2013-10-11 10:02 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-08 13:25 - 2013-11-19 08:41 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-07 13:42 - 2012-09-25 14:57 - 000000000 ___HD C:\Program Files\InstallShield Installation Information 2017-08-07 13:34 - 2009-07-14 01:46 - 000001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-08-03 14:31 - 2013-10-14 10:09 - 000000000 ____D C:\Users\Usuario\AppData\Local\CutePDF Writer 2017-08-02 13:12 - 2013-10-11 16:27 - 000000000 ____D C:\Users\Todos os Usuários\Oracle 2017-08-02 13:12 - 2013-10-11 16:27 - 000000000 ____D C:\ProgramData\Oracle 2017-08-02 13:07 - 2014-10-17 10:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-08-02 13:07 - 2013-10-24 12:28 - 000000000 ____D C:\Program Files\Java 2017-08-02 13:02 - 2014-10-17 10:19 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2017-07-31 14:31 - 2014-05-19 16:47 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\inkscape 2017-07-31 14:31 - 2013-10-16 11:46 - 000000000 ____D C:\Users\Usuario\Tracing 2017-07-31 14:31 - 2013-10-15 14:18 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\TeamViewer 2017-07-31 14:27 - 2012-09-27 11:59 - 000000000 ____D C:\Windows\Minidump 2017-07-31 14:27 - 2012-09-25 13:36 - 000000000 ____D C:\Windows\Panther 2017-07-25 14:06 - 2016-09-15 15:02 - 000000000 ____D C:\Program Files\iPod 2017-07-24 14:31 - 2011-04-12 01:47 - 000707974 _____ C:\Windows\system32\prfh0416.dat 2017-07-24 14:31 - 2011-04-12 01:47 - 000147754 _____ C:\Windows\system32\prfc0416.dat 2017-07-24 14:31 - 2010-11-20 18:01 - 001641362 _____ C:\Windows\system32\PerfStringBackup.INI 2017-07-24 13:27 - 2012-10-08 12:01 - 000000000 ____D C:\Users\Usuario\AppData\Local\ElevatedDiagnostics 2017-07-24 12:54 - 2012-10-04 16:04 - 000112480 _____ C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT 2017-07-24 12:27 - 2013-10-17 11:52 - 000112480 _____ C:\Users\Correios\AppData\Local\GDIPFONTCACHEV1.DAT 2017-07-24 12:26 - 2013-10-15 17:41 - 000000000 ____D C:\Users\Correios\AppData\Roaming\TeamViewer 2017-07-24 12:26 - 2013-10-14 13:25 - 000000000 ____D C:\Users\Correios\AppData\LocalLow\Scpad 2017-07-24 09:52 - 2009-07-14 01:33 - 000418656 _____ C:\Windows\system32\FNTCACHE.DAT 2017-07-21 17:46 - 2013-10-24 12:36 - 000000000 ____D C:\Users\Correios\AppData\Local\ElevatedDiagnostics ==================== Arquivos na raiz de alguns diretórios ======= 2015-03-05 08:33 - 2015-03-05 08:33 - 000017591 _____ () C:\Users\Usuario\AppData\Roaming\unins000.dat 2013-11-26 10:37 - 2013-11-26 10:37 - 000015270 _____ () C:\Users\Usuario\AppData\Roaming\unins001.dat 2017-07-26 15:52 - 2017-07-26 15:52 - 000000218 _____ () C:\Users\Usuario\AppData\Local\recently-used.xbel 2017-07-26 13:04 - 2017-07-31 14:38 - 000007607 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg 2013-01-07 11:04 - 2011-02-23 14:22 - 000024772 _____ () C:\ProgramData\P1100DEF.css 2013-01-07 11:04 - 2011-04-04 19:25 - 000004327 ____R () C:\ProgramData\P1100OS.HTM 2013-01-07 11:04 - 2011-02-23 14:22 - 000002944 _____ () C:\ProgramData\P1100SIG.GIF Alguns arquivos em TEMP: ==================== 2015-12-09 16:27 - 2015-12-09 16:28 - 000071168 _____ () C:\Users\Correios\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpltuyub.dll 2015-11-25 08:57 - 2015-11-25 08:58 - 000585824 _____ (Oracle Corporation) C:\Users\Correios\AppData\Local\Temp\jre-8u66-windows-au.exe 2016-03-15 11:26 - 2016-03-15 12:25 - 000001284 _____ () C:\Users\Correios\AppData\Local\Temp\{CE79EF1E-76A8-4894-8CC5-5BAE2A663297}-49.0.2623.87_48.0.2564.116_chrome_updater.exe 2017-08-02 12:54 - 2017-08-02 12:55 - 000740416 _____ (Oracle Corporation) C:\Users\Usuario\AppData\Local\Temp\jre-8u144-windows-au.exe Alguns com tamanho de zero byte arquivos/pastas: ========================== C:\Windows\System32\ECTSARA_TER_EPSON_TMSERIES.dll ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente ==================== BCD ================================ Gerenciador de Inicializa‡Æo do Windows -------------------- identificador {bootmgr} device partition=\Device\HarddiskVolume3 path \bootmgr description Windows Boot Manager locale pt-BR inherit {globalsettings} default {current} resumeobject {aed7ab8e-0750-11e2-beb9-806e6f6e6963} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Carregador de Inicializa‡Æo do Windows ------------------- identificador {1fb706e9-072f-11e2-a43b-f7925abf4838} device unknown path \Windows\system32\winload.exe description Windows 7 locale pt-BR inherit {bootloadersettings} recoverysequence {1fb706ea-072f-11e2-a43b-f7925abf4838} recoveryenabled Yes osdevice unknown systemroot \Windows resumeobject {1fb706e8-072f-11e2-a43b-f7925abf4838} nx OptIn Carregador de Inicializa‡Æo do Windows ------------------- identificador {1fb706ea-072f-11e2-a43b-f7925abf4838} Carregador de Inicializa‡Æo do Windows ------------------- identificador {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 Professional (recuperado) locale pt-BR recoverysequence {1fb706ea-072f-11e2-a43b-f7925abf4838} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {aed7ab8e-0750-11e2-beb9-806e6f6e6963} Carregador de Inicializa‡Æo do Windows ------------------- identificador {1fb706ed-072f-11e2-a43b-f7925abf4838} device ramdisk=[C:]\Recovery\1fb706ea-072f-11e2-a43b-f7925abf4838\Winre.wim,{1fb706ee-072f-11e2-a43b-f7925abf4838} path \windows\system32\winload.exe description Windows Recovery Environment (recuperado) locale osdevice ramdisk=[C:]\Recovery\1fb706ea-072f-11e2-a43b-f7925abf4838\Winre.wim,{1fb706ee-072f-11e2-a43b-f7925abf4838} systemroot \windows winpe Yes Continuar da Hiberna‡Æo --------------------- identificador {1fb706e8-072f-11e2-a43b-f7925abf4838} device unknown path \Windows\system32\winresume.exe description Windows Resume Application locale pt-BR inherit {resumeloadersettings} filedevice unknown filepath \hiberfil.sys pae Yes debugoptionenabled No Continuar da Hiberna‡Æo --------------------- identificador {aed7ab8e-0750-11e2-beb9-806e6f6e6963} device partition=C: path \Windows\system32\winresume.exe description Windows 7 Professional (recuperado) locale pt-BR inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Testador de Mem¢ria do Windows --------------------- identificador {memdiag} device