Ir ao conteúdo
  • Cadastre-se
Grafitepf

Cmd.exe abrindo sozinho

Recommended Posts

Boa Noite, Preciso de uma ajuda..enquanto estou utilizando o notebook às vezes abre uma tela do dos com algo relacionado ao cmd.exe. A tela abre e logo em seguida fecha não sendo possível ler o que está escrito, só consegui visualizar esse arquivo sendo executado. O pc também tá ficando lento e às vezes quando clico em processos tem uns cincou ou seis cmd em execução. Podem me ajudar? Em anexo o log do pc. valeu!

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Grafitepf

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

olá diego_moicano, Eu passei o adwcleaner..quando ele reiniciou abriu o so e também uma tela do dos do cmd.exe que ficava só dizendo: comando inválido, porém fechei a janela e o pc continuou normal.  Baixei e coloquei pra rodar o jrt mas ele ficou umas quatro horas rodando e não terminou..isso é normal? Segue o log do adwcleaner. 

# AdwCleaner v6.030 - Relatório criado 06/11/2016 às 22:02:05
# *Updated on 19/10/2016 by Malwarebytes
# Banco de dados : 2016-11-05.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64)
# Usuário : Andressa - ANDRESSA-PC
# Executando de : C:\Users\Andressa\Downloads\adwcleaner_6.030.exe
# Limpar
# Apoio : hxxps://www.malwarebytes.com/support

***** [ Serviços ] *****

[-] Políticas do IE excluídasesgiguard


***** [ Pastas ] *****

[-] RestauradoC:\Users\Andressa\AppData\Local\BoBrowser
[-] RestauradoC:\Users\Andressa\AppData\Local\genienext
[-] RestauradoC:\Users\Andressa\AppData\Local\globalUpdate
[#] *Folder deleted on reboot: C:\Users\Andressa\AppData\Local\Mobogenie
[-] RestauradoC:\Users\Andressa\AppData\Roaming\Funmoods
[-] RestauradoC:\Users\Andressa\AppData\Roaming\IminentToolbar
[-] RestauradoC:\Users\Andressa\AppData\Roaming\newnext.me
[-] RestauradoC:\Users\Andressa\AppData\Roaming\UpdaterEX
[-] RestauradoC:\Users\Andressa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
[-] RestauradoC:\Program Files\Enigma Software Group
[-] RestauradoC:\ProgramData\apn
[-] RestauradoC:\ProgramData\IePluginService
[#] *Folder deleted on reboot: C:\ProgramData\ShopperPro
[-] RestauradoC:\ProgramData\Trymedia
[-] RestauradoC:\ProgramData\WPM
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\IePluginService
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\ShopperPro
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\Trymedia
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\WPM
[-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] RestauradoC:\Program Files (x86)\AnyProtectEx
[-] RestauradoC:\Program Files (x86)\ClearThink
[-] RestauradoC:\Program Files (x86)\GOSafer
[-] RestauradoC:\Program Files (x86)\myfree codec
[-] RestauradoC:\Program Files (x86)\RBM
[#] *Folder deleted on reboot: C:\Program Files (x86)\SupTab
[-] RestauradoC:\Program Files (x86)\webget
[-] RestauradoC:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh
[-] RestauradoC:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plnkhmnoajbfccclonaeepohggeolcih
[-] RestauradoC:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh
[-] RestauradoC:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf


***** [ Arquivos ] *****

[-] RestauradoC:\Users\Andressa\daemonprocess.txt
[-] RestauradoC:\Users\Andressa\AppData\Local\AnyProtectScannerSetup.exe
[-] RestauradoC:\Users\Andressa\AppData\Local\funmoods-speeddial.crx
[-] RestauradoC:\Users\Andressa\AppData\Roaming\aps.scan.quick.results
[-] RestauradoC:\Users\Andressa\AppData\Roaming\aps.scan.results
[-] RestauradoC:\Users\Andressa\AppData\Roaming\aps.uninstall.scan.results
[-] RestauradoC:\Windows\SysNative\roboot64.exe
[-] RestauradoC:\END
[-] RestauradoC:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
[-] RestauradoC:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plnkhmnoajbfccclonaeepohggeolcih_0.localstorage
[-] RestauradoC:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nafaimnnclfjfedmmabolbppcngeolgf_0.localstorage


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Tarefas agendadas ] *****

***** [ Registro ] *****

[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Plus-HD-2.3-bg.exe]
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Plus-HD-1.6-bg.exe]
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2c07abd7-9804-4c93-a2c6-14b33613561b}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3c9e7498-e675-4359-88ee-02a748349c31}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{400ee58e-1673-4048-a074-67ea6ded1b73}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{469bcb91-8135-4010-8e21-4741faca0cbc}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{532e828e-737f-4a4e-9824-65c375f5aad6}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56cc0271-9f41-4169-be9e-e97061e5f202}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{838b90e7-2ae4-4c06-bb01-0450ddfa2c4c}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{842e4c08-75fa-4f60-a73d-3f36be55e477}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8f496e47-4884-46c6-8847-4d411e638933}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95596884-7bc5-4e95-a4e4-25d5a211d012}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{da3e32fb-c6e7-4a6c-b4e5-677a98c9f020}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dbf40b41-304b-4d39-8681-f90c01d15672}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f4a5c256-51d3-4ad8-9a0f-6a0519c5c269}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10C3C609-91D-4D2E-8610-30799F3423CF}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10DC4E12-5ABB-4835-82DF-F010771D9F90}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10FBA02D-6BAA-4EC7-827C-50789DD21A5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{118A96AB-F9DA-4DF9-984-7FF69FA2F392}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11A2337B-3C47-4F4E-9AF7-54FDA1E71856}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11D4C3BC-8916-4D79-A838-3D1D3A6C59D2}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13B26F78-9AF8-46DA-B318-6AFB9DC8A6A}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14E5A2BA-B4F-4A75-BA64-FE4782996D84}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16C1B275-F00C-44A5-9D89-F9AFEADDC891}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FB18AF-B8E9-4005-8F93-395B49CD9FD5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{174898C3-398-4509-B25A-2E3BF1A46B2}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17BC6E9-FBF1-44CF-AD7C-8137181C9FF4}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17E721CD-3C74-4F7E-96C5-AD79153F4073}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{193EA6A7-5E85-4773-B2EE-91974F5373C}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{195C1EC9-6B00-4EA2-9E4-F4B40A0A1C8}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19EE25CF-12AE-44F7-BEE7-5106F736DD}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19FF33A7-88BE-45DD-BBBE-D274E8F7EE3}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BD1B891-A78A-419A-88C-C6A85636A866}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C4AB47E-AC57-43F4-AF36-46DAF4FA45CF}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CF693FB-F8A1-4B48-B06C-51F8B433CEA6}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DA68BD-24B6-47AA-BD2B-765646E4806D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20C4C330-37E6-4999-B6F-DF5D6C84C719}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20E3BE19-8086-43BB-BB64-DA3499916619}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21ACAE7A-1A61-4605-9EBE-523AEDDEA970}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23A3F66E-8917-47A1-AC5D-F49DB956066}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24873DEA-A7C7-4E41-9C48-98E9A54D17D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25C90AA1-D8E6-421C-AE9D-C536557EC75D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28841D8A-7FBC-4CCB-B520-73609AC38B5F}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28EA7C2E-DDBA-45E4-9795-3E873BF355E}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ADCB2F8-3E3-4F4F-B55C-87117F6CED75}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B1D4C7B-F5F8-45FB-AF29-F6662965AD56}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CA7BA92-15ED-420F-AE1B-FC34A34560CD}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CD70B44-2AD6-468D-B5AE-E7F1642EF484}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E7AAE46-896-438D-B8AD-15EC0AF3091}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EEA21CF-B6EA-497F-97DD-82DBCC2AABF3}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F3E209F-F231-4B53-9BCA-567529EA2D69}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FE26E1A-A3D6-44F8-801-3573496F163E}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{304A803D-326-4B39-8987-433CFDD1CB25}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3079E05D-2FFD-45E8-A1B7-6126D741F5A}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30FFD1B9-7D61-41F3-8C62-C3A5B543071}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3368B542-E0FF-4CE7-98A4-956E3F1998DF}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34BA7CF1-401F-42C3-BDD-4CCD8C7055D4}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3622E4F0-2D7F-446F-8EC2-50F94FD8227E}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36C6DCE0-13B2-4D37-B23-AB61301F4FC9}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37BD45EA-6914-4C71-AA87-C267A2C4F362}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38DAE8DE-A2AB-43B2-B8C3-A1CC89B0C7DB}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AAFD6EB-B537-4505-8DC2-E3B7CBE1D237}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B39FF1B-46A0-4A5F-948F-50D02CE01C8}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E3151A4-DF8-43EE-96E-5AA55C7D524E}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{402513C0-9CCC-4E71-B082-445FB2D31C63}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40297E81-3D56-49D4-81DB-65215753522A}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{405C9293-BBD7-4068-AD77-6C387F35E1AA}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42DDE36E-440E-4FA5-85CD-16CEFF96D3B}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{431E8894-4D6-4514-8285-33DB32AFC611}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{441192F6-420-4A4D-A049-FCF77587F5E8}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45C068E7-9250-4A13-A1A6-93F6649DD6E}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45F8562E-C0BE-49C6-82FB-974EC3F380DA}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{472523AE-D1C1-4E45-BDDA-47169F4966AB}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{473B9C64-4E25-461E-9B6C-DDE03C27A0}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47910551-F1D-4D86-BC74-EF8290DE31D5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B8AC98C-E17E-448F-82C3-9F43816582E8}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E18E0F4-1679-4F3B-931-343F79628DD0}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EB47457-8A77-4F84-A14E-406343BFD25}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F240942-59E3-45CD-8346-5286589CFF97}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F92E9CB-F9AB-49EF-BCD8-149453B69E7}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FDC8220-A9A7-46E1-812-EF3EBAB6BD96}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5029DDF8-D0C4-4EEE-B8D-FDF1856388}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5174E33A-A626-46C4-9A4F-7F3F6CF2C190}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{517DB9D3-719E-4552-AD1F-C871277BB866}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{525BD62F-981C-46C3-ACEA-38D62E995EC}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52861C40-962-4004-9956-B052905E31B}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5330167B-50AB-45AF-A39D-8CE3E17B75E2}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53B6FF83-FB85-4078-B6F8-E117B9786EF}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5565C149-C5D2-4277-A068-278DBD46F2BB}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{558B4AD2-C17-4B18-9887-572B67CE3B7}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55BAD839-5BA7-4DFE-B0A4-DC0586C3452}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56A30875-D35F-4718-90FD-321E43766D5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5794A03C-2518-47A6-80F-6F4DFBEF1FD}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AB902FB-DBBE-4418-9C43-8818CB3B7BAC}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BAE3EAF-B183-4D92-9DD3-2A475A16160}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C1B5B5C-C14E-49DF-BA5A-6D46E79B94CB}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CA563A1-F4A4-4BBE-AC86-829D5C712C72}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CEDD4DB-6669-40AB-8464-7FC071ED4A62}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D13A626-1AE6-4EC3-8F29-979236127A59}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D79A279-E4B2-4BA0-BDBD-8F3AEDFDCE9D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62613FF1-252D-4D1F-A614-7C597EE29A57}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6272720E-6C9D-4B50-AF32-CC796A740E3}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65FD011D-6B-45D4-B272-FD876067AA5C}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6662BB66-A351-43E5-8187-E3814D10D1A0}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67BAA2FD-3F69-4438-8D9B-886C8148B196}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B2C900-1EFC-490B-B8F6-C5E9F4A4C64C}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CB3705B-CD61-44B4-9D89-5F1E2374B090}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F5A032D-9165-4F56-91D2-6A2991D817A2}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F897717-5016-4CF6-82B5-4BBEDEBEB3D5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FD59B5A-473-4215-902D-4B7BF6B3F42D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{702B04ED-8882-4DA7-BD20-65DAD5FA3692}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{703301B4-D299-4F1C-8996-3159AE9398D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{706E4CF6-2700-433D-B667-66ECEB6D3E2}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70ED6E05-723C-40D3-821A-AE3DA11FAAB}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72074143-C980-482C-AD8C-3FF895DE4871}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B828A7B-90DE-4B49-8129-399DE1E734DC}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CE62ADA-61FE-449F-A6D-2063254BE598}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E45E8FC-B566-4753-B4CC-C2CFE36219B8}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8162703E-A5C5-433D-9629-FBE751A69A82}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82F7FF37-FCDE-4741-8187-8F3EE05FF6D5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85499F60-F744-48DD-AD9D-A3736A81B412}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{865F8953-690C-4C2B-A136