partition=\Device\HarddiskVolume3 path \boot\memtest.exe description Diagn¢stico de Mem¢ria do Windows locale pt-BR inherit {globalsettings} badmemoryaccess Yes Configura‡äes de EMS ------------ identificador {emssettings} bootems Yes Configura‡äes do Depurador ----------------- identificador {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Defeitos de RAM ----------- identificador {badmemory} Configura‡äes Globais --------------- identificador {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Configura‡äes do Carregador de Inicializa‡Æo -------------------- identificador {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Configura‡äes do Hypervisor ------------------- identificador {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Configura‡äes do Carregador de Retorno ---------------------- identificador {resumeloadersettings} inherit {globalsettings} Op‡äes de dispositivo -------------- identificador {1fb706eb-072f-11e2-a43b-f7925abf4838} description Ramdisk Options ramdisksdidevice unknown ramdisksdipath \Recovery\1fb706ea-072f-11e2-a43b-f7925abf4838\boot.sdi Op‡äes de dispositivo -------------- identificador {1fb706ee-072f-11e2-a43b-f7925abf4838} ramdisksdidevice partition=C: ramdisksdipath \Recovery\1fb706ea-072f-11e2-a43b-f7925abf4838\boot.sdi LastRegBack: 2017-08-07 16:01 ==================== Fim de FRST.txt ============================ Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 16-08-2017 Executado por Usuario (17-08-2017 14:03:56) Executando a partir de C:\Users\Usuario\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) (2012-09-25 17:41:26) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1000649665-1868635756-2260419189-500 - Administrator - Disabled) Convidado (S-1-5-21-1000649665-1868635756-2260419189-501 - Limited - Disabled) => C:\Users\Convidado Correios (S-1-5-21-1000649665-1868635756-2260419189-1003 - Administrator - Enabled) => C:\Users\Correios HomeGroupUser$ (S-1-5-21-1000649665-1868635756-2260419189-1011 - Limited - Enabled) Usuario (S-1-5-21-1000649665-1868635756-2260419189-1000 - Administrator - Enabled) => C:\Users\Usuario ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: ESET NOD32 Antivirus 10.0.390.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET NOD32 Antivirus 10.0.390.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated) Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Assistente de Conexão do Windows Live (HKLM\...\{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}) (Version: 5.000.818.5 - Microsoft Corporation) Componente de Segurança Bradesco (HKLM\...\scpbrad) (Version: 1.0.0 - Banco Bradesco S.A.) CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - ) Daossoft Excel Password Eraser (HKLM\...\Daossoft Excel Password Eraser) (Version: 7.0.0.1 - Daossoft) Dropbox (HKLM\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.) Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden Endereçador Escritório v2.1.2 (HKLM\...\Enderecador) (Version: - ) ESET NOD32 Antivirus (HKLM\...\{A50094CD-3CBC-40CC-9567-C313BDBE8D78}) (Version: 10.0.390.0 - ESET, spol. s r.o.) Ferramenta de Carregamento do Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) FileZilla Client 3.0.2.1 (HKLM\...\FileZilla Client) (Version: 3.0.2.1 - ) Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: 2.2.1.1119 - Foxit Corporation) GBBD Caixa Economica Federal (HKLM\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - ) GBBD Caixa Economica Federal (HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: GBBD Caixa Economica Federal - ) Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.) Google Earth Pro (HKLM\...\{09A8EA8A-9C9D-45E4-B20C-3F13C2CCD32C}) (Version: 7.3.0.3830 - Google) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) hppLaserJetService (HKLM\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (HKLM\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (HKLM\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) iCloud (HKLM\...\{B7BC92A8-B3E5-40A6-9B21-B25E4E1D98F1}) (Version: 6.2.2.39 - Apple Inc.) Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - ) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2014) (Version: 1.4 - Receita Federal do Brasil) IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2015) (Version: 1.2 - Receita Federal do Brasil) iTunes (HKLM\...\{BE5DD9B6-9DF7-4163-A39E-E2141C7A7488}) (Version: 12.6.2.20 - Apple Inc.) Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) Malwarebytes versão 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microvisual (HKLM\...\{E38B19C5-5F9C-11D7-986F-00E07DE9E5DC}) (Version: 4.00.0000 - Microvisual) Módulo de Segurança - Banco do Brasil (HKLM\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.0.2 - ) Mozilla Firefox 53.0.3 (x86 pt-BR) (HKLM\...\Mozilla Firefox 53.0.3 (x86 pt-BR)) (Version: 53.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla) PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.) Receitanet (HKLM\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados) Scan Utility220 (HKLM\...\{D5897F1B-D919-4CFF-B77B-767A5810A27D}) (Version: 2.20 - ARGOX) Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype Web Plugin (HKLM\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.) Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Suporte para Aplicativos Apple (32-bit) (HKLM\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.) TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.81460 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Warsaw 1.18.1.2 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.18.1.2 - GAS Tecnologia) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Xml Viewer (HKLM\...\{F58E04CD-6E76-43C8-AAF1-482225C2910E}) (Version: 3 - MindFusion Limited) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000010-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000011-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000013-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000014-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000015-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000017-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000018-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000019-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000100-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000101-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000103-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000105-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000106-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000107-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000108-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00000109-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025601-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025604-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025605-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025606-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025607-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025608-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00025609-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0002560A-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\Crystl32.OCX (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686AA-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686AE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686AF-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B4-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B8-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686B9-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686BD-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686BE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686C2-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686C3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BA686C7-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{13FA5947-561C-11D1-BE3F-00A0C95A6A5C}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{2200CD20-1176-101D-85F5-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\barcod32.ocx (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{2200CD24-1176-101D-85F5-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\barcod32.ocx (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{2F155EE4-C332-11CD-B23C-0000C0058192}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{35D7C407-EF75-11D1-B523-444553540000}\InprocServer32 -> C:\Windows\system32\aunzip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{35D7C408-EF75-11D1-B523-444553540000}\InprocServer32 -> C:\Windows\system32\aunzip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{41F841C1-AE16-11D5-8817-0050DA6EF5E5}\InprocServer32 -> C:\Windows\system32\SPR32X60.ocx (FarPoint Technologies, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{41F841C7-AE16-11D5-8817-0050DA6EF5E5}\InprocServer32 -> C:\Windows\system32\SPR32X60.ocx (FarPoint Technologies, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{5FEC78AE-BE49-101A-947B-00DD010F7B46}\InprocServer32 -> C:\Windows\system32\MSOUTL32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{62208F41-3D2D-11D3-8153-00C0DFC2E32C}\InprocServer32 -> C:\Windows\system32\FtpX.OCX (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{637206E2-F485-11D1-AE81-94B401C10000}\InprocServer32 -> C:\Windows\system32\azip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{648A5600-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{648A5604-2C6E-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{75347086-7260-11D1-BE46-00A0C95A6A5C}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{75C66E66-8949-11D2-BF6D-00A0C9DA4FA2}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{75C66E68-8949-11D2-BF6D-00A0C9DA4FA2}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7A080CC5-26E2-101B-AEBD-04021C009402}\InprocServer32 -> C:\Windows\system32\GAUGE32.OCX (MicroHelp, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> dwusplay.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> dwusplay.exe => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{973C8EE0-4546-11D0-86B1-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\mras32.ocx () CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{973C8EE4-4546-11D0-86B1-0020AF1EF604}\InprocServer32 -> C:\Windows\system32\mras32.ocx () CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A0E5F37E-CA67-11D1-A817-00A0C92784CD}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A1067406-EB2F-11D1-AE81-94B401C10000}\InprocServer32 -> C:\Windows\system32\azip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A1067407-EB2F-11D1-AE81-94B401C10000}\InprocServer32 -> C:\Windows\system32\azip32.ocx (Stephen Darlington) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{A8C3B720-0B5A-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B37969E0-58B1-11D2-821F-000086075197}\InprocServer32 -> C:\Windows\system32\FtpX.OCX (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4741E10-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4741FD0-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4742170-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4742180-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B4742190-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B47421A0-45A6-11D1-ABEC-00A0C9274B91}\InprocServer32 -> C:\Windows\system32\craxdrt.dll (Seagate Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{B71A485A-57D1-11D2-821F-000086075197}\InprocServer32 -> C:\Windows\system32\FtpX.OCX (Mabry Software, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{BE4F3AC5-AEC9-101A-947B-00DD010F7B46}\InprocServer32 -> C:\Windows\system32\MSOUTL32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{C4847596-972C-11D0-9567-00A0C9273C2A}\InprocServer32 -> C:\Windows\system32\crviewer.dll (Crystal Decisions) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{C7D6D444-7FDE-101B-AFF8-00AA003E1700}\InprocServer32 -> C:\Windows\system32\GAUGE32.OCX (MicroHelp, Inc.) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{D0FC8A81-2CB2-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{E0DC8C80-3486-101B-82B6-000000000014}\InprocServer32 -> C:\Windows\system32\mscomm32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{F4392542-0CFE-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2017-05-09] (Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal) ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-10] (Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-07] (Intel Corporation) ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2016-12-14] (ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {124AE4BF-4354-4242-BC5F-AFA43133B31F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {1B535138-1EDD-4796-B53B-0711A5AC34A8} - System32\Tasks\GoogleUpdateTaskMachineCore1cf491d8d133394 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {34CCC427-F9A7-461D-8C12-4B44E53EBAFA} - System32\Tasks\GoogleUpdateTaskMachineUA1cf9098cf40b53f => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {38D73D34-D5FB-4101-9011-BB8A6D614F34} - System32\Tasks\{62025C73-F502-4F19-9ACE-768E1368A1FB} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Desktop\Inst_CobrancaCAIXA.exe -d C:\Users\Usuario\Desktop Task: {430441DA-294D-4720-AE2B-F557017BD4B0} - System32\Tasks\{355DCA3E-C7FE-4EF4-95F9-EDE2D7792597} => C:\Windows\system32\pcalua.exe -a "C:\Users\Correios\Downloads\iGBPCEFsf (7).exe" -d C:\Users\Correios\Downloads Task: {54220F11-1686-4899-A8EA-0E339F1FCFCA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {5F0411C0-C313-45A2-8066-7A1CC275176F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.) Task: {62C9DDE3-1F1A-448C-9443-5020953B7CA5} - System32\Tasks\{B38BA845-256C-436C-B838-CCB9935D284D} => C:\Windows\system32\pcalua.exe -a G:\PenDrive2\Ativadores\IMPRESSORA-CUTEPDF\converter.exe -d G:\PenDrive2\Ativadores\IMPRESSORA-CUTEPDF Task: {6519A685-DC7C-43F4-806B-746985F3137B} - System32\Tasks\{1B9C65F8-83C7-4721-AA48-D26D26970134} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\Downloads\iGBPCEFsf (1).exe" -d C:\Users\Usuario\Downloads Task: {685340FF-A39B-4BCD-9915-D6BF51DEEEF3} - System32\Tasks\GoogleUpdateTaskMachineCore1d0418b48d22cff => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {893B2C03-CDC3-48C1-8F89-E6622F36DE25} - System32\Tasks\{568090BD-E064-4B54-AAAB-289E82CD182D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82TUZB4D\iGBPCEFgb.exe" -d C:\Users\Usuario\Desktop Task: {9A44EEB8-6B33-42E8-94FB-B079C8A072A9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {B3582C02-7DB6-4B9C-9330-0045E34DBAAD} - System32\Tasks\{17AFF89D-A2BE-4C94-86BA-F363E2D40E38} => C:\Windows\system32\pcalua.exe -a "C:\Users\Correios\Downloads\iGBPCEFsf (5).exe" -d C:\Users\Correios\Downloads Task: {BB9EB799-116A-4338-BCEB-471F8217719D} - System32\Tasks\{CBBAE917-BDCF-475F-BECA-407B0F3FFC94} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {CBEA7E1E-3288-42D6-B54E-98A141C4AF7F} - System32\Tasks\{0E9AFB20-151C-4A3A-A35B-F9969D756B86} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Desktop\Receitanet-1.07.exe -d C:\Users\Usuario\Desktop Task: {D94C5BD3-09B6-46CE-94B4-2DCEB4E66A1A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf491d8d133394.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Usuario\Dropbox\CobrançaUnicred.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://cobranca.unicrednne.com.br/cobv1/ ==================== Módulos Carregados (Whitelisted) ============== 2013-10-29 13:15 - 2007-07-12 22:33 - 000087552 _____ () C:\Windows\System32\cpwmon2k.dll 2012-10-08 17:39 - 2011-04-02 16:03 - 000151552 _____ () C:\Windows\System32\HP1100LM.DLL 2012-10-08 17:39 - 2011-04-02 16:03 - 000069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL 2012-10-08 17:39 - 2012-08-31 15:02 - 002306048 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\hp1100su.dll 2012-10-08 17:39 - 2012-08-31 15:01 - 000794624 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1100GC.dll 2017-07-13 20:51 - 2017-07-13 20:51 - 001041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-01 18:13 - 2016-09-01 18:13 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2007-10-17 16:20 - 2007-10-17 16:20 - 000041472 _____ () C:\Program Files\FileZilla Client\fzshellext.dll 2012-09-25 15:12 - 2011-04-09 23:40 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll 2017-08-11 12:56 - 2017-08-10 14:03 - 000753472 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll 2017-08-11 12:56 - 2017-08-10 14:03 - 001787200 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll 2017-08-11 12:56 - 2017-08-10 14:03 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd 2017-08-11 12:56 - 2017-08-10 14:06 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000125904 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 001862992 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000020432 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll 2017-08-11 12:56 - 2017-08-10 14:03 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd 2017-08-11 12:56 - 2017-08-10 14:07 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll 2017-08-11 12:56 - 2017-08-10 14:06 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd 2017-08-11 12:56 - 2017-08-10 14:07 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000022336 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-08-11 12:56 - 2017-08-10 14:07 - 000082264 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-08-11 12:56 - 2017-08-10 14:07 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-08-11 12:56 - 2017-08-10 14:06 - 003928896 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 001826104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 001972024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000171336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000042816 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000531264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000133432 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-08-11 12:56 - 2017-08-10 14:06 - 000224064 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000207680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd 2017-08-11 12:56 - 2017-08-10 14:07 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-08-11 12:56 - 2017-08-10 14:07 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-08-11 12:56 - 2017-08-10 14:07 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-08-11 12:56 - 2017-08-10 14:07 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-08-11 12:56 - 2017-08-10 14:07 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd 2017-08-11 12:56 - 2017-08-10 14:07 