-60B91A1132CF}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8755E4EB-AA82-4547-A9BC-4DCDD1D74B82}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A706A0-787D-476B-8657-B1DBEDFFDC2C}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87FE373F-AA5A-42B4-AFDB-E66FBB5E4146}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89163B36-91E5-4380-B64C-BCDA42765E91}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89210F0B-92E2-426E-91B1-46D4E39985F}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89A1E6CE-D0BF-4F7D-80BE-6B87BD8953CE}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A581D1A-DFE8-456C-B116-17D265152D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A9D0AD1-43AC-4439-BE6-ED8DC5DA6A30}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C4853BC-EF59-4CC6-909B-38595D215A5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CE77A6D-2537-47E8-8AAC-FC708FB9336A}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E3B2639-5A97-4690-8C1C-916D313ECF5F}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F4B301A-6C72-4AC1-A440-E621F26FEE4F}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F62527C-A30C-4B78-92AD-793AFAC4A85}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91A68C01-9AEC-4354-9170-2E46F8FC5113}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{924EEAC4-A86B-417A-BC96-24D692DDEF8}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{932D0A42-369D-4D91-966B-834CE5AADEF9}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93A01362-615-40B4-B57D-7FB6E42AC09F}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{942BD736-66D1-47F4-91ED-BB38F0261BD2}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94497633-987B-4755-AF74-82C243692781}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95456839-2B80-41F9-A371-104A515FBB86}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{961C85DF-8F31-4E55-B01F-F5C23981AD8}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{968F7094-26FA-4B80-ABAD-748A22D22A6}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{984C556-8C06-4EEE-8865-9559FC9FE8C6}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E79644F-D4BF-4723-AD21-73DAA2A961FC}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F24DF9F-1C13-40CD-8242-2FD5ECDAB9AC}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F2FC429-FE08-4AE5-B246-8655F4E0E5E2}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FD58DE2-DA5-454B-A9F5-D577654A4276}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A044530-919C-4FA8-9FA5-1F6065FCE217}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A275C095-7D24-43D2-95A8-7F5725192295}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A41071C5-CF53-4D15-B5CA-3E51A8A4F33}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5D07205-8281-4762-9FA-1DB584B0B95B}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A65FE2AF-DFB9-47D9-964F-E152F328082}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A847FEC9-3625-4513-9A2B-83C25C78ABB2}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A874D7E1-6BDF-4D41-8F1E-3A37501DDA80}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8EB969E-F04E-48A0-96CA-BDA3AD47931}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8F5AD40-CD38-4D42-B8BF-A9A9E322ECD}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9376FE7-FE7E-43C5-8B72-F5F48B24A416}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABB5865-CD97-46EB-8431-9B27FE47DF8A}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC3CD488-98D2-4716-A676-5536A463DAD}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE8B02E6-A5DF-4224-97F7-6D35B3C44B87}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEC3BA1-49F2-488C-A8A1-8C30873F384A}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF597910-EFCA-44D5-9D50-060A7223B8C}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFC0E89B-3501-4BA2-8F2F-B53C272F4118}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFD2C2D4-48FB-4315-8F2B-2FB14D29AEC9}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFD58AA2-E30-47B2-A6B7-F9D59659E82}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B03E631F-A068-4ECA-B7B6-6B9B4550E719}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1E202CB-A21-4B1F-9D2-F0D2EF2059BC}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2408208-12F9-422F-BA39-7DD96D96CF54}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2B3FE2F-BF86-4190-B382-39AA5094943E}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D92FB6-D877-49BC-9EC1-7C2AB37C3A45}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3399EFA-AAB4-4A33-9462-9B7F975092E2}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B36F7B20-F342-4E9A-BED2-D76E9585FBDB}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B59BA379-D186-416B-9F34-628E9123A08F}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7D53151-40D0-4F1E-84C6-BEC24418D5AC}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9E5F12B-389F-4B31-A8E4-728C96621221}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA4FBB2D-75AD-4DD8-B0D3-E2F07D22754}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAA6E003-1A86-438D-A261-C61BD13424B}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB0A46B4-7710-4630-94D8-AEB7637F723D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBB22D5B-E8E9-4208-B18D-843A166C6BFA}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF107E09-6DB5-4DB8-8C6A-3AFFC3703F82}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF6521B-5DFE-4A17-B55F-8136A21FAEC}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1370D56-FEF7-4ED6-8524-3057348A577D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1A1E331-3470-4ACB-83CF-3FE41E19F183}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2388AAB-3F32-46B7-916E-95372E16F074}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2A0C917-CB3B-45C0-B1F-751B84B830C1}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C35E836D-4D97-4A49-AF6E-69B9EA63DEF8}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C394A62C-11F0-465D-93C8-1FCB999FB1C2}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3C80DF3-F39F-49E7-B985-ED53346FAC8E}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C490DB2-28E-4E5A-8C72-C518877D1B86}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4F70250-833A-476D-8CB0-FC4BD3DC7FD}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB733660-AB8B-4B1E-86B3-E15D37913D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD25879B-11CE-4972-873B-58D2F52ED034}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD344EB-4A4D-4C46-BD26-DF70F0BE257E}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFE6B5A3-1342-412B-924-96578598076}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D02471C4-76DC-4D55-BD6F-A7A4FD1527}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D06F6B27-5AD1-4947-ACCD-FCC14C5ADB8C}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D29D78B-E2FC-4A5A-BEE5-87CCEC8C7F5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D351696-3F79-43F8-9F66-451FC0AA25FC}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D355BAF4-28B0-492B-B2C3-CBD86EE68090}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D429795B-A26E-4CEE-893F-855A6653CE68}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D488AF79-D87E-4454-B818-3299EFF3913C}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5097197-F60-4EFB-9E5B-F4AFBE806DA5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D55B58C9-140C-4352-A057-7513257A5589}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D585A38C-BBAC-480C-BC1D-368F9485711F}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8DAAE9D-1D05-409D-98B9-4A42D97E391}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D91F0F59-2F16-47ED-8A47-12109ED91079}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA369B35-99A0-4E18-9BB2-25C4C8CA1E1C}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCD3AC14-12BA-4761-80EB-C3A8FAD1E5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCDF0078-174F-46D2-89AB-55A0C1943A8}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFD07CD6-2C2A-4A65-94FB-A1AFF8ACE13F}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFD51639-6AEE-4353-9FD6-BF55F3AE8E2D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1133B03-F654-423B-8157-152EE55562AF}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E11A7091-E8A4-4AB9-AC56-436AC2C3F1B}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E169CB3D-6882-4FBB-93C3-2D7C7D67DD1}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2058815-CF4C-4C6C-9E7B-F13BA863CFA0}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E31AFB26-A2E7-4DD5-8F2B-37CFC771833}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3F6562C-1368-4A65-AA11-AC791377FC21}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E41CF5D0-8A56-403E-AE70-4FDEA23771AF}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E446766C-BB38-4F64-9972-B0B3BB99E53C}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4C699F0-71A4-4831-815E-68739407E70}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E56E96DF-D9A6-4745-8997-E5A2813D10E5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E61040CD-2573-4109-BD82-E5E1D59FE025}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E85FBB6C-DE5D-4B42-B57E-908FD0AD3E2D}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA5ADCD4-D797-436A-B32F-1FC91DA3624}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC43AEB4-BD1B-4780-ACEE-851F5361A}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED825110-9F3-42D0-BC24-142C585415BC}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDBE2A54-79F0-4776-9614-786F5295DDB5}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F17094F1-678D-4D4B-8FB2-2E57AECBE74E}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2297BD0-B512-4D8B-ABFC-3A6830E7E9A3}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F532D7D-760E-4CA8-AC2-DCA82EAC8B7}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F588AE6F-39A8-4D4F-82B6-56D9A62A57AC}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5D88639-B337-43AB-BF1C-45CA1348B1F}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F65AED6A-DEAC-4A5C-906C-E440A5A3B8BF}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F65B035E-7D71-41EF-868A-574ECF7383A1}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F670D82B-E7D9-44EC-BE53-5F3CD38AB078}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F67B225-2193-487D-AF11-12CEF715952}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6CCBFF0-709F-411B-B36A-EF78F37C7676}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F714AE96-3F18-4BB0-B7B1-74748F353DB7}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F75C2B49-D2CC-45E5-BECB-2346999BBCA6}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7AFD6FC-CF21-49E1-8A64-7EC047C789F}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9328AA5-9563-4DFF-BE3A-765BDE704F}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA765A75-990E-41FE-845C-8E4ECB5DD096}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAAF97A3-2894-4F87-B7E1-4D405F596288}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC369786-95E2-4005-B1F3-951E2466B7A9}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC4E0C9C-7D79-493A-81C0-089C327DFD}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD2CBCA9-CBE5-4696-AD8F-691F6078C7BB}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD9EF9FD-E496-4874-8938-CAC63256509}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEBAB0B-3501-4E4E-81CF-7240C8754D8A}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFEEBE68-BC3A-4250-9ED4-4144F250E7BA}