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000025936 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-08-11 12:56 - 2017-08-10 14:03 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll 2017-08-11 12:56 - 2017-08-10 14:05 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-08-11 12:56 - 2017-08-10 14:07 - 000030536 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.dll 2017-08-11 12:56 - 2017-08-10 14:05 - 001637688 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll 2017-08-11 12:56 - 2017-08-10 14:07 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-08-11 12:56 - 2017-08-10 14:07 - 000023368 _____ () C:\Program Files\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000546104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd 2017-08-11 12:56 - 2017-08-10 14:05 - 000357688 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd 2017-07-14 10:28 - 2017-07-14 10:28 - 001041720 _____ () C:\Program Files\iTunes\libxml2.dll 2017-07-14 10:28 - 2017-07-14 10:28 - 000080184 _____ () C:\Program Files\iTunes\zlib1.dll 2017-07-13 20:50 - 2017-07-13 20:50 - 000189752 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8] AlternateDataStreams: C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:D0526E84_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:FCE2B18F_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:FCE2B18F_Cef.gbp [2] AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [569] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2174] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""="" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\accesstage.com.br -> hxxps://www.accesstage.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\bb.com.br -> hxxps://seg.bb.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\caixa.gov.br -> imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\correios.com.br -> hxxps://vpn1.correios.com.br IE trusted site: HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\...\jus.br -> hxxps://ejus.tjpb.jus.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:04 - 2016-06-04 08:47 - 000000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Firewall do Windows está desabilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{533911FE-61F9-4AB6-95C6-F2594040196F}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{2FEA682D-3EE2-4B31-A79C-6B5C62603901}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{1E2602B1-DEBC-4FB9-8C01-71196C83758B}] => (Allow) svchost.exe FirewallRules: [{46E054C4-47C8-4660-9E99-2F20BDC82D3B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{1EE64AD0-D205-4755-AC8A-DA4B3917455A}] => (Allow) C:\Program Files\SkypeWebPlugin\SkypeWebPlugin.exe FirewallRules: [{04ECA7D8-3F50-452B-9F04-E3CE87EA95EE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{AD50CD46-63E0-42A0-B2CA-40A8B3617AC5}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{DE120D25-2BE0-413B-A1B5-934DEDBC315B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{D2CEBDB6-BB65-4E75-88BE-145DDBB1DEE8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{F9B39C39-61E0-4494-858D-465FAF84DAC7}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{C6197B0F-E16C-4FFD-8918-57A0489597FD}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{93A74CC8-2424-4934-B5D5-CFE33D537BE0}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{B33133CA-90EF-4279-B62B-A671EC0FF570}] => (Allow) C:\Users\Correios\Downloads\AnyDesk.exe FirewallRules: [{353E4179-E30A-46D6-A7FD-7E8885A3C25C}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{278054F6-840E-4E74-9452-74D3D5BB0FDB}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{B4F14A23-2356-4F93-AA8B-257D7BCBCD34}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{A8AE8FB5-8856-46F7-8DEC-083EF2AE9164}] => (Allow) C:\Users\Usuario\Desktop\AnyDesk.exe FirewallRules: [{CE6E444C-CF14-4377-A99F-649756F1B980}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{813C8379-4C9E-4CEA-B246-532C2760436D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{4E1D9CD0-58C7-4F3B-941C-A65DDDBB4D42}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{0534285E-2EB2-4F9D-935D-D9E305E8B2E8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4A4AB291-DDC9-4FEE-96AF-26964423ADFF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4C6CEE24-6E86-47B8-916D-B63950FB12DA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{9A56EB74-3868-4E0D-900E-5409C07DA23A}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe ==================== Pontos de Restauração ========================= ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Warsaw - Driver (PP) Description: Warsaw - Driver (PP) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wsddpp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (08/17/2017 01:59:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: OUTLOOK.EXE, versão: 12.0.6680.5000, carimbo de hora: 0x51c3d112 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea91c Código de exceção: 0xc0000005 Deslocamento com falha: 0x0003224d Identificação do processo com falha: 0xf38 Hora de início do aplicativo com falha: 0x01d3177581e12a35 Caminho do aplicativo com falha: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: 7c996f5a-836d-11e7-88c5-c86000eb4387 Error: (08/17/2017 01:57:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: iexplore.exe, versão: 11.0.9600.17840, carimbo de hora: 0x555fe1bb Nome do módulo de falhas: scpMIB.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x5074213b Código de exceção: 0xc0000005 Deslocamento com falha: 0x60fc59bc Identificação do processo com falha: 0x11a4 Hora de início do aplicativo com falha: 0x01d317774eaa431c Caminho do aplicativo com falha: C:\Program Files\Internet Explorer\iexplore.exe FCaminho do módulo de falhas: scpMIB.dll Identificação do Relatório: 256b5ccc-836d-11e7-88c5-c86000eb4387 Error: (08/16/2017 03:14:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/15/2017 04:46:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: OUTLOOK.EXE, versão: 12.0.6680.5000, carimbo de hora: 0x51c3d112 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea91c Código de exceção: 0xc0000005 Deslocamento com falha: 0x0003224d Identificação do processo com falha: 0x178f8 Hora de início do aplicativo com falha: 0x01d315fa39784071 Caminho do aplicativo com falha: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: 7e816f65-81f2-11e7-a0af-c86000eb4387 Error: (08/15/2017 02:32:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: core.exe, versão: 2.8.4.40429, carimbo de hora: 0x59242548 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea91c Código de exceção: 0xc0000005 Deslocamento com falha: 0x00052d37 Identificação do processo com falha: 0x8cc Hora de início do aplicativo com falha: 0x01d315dfca55267c Caminho do aplicativo com falha: C:\Program Files\Diebold\Warsaw\core.exe FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: b0e2014d-81df-11e7-a0af-c86000eb4387 Error: (08/15/2017 01:14:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: OUTLOOK.EXE, versão: 12.0.6680.5000, carimbo de hora: 0x51c3d112 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea91c Código de exceção: 0xc0000005 Deslocamento com falha: 0x0003224d Identificação do processo com falha: 0xbc0 Hora de início do aplicativo com falha: 0x01d315e050f5c2cd Caminho do aplicativo com falha: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: d615d28a-81d4-11e7-a0af-c86000eb4387 Error: (08/15/2017 01:03:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/14/2017 02:01:34 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Falha ao criar ponto de restauração (Processo = C:\Users\Usuario\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Descrição = JRT Pre-Junkware Removal; Erro = 0x80070422). Error: (08/14/2017 02:00:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/14/2017 01:35:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: OUTLOOK.EXE, versão: 12.0.6680.5000, carimbo de hora: 0x51c3d112 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea91c Código de exceção: 0xc0000005 Deslocamento com falha: 0x0003224d Identificação do processo com falha: 0x1328 Hora de início do aplicativo com falha: 0x01d3151834bc46f3 Caminho do aplicativo com falha: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE FCaminho do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: 9befc318-810e-11e7-9fe1-c86000eb4387 Erros de Sistema: ============= Error: (08/17/2017 01:25:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (08/16/2017 03:14:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: gbpddreg Error: (08/15/2017 02:32:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (08/15/2017 01:11:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (08/15/2017 01:04:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (08/15/2017 01:03:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço TeamViewer. Error: (08/15/2017 01:01:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: gbpddreg Error: (08/14/2017 02:01:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (08/14/2017 02:01:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Gbp Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar o serviço. Error: (08/14/2017 01:59:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. CodeIntegrity: =================================== Date: 2017-08-07 16:04:31.618 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.618 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-08-07 16:04:31.602 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-31 19:20:08.235 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-31 19:20:08.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-31 19:20:08.157 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appid.sys because the set of per-page image hashes could not be found on the system. Date: 2017-07-31 19:20:08.064 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_598d480629c3881b\appid.sys because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz Percentagem de memória em uso: 43% RAM física total: 2986.3 MB RAM física disponível: 1678.19 MB Virtual Total: 5970.9 MB Virtual disponível: 4144.5 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:344.08 GB) NTFS Drive d: (GPBe2008) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS Drive e: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)] Drive f: () (Fixed) (Total:148.95 GB) (Free:42.49 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BF039CB4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 13BD13BD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================
  11. McAfee Stinger Scan Results McAfee® Labs Stinger™ Version 12.1.0.2456 built on Aug 14 2017 at 00:22:14 Copyright© 2015, McAfee, Inc. All Rights Reserved. AV Engine version v5900.7806 for Windows. Virus data file v1000.0 created on Aug 14, 2017 Ready to scan for 10197 viruses, trojans and variants. Custom scan initiated on terça-feira, agosto 15, 2017 16:56:23 Summary Report on C: E: F: File(s) TotalFiles:............ 5 Clean:................. 4 Not Scanned:........... 1 Possibly Infected:..... 0 Time: 00:00:07 Scan completed on terça-feira, agosto 15, 2017 16:56:30 adicionado 3 minutos depois Ficou dando erro e ainda executei novamente. McAfee Stinger Scan Results McAfee® Labs Stinger™ Version 12.1.0.2456 built on Aug 14 2017 at 00:22:14 Copyright© 2015, McAfee, Inc. All Rights Reserved. AV Engine version v5900.7806 for Windows. Virus data file v1000.0 created on Aug 14, 2017 Ready to scan for 10197 viruses, trojans and variants. Scan initiated on terça-feira, agosto 15, 2017 21:24:32 Rootkit scan result : Clean. Summary Report on Smart Scan File(s) TotalFiles:............ 9989 Clean:................. 4224 Not Scanned:........... 5765 Possibly Infected:..... 0 Time: 00:13:33 Scan completed on terça-feira, agosto 15, 2017 21:38:05