[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\IePluginService
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\IePluginService
[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wpm
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wpm
[-] RestauradoHKLM\SOFTWARE\Classes\BaiduSparkHTML
[-] RestauradoHKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] RestauradoHKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] RestauradoHKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] RestauradoHKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] RestauradoHKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] RestauradoHKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] RestauradoHKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] RestauradoHKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\BaiduSparkHTML
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] RestauradoHKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] RestauradoHKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] RestauradoHKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
[-] RestauradoHKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] RestauradoHKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] RestauradoHKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] RestauradoHKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] RestauradoHKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] RestauradoHKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] RestauradoHKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] RestauradoHKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
[-] RestauradoHKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
[-] RestauradoHKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] RestauradoHKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] RestauradoHKU\.DEFAULT\Software\Goobzo
[-] RestauradoHKU\.DEFAULT\Software\PennyBee
[-] RestauradoHKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\AnyProtect
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\BoBrowser
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\GlobalUpdate
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\InstallCore
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Linkey
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\lollipop
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Media Get LLC
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Myfree Codec
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Optimizer Pro
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\simplytech
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Softonic
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\UpdaterEX
[#] *Key deleted on reboot: HKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\SIMPLYTECH
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\AppDataLow\Software\Crossrider
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\AppDataLow\Software\simplytech
[#] *Key deleted on reboot: HKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\AppDataLow\Software\SIMPLYTECH
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\Goobzo
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\PennyBee
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] *Key deleted on reboot: HKCU\Software\AnyProtect
[#] *Key deleted on reboot: HKCU\Software\BoBrowser
[#] *Key deleted on reboot: HKCU\Software\GlobalUpdate
[#] *Key deleted on reboot: HKCU\Software\InstallCore
[#] *Key deleted on reboot: HKCU\Software\Linkey
[#] *Key deleted on reboot: HKCU\Software\lollipop
[#] *Key deleted on reboot: HKCU\Software\Media Get LLC
[#] *Key deleted on reboot: HKCU\Software\Myfree Codec
[#] *Key deleted on reboot: HKCU\Software\Optimizer Pro
[#] *Key deleted on reboot: HKCU\Software\simplytech
[#] *Key deleted on reboot: HKCU\Software\Softonic
[#] *Key deleted on reboot: HKCU\Software\UpdaterEX
[#] *Key deleted on reboot: HKCU\Software\SIMPLYTECH
[#] *Key deleted on reboot: HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] *Key deleted on reboot: HKCU\Software\AppDataLow\Software\Crossrider
[#] *Key deleted on reboot: HKCU\Software\AppDataLow\Software\simplytech
[#] *Key deleted on reboot: HKCU\Software\AppDataLow\Software\SIMPLYTECH
[-] RestauradoHKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] RestauradoHKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] RestauradoHKLM\SOFTWARE\Clara
[-] RestauradoHKLM\SOFTWARE\FlvPlayer
[-] RestauradoHKLM\SOFTWARE\GlobalUpdate
[-] RestauradoHKLM\SOFTWARE\Iminent
[-] RestauradoHKLM\SOFTWARE\Myfree Codec
[-] RestauradoHKLM\SOFTWARE\ShopperPro
[-] RestauradoHKLM\SOFTWARE\SmdmF
[-] RestauradoHKLM\SOFTWARE\SupTab
[-] RestauradoHKLM\SOFTWARE\supWPM
[-] RestauradoHKLM\SOFTWARE\sweet-pageSoftware
[#] *Key deleted on reboot: HKLM\SOFTWARE\SUPTAB
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
[#] *Key deleted on reboot: [x64] HKCU\Software\AnyProtect
[#] *Key deleted on reboot: [x64] HKCU\Software\BoBrowser
[#] *Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate
[#] *Key deleted on reboot: [x64] HKCU\Software\InstallCore
[#] *Key deleted on reboot: [x64] HKCU\Software\Linkey
[#] *Key deleted on reboot: [x64] HKCU\Software\lollipop
[#] *Key deleted on reboot: [x64] HKCU\Software\Media Get LLC
[#] *Key deleted on reboot: [x64] HKCU\Software\Myfree Codec
[#] *Key deleted on reboot: [x64] HKCU\Software\Optimizer Pro
[#] *Key deleted on reboot: [x64] HKCU\Software\simplytech
[#] *Key deleted on reboot: [x64] HKCU\Software\Softonic
[#] *Key deleted on reboot: [x64] HKCU\Software\UpdaterEX
[#] *Key deleted on reboot: [x64] HKCU\Software\SIMPLYTECH
[#] *Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] *Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Crossrider
[#] *Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\simplytech
[#] *Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\SIMPLYTECH
[-] Restaurado[x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\Main [Search Bar] 
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] 
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\Search [Search Bar] 
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\Search [Search Page] 
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] 
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] 
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI [(Default)] 
[-] RestauradoHKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] RestauradoHKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar] 
[-] RestauradoHKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] 
[-] RestauradoHKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL] 
[-] RestauradoHKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] 
[-] RestauradoHKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] 
[-] RestauradoHKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI [(Default)] 
[-] RestauradoHKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] 
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] 
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] 
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar] 
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] 
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] 
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Search [Search Page] 
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] 
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL] 
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] 
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] 
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] 
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\SearchURI [(Default)] 
[-] Restaurado[x64] HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Restaurado[x64] HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar] 
[-] Restaurado[x64] HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] 
[-] Restaurado[x64] HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL] 
[-] Restaurado[x64] HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] 
[-] Restaurado[x64] HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] 
[-] Restaurado[x64] HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI [(Default)] 
[-] Restaurado[x64] HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] 
[-] Restaurado[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Restaurado[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Restaurado[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Restaurado[x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] 
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] 
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] 
[-] Restaurado[x64] HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] 
[-] Restaurado[x64] HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] 
[-] Restaurado[x64] HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] 
[-] Restaurado[x64] HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] 
[-] Restaurado[x64] HKCU\Software\Microsoft\Internet Explorer\SearchURI [(Default)] 
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
[-] RestauradoHKU\S-1-5-21-39692063-4080472851-2728763232-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Restaurado[x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\br.hao123.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\br.hao123.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
[-] RestauradoHKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] RestauradoHKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] RestauradoHKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[#] *Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
[-] RestauradoHKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.bdliveupdate.oneclickctrl.9
[-] RestauradoHKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.bdliveupdate.update3webcontrol.3
[-] Restaurado[x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
[-] Restaurado[x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] RestauradoHKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
[-] RestauradoHKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
[#] *Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
[-] Restaurado[x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
[-] RestauradoHKLM\SOFTWARE\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn


***** [ Verificando navegadores ... ] *****

[-] [C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídonafaimnnclfjfedmmabolbppcngeolgf
[-] [C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídooiokahphinmbmakkehgelkmpolmnbkdh
[-] [C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídopflphaooapbgpeakohlggbpidpppgdff
[-] [C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídopkndmigholgfjlniaohblojbhgjbkakn


*************************

:: Políticas do IE excluídas
:: Políticas do Chrome excluídas

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [64353 *Bytes] - [06/11/2016 22:02:05]
C:\AdwCleaner\AdwCleaner[R0].txt - [3839 *Bytes] - [15/10/2013 00:34:07]
C:\AdwCleaner\AdwCleaner[R1].txt - [908 *Bytes] - [15/10/2013 00:39:21]
C:\AdwCleaner\AdwCleaner[R2].txt - [1026 *Bytes] - [15/10/2013 01:20:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [3669 *Bytes] - [15/10/2013 00:34:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [965 *Bytes] - [15/10/2013 00:40:21]
C:\AdwCleaner\AdwCleaner[S2].txt - [68584 *Bytes] - [06/11/2016 21:17:44]
C:\AdwCleaner\AdwCleaner[S3].txt - [68659 *Bytes] - [06/11/2016 21:31:57]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [64946 *Bytes] ##########
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

diego_moicano quando iniciei  novamente o computador a tela do cmd.exe não apareceu mais. Baixei e rodei o zhpcleaner, segue o log :

~ ZHPCleaner v2016.11.8.191 by Nicolas Coolman (2016/11/08)
~ Run by Andressa (Administrator)  (08/11/2016 20:15:31)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Andressa\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Andressa\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (0)


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (20)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (44)
MOVIDO pasta: C:\Users\Andressa\AppData\Roaming\unins000.exe [ - Setup/Uninstall]  =>PUP.Optional.Pirrit
MOVIDO pasta: C:\Users\Andressa\AppData\Roaming\unins001.exe [ - Setup/Uninstall]  =>PUP.Optional.Pirrit
MOVIDO pasta: C:\Users\Andressa\AppData\Roaming\unins002.exe [ - Setup/Uninstall]  =>PUP.Optional.Pirrit
MOVIDO pasta: C:\Users\Andressa\Downloads\Popcorn-Time-0.3.9-Setup.exe [Popcorn Time - Popcorn-Time 0.3.9 Installer]  =>.Superfluous.PopcornTime
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Temp\wct3E28.tmp    =>.Superfluous.Temporary.OneDrive
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Temp\wct40D6.tmp    =>.Superfluous.Temporary.OneDrive
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Temp\wct52FF.tmp    =>.Superfluous.Temporary.OneDrive
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Temp\wct80E2.tmp    =>.Superfluous.Temporary.OneDrive
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Temp\wct85A3.tmp    =>.Superfluous.Temporary.OneDrive
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1uwhu0fkvi771.cloudfront.net_0.localstorage    =>.Superfluous.CloudfrontNet
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage    =>.Superfluous.CloudfrontNet
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_get.popcorntime.sh_0.localstorage    =>.Superfluous.PopcornTime
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage    =>.Superfluous.Atwola
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage-journal    =>.Superfluous.Atwola
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_popcorntime.sh_0.localstorage    =>.Superfluous.PopcornTime
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage    =>PUP.Optional.Generic
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_wix-instantsearchplus-ssl.akamaized.net_0.localstorage    =>.Superfluous.AkamaiHD
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.funmediatabsearch.com_0.localstorage    =>.Superfluous.FunMediaTab
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.mysafetabsearch.com_0.localstorage    =>.Superfluous.MySafeTab
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.socialnewpagessearch.com_0.localstorage    =>.Superfluous.SocialNewPages
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.socialnewpagessearch.com_0.localstorage-journal    =>.Superfluous.SocialNewPages
MOVIDO pasta: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage    =>PUP.Optional.Chatango
MOVIDO arquivo: C:\Users\Andressa\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk  =>PUP.Optional.CrossRider
MOVIDO arquivo: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}  =>PUP.Optional.Generic
MOVIDO arquivo: C:\Users\Andressa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time  =>.Superfluous.PopcornTime
MOVIDO arquivo: C:\Users\Andressa\AppData\Local\Popcorn-Time  =>.Superfluous.PopcornTime
MOVIDO arquivo: C:\Users\Andressa\AppData\Local\Temp\scoped_dir6472_20967  =>.Superfluous.Temporary.Steam
MOVIDO arquivo: C:\Users\Andressa\AppData\Local\Temp\scoped_dir_4640_16313  =>.Superfluous.Temporary.Steam
MOVIDO arquivo: C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>PUP.Optional.DomaIQ
MOVIDO arquivo: C:\Windows\Installer\MSI2F91.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI4BEF.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI563D.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI5652.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI742F.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIA93C.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIAF7B.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIC137.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSICE43.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIDB4E.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIDD66.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIEC37.tmp-  =>.Superfluous.Empty
MOVIDO arquivo: C:\Users\Andressa\AppData\Local\Temp\chrome_BITS_1156_24192  =>.Superfluous.Empty
MOVIDO arquivo: C:\Users\Andressa\AppData\Local\Temp\chrome_BITS_5208_13428  =>.Superfluous.Empty
MOVIDO arquivo: C:\Users\Andressa\AppData\Local\Temp\chrome_BITS_5296_25627  =>.Superfluous.Empty


---\\  Registro ( Chaves, Valores, Dados ) (54)
SUPRIMIDO chave*: HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Plus-HD-4.4 []  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Plus-HD-5.9 []  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKCU\Software\AppDataLow\Software\Plus-HD-1.6 []  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKCU\Software\AppDataLow\Software\Plus-HD-2.3 []  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn-Time [Popcorn Time]  =>.Superfluous.PopcornTime
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} [IStatedContract]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} [_LogoutCommand]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} [_LoginCommand]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} [_LightUri]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} [_PlayContentCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} [_VariableChangedCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} [ITinyfyingArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} [_AddToUserContentCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} [IServerResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} [_TinyUrlArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} [_RawDataArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} [_ShowPluginWindowCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} [_LightContent]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} [_WarmUpCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} [_CheckLoginStatusCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} [_WelcomeCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} [_ShowBrowserWindowCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} [IMediatorClient]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} [_ShowControlCenterCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} [IServerCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} [ICoordCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} [_GetVariableResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} [_GetLoginStatusResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} [_DownloadArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} [_GameOverCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} [IMediatorServiceProxy]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} [_InstallationContextResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} [IContractBase]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} [_CleanCacheCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} [_GetInstallationContextCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} [_LoginStatusChangedCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} [_MergeIdentityCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} [_SetVariableCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} [_MyAccountCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} [IHWndContract]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} [_PostContentCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} [_RecycleViewsCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} [_UserContentChangedCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} [_GetCreditCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} [_LinkToPromoteArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} [_LoadContentCommandResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} [_ViralLinkArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update ClearThink []  =>PUP.Optional.ClearThink
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update webget []  =>PUP.Optional.WebGet
SUPRIMIDO chave: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} [C:\Program Files (x86)\globalUpdate\Update (Not File)]  =>PUP.Optional.GlobalUpdate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} [C:\Program Files (x86)\globalUpdate\Update\1.3.25.0 (Not File)]  =>PUP.Optional.GlobalUpdate