  12. AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 14 16:41:43 2017 # Updated on 2017/05/08 by Malwarebytes # Database: 08-11-2017.1 # Running on Windows 7 Professional (X86) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Adware.Heuristic, C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 PUP.Adware.Heuristic, C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.solvusoft.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [1706 B] - [2017/7/26 16:17:4] C:/AdwCleaner/AdwCleaner[C1].txt - [1353 B] - [2017/7/26 16:32:35] C:/AdwCleaner/AdwCleaner[C2].txt - [1477 B] - [2017/7/31 18:2:5] C:/AdwCleaner/AdwCleaner[S0].txt - [1666 B] - [2017/7/26 16:11:26] C:/AdwCleaner/AdwCleaner[S1].txt - [1734 B] - [2017/7/26 16:14:54] C:/AdwCleaner/AdwCleaner[S2].txt - [1309 B] - [2017/7/26 16:29:45] C:/AdwCleaner/AdwCleaner[S3].txt - [1291 B] - [2017/7/31 18:0:18] ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Professional x86 Ran by Usuario (Administrator) on 14/08/2017 at 14:01:34,28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 24 Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJF2J1HD (Temporary Internet Files Folder) Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1PTIB9J (Temporary Internet Files Folder) Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKB9A1SS (Temporary Internet Files Folder) Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWB8ENMF (Temporary Internet Files Folder) Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IBSOR44N (Temporary Internet Files Folder) Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRP2US0A (Temporary Internet Files Folder) Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JX2CW29Y (Temporary Internet Files Folder) Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0AVMHYP (Temporary Internet Files Folder) Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ42LYWC (Temporary Internet Files Folder) Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJ21NL85 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO4RCJUS (Temporary Internet Files Folder) Successfully deleted: C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1DSUXBQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJF2J1HD (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1PTIB9J (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKB9A1SS (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWB8ENMF (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IBSOR44N (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRP2US0A (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JX2CW29Y (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0AVMHYP (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ42LYWC (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJ21NL85 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO4RCJUS (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1DSUXBQ (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14/08/2017 at 14:17:05,43 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ ZHPCleaner v2017.8.13.139 by Nicolas Coolman (2017/08/13) ~ Run by Usuario (Administrator) (14/08/2017 14:36:40) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Reparo ~ Report : C:\Users\Usuario\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Usuario\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Professional, 32-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (1) SUPRIMIDO dados: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;<local>;sara*;*.local] =>Hijacker.Proxy ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (20) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (2) MOVIDO pasta: C:\Users\Usuario\AppData\Roaming\unins000.exe [ - Setup/Uninstall] =>Adware.Pirrit MOVIDO pasta: C:\Users\Usuario\AppData\Roaming\unins001.exe [ - Setup/Uninstall] =>Adware.Pirrit ---\\ Registro ( Chaves, Valores, Dados ) (4) SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-1000649665-1868635756-2260419189-1000\SOFTWARE\Ammyy [] =>.SUP.Ammyy SUPRIMIDO chave*: HKEY_USERS\.DEFAULT\Software\Ammyy [] =>.SUP.Ammyy SUPRIMIDO chave: HKCU\Software\Ammyy [] =>.SUP.Ammyy SUPRIMIDO chave*: HKLM\SOFTWARE\Ammyy [] =>.SUP.Ammyy ---\\ Resumo dos elementos encontrados na sua estação de trabalho (3) https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2017/02/25/adware-pirrit/ =>Adware.Pirrit https://nicolascoolman.eu/2017/04/13/superfluous-ammyy/ =>.SUP.Ammyy ---\\ Dodatkowe oczyszczenie. (2) ~ Chave de registro Tracing Supprimido (2) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 943 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 7 ~ End of clean in 00h00mn31s ~==================== ZHPCleaner-[R]-14082017-14_37_11.txt ZHPCleaner--14082017-14_32_33.txt
  13. Sam Spade Desculpa aí mas o tio aqui tá ficando meio burrinho no pc, depois de velho. Não encontrei a aba do histórico mas consegui gerar um relatório de outra maneira. Não sei se é o mesmo... Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 11/08/17 Hora da análise: 14:05 Arquivo de registro: Mbam.txt Administrador: Sim -Informação do software- Versão: 3.1.2.1733 Versão de componentes: 1.0.160 Versão do pacote de definições: 1.0.2561 Licença: Grátis -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x86 Sistema de arquivos: NTFS Usuário: CARLOS-PC\Usuario -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 408794 Ameaças detectadas: 2 Ameaças em quarentena: 2 Tempo decorrido: 48 min, 58 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 1 PUP.Optional.WiperSoft, HKU\S-1-5-21-1000649665-1868635756-2260419189-1000\SOFTWARE\WiperSoft, Quarentena, [1788], [340919],1.0.2561 Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 1 PUP.Optional.WiperSoft, C:\USERS\USUARIO\DOWNLOADS\WIPERSOFT-INSTALLER.EXE, Quarentena, [1788], [340923],1.0.2561 Setor físico: 0
  14. Pessoal, boa tarde. Estou sofrendo com diversos problemas na minha máquina tais como: Lentidão, utilização de mais de 90% da memória física, infestação de malwares tipo duckduckgo no navegador do Chrome. Fiz a verificação com o ZA-SCAN e o log gerado foi o seguinte: ZA-Scan V1.0.0.5 Updated 30-09-2015 Tool run by Usuario on 09/08/2017 at 14:38:16,05. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Usuario\Desktop\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Windows\system32\DbxSvc.exe C:\Windows\system32\HPSIsvc.exe C:\Program Files\scpbrad\scpbradserv.exe C:\Program Files\Scpad\scpVista.exe C:\Program Files\TeamViewer\TeamViewer_Service.exe C:\Program Files\Diebold\Warsaw\core.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DllHost.exe C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\Windows\system32\taskhost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\scpbrad\scpbradguard.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dropbox\Client\Dropbox.exe C:\Program Files\Diebold\Warsaw\core.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files\Dropbox\Client\Dropbox.exe C:\Program Files\Dropbox\Client\Dropbox.exe C:\Windows\CORREIO\CORREIO.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\TeamViewer\TeamViewer.exe C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\TeamViewer\tv_w32.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Users\Usuario\Desktop\ZA-Scan.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\RunDll32.exe C:\Users\Usuario\AppData\Local\Temp\ZAScan.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServicePeerNet ==== Drivers(whitelist) ====================== Powered by E Dev R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys R0 - [Bhbase] - Baidu Hook Base - C:\Windows\system32\Drivers\Bhbase.sys R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys R0 - [GbpKm] - Gbp KernelMode - C:\Windows\system32\Drivers\GbpKm.sys R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x] R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys S0 - [gbpddreg] - Gbpddreg svc - C:\Windows\system32\Drivers\gbpddreg.sys [x] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1000649665-1868635756-2260419189-1000\Software\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "HPUsageTrackingLEDM"="C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe C:\Program Files\HP\HP UT LEDM\" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Dropbox"="C:\Program Files\Dropbox\Client\Dropbox.exe /systemstartup" "Diebold - Warsaw"="C:\Program Files\Diebold\Warsaw\core.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" ==== Startup Folders ====================== 2013-11-05 18:16:36 867 ----a-w- C:\Users\Correios\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Correio.lnk 2013-10-14 14:16:21 867 ----a-w- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Correio.lnk 2013-11-28 17:14:53 1242 ----a-w- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\DropboxUpdateTaskMachineCore.job --a------ C:\Program Files\Dropbox\Update\DropboxUpdate.exe [07/11/2016 12:38] C:\Windows\tasks\DropboxUpdateTaskMachineUA.job --a------ C:\Program Files\Dropbox\Update\DropboxUpdate.exe [07/11/2016 12:38] C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf491d8d133394.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [27/08/2015 13:50] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\system32\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore1cf491d8d133394" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore1d0418b48d22cff" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA1cf9098cf40b53f" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 user_pref("browser.startup.homepage", "https://br.yahoo.com/?type=orcl_hpset"); user_pref("browser.search.defaultenginename", "Yahoo Web"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "quickprint@hp.com"="C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension" [26/01/2011 14:27] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [19/05/2015 14:55] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\2ym6l5gq.default-1421254590344 EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash 1F167F98797F850B30498C130EAD8463 - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat 2D45A8274592D965EDFB62ACCB1150B1 - C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll - Google Update 8B748A2C8282CAC6FD0323787D69A3EF - C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll - Skype Web Plugin BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight 257E7BD1D90C987F5F2DDC1CCB185DC3 - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal 406106D91D3F86FD34EC194940855746 - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal 7E22425470F2072890C5747F07628846 - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions kpdmjodecdegfglgaapafjleomjjlpnh - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[08/01/2016 10:47] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nnjbodopomfddehlalfilheomcahbpei - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[24/10/2013 15:52] Google Docs - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Docs Offline - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi GBBD Banco do Brasil - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkafhcogdnfhkmiepeebkkdbdphnjfll Search and New Tab by Yahoo - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh Skype - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Chrome Web Store Payments - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda GBBD Caixa Economica Federal - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi Gmail - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Correios\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm Google Docs - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf iCloud Bookmarks - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah Google Docs Offline - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Search and New Tab by Yahoo - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh Skype - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Chrome Web Store Payments - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda GBBD Caixa Economica Federal - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei Gmail - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.transferweb.correios.com.br/sut/ect_agf/default.aspx" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{F1502797-1B80-46E9-886C-AE0A74397D3C}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {3326DB91-C607-4A25-AE0D-5D44540600EB} Yahoo Search Url="https://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default" {F1502797-1B80-46E9-886C-AE0A74397D3C} Google Url="http://www.google.com/search?hl=en&q={searchTerms}" ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.69:80 O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll O16 - DPF: {DE64E08D-8F19-4D75-A277-855E9DE74AA5} (cachecleaner Class) - https://vpn1.correios.com.br/forticachecleaner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{72967C85-2141-4915-8831-EC2679CDED93}: NameServer = 10.8.39.100,10.192.2.129 ==== EOF on 09/08/2017 at 14:51:20,65 ====================== ZA-Scan.txt

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×