---\\  Resumo dos elementos encontrados na sua estação de trabalho (22)
https://www.nicolascoolman.com/fr/pup-pirritsuggestor/  =>PUP.Optional.Pirrit
https://www.anti-malware.top/2016/09/28/superfluous-popcorntime/  =>.Superfluous.PopcornTime
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.Temporary.OneDrive
https://www.anti-malware.top/2016/08/31/cloudfront-net/  =>.Superfluous.CloudfrontNet
https://www.anti-malware.top/2016/07/21/superfluous-atwola/  =>.Superfluous.Atwola
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/  =>PUP.Optional.Generic
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.AkamaiHD
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.FunMediaTab
https://www.anti-malware.top/2016/07/13/superfluous-mysafetab/  =>.Superfluous.MySafeTab
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.SocialNewPages
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.Chatango
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/  =>PUP.Optional.CrossRider
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.Temporary.Steam
https://www.nicolascoolman.com/fr/adware-domaiq/  =>PUP.Optional.DomaIQ
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.Empty
https://www.nicolascoolman.com/fr/adware-imbooster/  =>PUP.Optional.IMBooster
https://www.nicolascoolman.com/fr/pup-rewardsarcade/  =>PUP.Optional.RewardsArcade
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.Camec
https://www.nicolascoolman.com/fr/pup-clearthink/  =>PUP.Optional.ClearThink
https://www.nicolascoolman.com/fr/pup-webget/  =>PUP.Optional.WebGet
https://www.anti-malware.top/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect
https://www.nicolascoolman.com/fr/pup-globalupdate/  =>PUP.Optional.GlobalUpdate


---\\  Dodatkowe oczyszczenie. (27)
~ Chave de registro Tracing Supprimido (27)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso


---\\ Estatísticas
~ Items scan : 687
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 98


~ End of clean in 00h08mn49s
~====================
ZHPCleaner-[R]-08112016-20_24_20.txt
ZHPCleaner--08112016-20_14_15.txt
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Grafitepf

 

Leia as instruções contidas neste link: "Como usar o ComboFix"
 
Faça o download do ComboFix e salve em sua Área de Trabalho (Desktop).

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

  • Clique duas vezes em ComboFix.exe salvo em sua Área de Trabalho (Desktop).
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Leia e aceite as condições, teclando ENTER.
  • Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
  • Poderá surgir o aviso que é necessário reiniciar o computador.  
  • NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
  • Quando a ferramenta terminar, será gerado um log (o arquivo C:\ComboFix.txt).
  • Copie e cole o conteúdo desse arquivo em sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

diego_moicano

Segue o log do combofix:

ComboFix 16-11-06.01 - Andressa 09/11/2016  11:29:55.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.3895.1703 [GMT -2:00]
Executando de: c:\users\Andressa\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Execuções precedente -------
.
c:\program files (x86)\ShopperPro\config.json
c:\program files (x86)\ShopperPro\database1_0_0.json
c:\program files (x86)\ShopperPro\FireFox\chrome.manifest
c:\program files (x86)\ShopperPro\FireFox\content\overlay.js
c:\program files (x86)\ShopperPro\FireFox\content\overlay.xul
c:\program files (x86)\ShopperPro\FireFox\content\shopperpro_128.png
c:\program files (x86)\ShopperPro\FireFox\install.rdf
c:\program files (x86)\ShopperPro\JSDriver\jsdrv.exe
c:\program files (x86)\ShopperPro\JSDriver\jsdrv.sys
c:\program files (x86)\ShopperPro\manifest.json
c:\program files (x86)\ShopperPro\ShopperPro.crx
c:\program files (x86)\ShopperPro\ShopperPro.dll
c:\program files (x86)\ShopperPro\ShopperPro.zip
c:\program files (x86)\ShopperPro\ShopperPro64.dll
c:\program files (x86)\ShopperPro\SPRemove.exe
c:\programdata\374311380\BITCA12.tmp
c:\programdata\ShopperPro\config.json
c:\programdata\ShopperPro\database1_0_0.json
c:\programdata\ShopperPro\ShopperPro.dll
c:\programdata\ShopperPro\ShopperPro64.dll
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2016-10-09 to 2016-11-09  ))))))))))))))))))))))))))))
.
.
2016-11-09 14:49 . 2016-11-09 14:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2016-11-09 13:13 . 2016-11-09 13:13    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{26F1786A-6C77-40F9-A2C8-11D01DEDAE50}\offreg.4528.dll
2016-11-09 12:49 . 2016-11-09 12:49    --------    d-----w-    C:\OneDriveTemp
2016-11-08 22:46 . 2016-08-22 16:19    1386496    ----a-w-    c:\windows\system32\diagtrack.dll
2016-11-08 21:39 . 2016-11-08 22:24    --------    d-----w-    c:\users\Andressa\AppData\Roaming\ZHP
2016-11-08 21:28 . 2016-11-08 21:29    --------    d-----w-    c:\programdata\ProductData
2016-11-07 00:02 . 2016-11-07 00:02    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{26F1786A-6C77-40F9-A2C8-11D01DEDAE50}\offreg.3008.dll
2016-11-05 02:04 . 2016-10-19 14:14    12033040    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{26F1786A-6C77-40F9-A2C8-11D01DEDAE50}\mpengine.dll
2016-11-01 11:38 . 2016-11-01 11:38    --------    d-----w-    C:\zoek_backup
2016-10-28 17:58 . 2016-10-28 17:58    --------    d-----w-    c:\programdata\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-10-28 04:10 . 2016-10-28 04:10    --------    d-----w-    c:\windows\SysWow64\Avast
2016-10-24 13:06 . 2016-10-24 13:06    41576    ----a-w-    c:\windows\system32\DbxSvc.exe
2016-10-24 13:06 . 2016-10-24 13:06    75888    ----a-w-    c:\windows\system32\drivers\dbx-stable.sys
2016-10-24 13:06 . 2016-10-24 13:06    75888    ----a-w-    c:\windows\system32\drivers\dbx-dev.sys
2016-10-24 13:06 . 2016-10-24 13:06    75888    ----a-w-    c:\windows\system32\drivers\dbx-canary.sys
2016-10-13 16:19 . 2016-06-14 17:16    228864    ----a-w-    c:\windows\system32\wintrust.dll
2016-10-13 16:19 . 2016-06-14 17:16    190976    ----a-w-    c:\windows\system32\cryptsvc.dll
2016-10-13 16:19 . 2016-06-14 17:16    141824    ----a-w-    c:\windows\system32\cryptnet.dll
2016-10-13 16:19 . 2016-08-06 15:31    54272    ----a-w-    c:\windows\system32\WsmRes.dll
2016-10-13 16:19 . 2016-08-06 15:15    54272    ----a-w-    c:\windows\SysWow64\WsmRes.dll
2016-10-13 16:19 . 2016-06-14 17:16    2048    ----a-w-    c:\windows\system32\mferror.dll
2016-10-13 16:19 . 2016-06-14 15:21    2048    ----a-w-    c:\windows\SysWow64\mferror.dll
2016-10-13 16:19 . 2016-06-14 15:21    1176064    ----a-w-    c:\windows\SysWow64\crypt32.dll
2016-10-13 16:19 . 2016-06-14 15:21    179200    ----a-w-    c:\windows\SysWow64\wintrust.dll
2016-10-13 16:19 . 2016-06-14 15:21    145920    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2016-10-13 16:19 . 2016-06-14 15:21    106496    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2016-10-13 16:15 . 2016-08-29 15:31    14183424    ----a-w-    c:\windows\system32\shell32.dll
2016-10-13 16:15 . 2016-08-29 15:04    3229696    ----a-w-    c:\windows\explorer.exe
2016-10-13 16:15 . 2016-08-29 14:55    2972672    ----a-w-    c:\windows\SysWow64\explorer.exe
2016-10-13 16:15 . 2016-08-29 15:31    1867776    ----a-w-    c:\windows\system32\ExplorerFrame.dll
2016-10-13 16:15 . 2016-08-29 15:31    1941504    ----a-w-    c:\windows\system32\authui.dll
2016-10-13 16:15 . 2016-08-29 15:12    1499648    ----a-w-    c:\windows\SysWow64\ExplorerFrame.dll
2016-10-13 16:15 . 2016-08-29 15:12    1806848    ----a-w-    c:\windows\SysWow64\authui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-26 19:29 . 2010-11-21 03:27    485032    ------w-    c:\windows\system32\MpSigStub.exe
2016-10-07 15:12 . 2016-11-08 22:47    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2016-09-30 22:18 . 2016-09-30 22:18    142336    ----a-w-    c:\windows\system32\poqexec.exe
2016-09-30 22:18 . 2016-09-30 22:18    123904    ----a-w-    c:\windows\SysWow64\poqexec.exe
2016-08-16 17:36 . 2016-09-16 00:32    1009152    ----a-w-    c:\windows\system32\user32.dll
2016-08-16 02:48 . 2016-09-16 00:32    833024    ----a-w-    c:\windows\SysWow64\user32.dll
2016-08-12 16:46 . 2016-10-13 16:19    2560    ----a-w-    c:\windows\apppatch\AcRes.dll
2016-08-12 16:26 . 2016-09-16 00:37    464896    ----a-w-    c:\windows\system32\drivers\srv.sys
2016-08-12 16:26 . 2016-09-16 00:37    405504    ----a-w-    c:\windows\system32\drivers\srv2.sys
2016-08-12 16:26 . 2016-09-16 00:37    168960    ----a-w-    c:\windows\system32\drivers\srvnet.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-08-26 18:03    1748168    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-08-26 18:03    1748168    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-08-26 18:03    1748168    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-08-26 18:03    1748168    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-08-26 18:03    1748168    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.1.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"OneDrive"="c:\users\Andressa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2016-08-26 633024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2016-09-16 1156824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GBPLUGIN\gbiehuni.dll" [2015-07-06 1759992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2016-06-07 13:13    1947872    ----a-w-    c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2015-07-06 18:20    1759992    ------w-    c:\program files (x86)\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R0 gbpddreg;Gbpddreg svc;c:\windows\system32\drivers\gbpddreg64.sys;c:\windows\SYSNATIVE\drivers\gbpddreg64.sys [x]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]
R1 badriver;badriver;c:\windows\system32\drivers\badriver.sys;c:\windows\SYSNATIVE\drivers\badriver.sys [x]
R1 gbpddfac;Warsaw File Access svc;c:\windows\system32\drivers\gbpddfac64.sys;c:\windows\SYSNATIVE\drivers\gbpddfac64.sys [x]
R1 wsddfac;wsddfac;c:\windows\system32\drivers\wsddfac.sys;c:\windows\SYSNATIVE\drivers\wsddfac.sys [x]
R1 wsddpp;Warsaw - Driver (PP);c:\windows\system32\drivers\wsddpp.sys;c:\windows\SYSNATIVE\drivers\wsddpp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Serviço Atualização do Dropbox (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dbupdatem;Serviço Atualização do Dropbox (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys;c:\windows\SYSNATIVE\DRIVERS\dbx.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tapwp01;TAP-Win32 Adapter V9 (WiFi Protector);c:\windows\system32\DRIVERS\tapwp01.sys;c:\windows\SYSNATIVE\DRIVERS\tapwp01.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 gosaferdrv;gosaferdrv;c:\windows\system32\drivers\gosaferdrv.sys;c:\windows\SYSNATIVE\drivers\gosaferdrv.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 pofilterdrv;pofilterdrv;c:\windows\system32\drivers\pofilterdrv.sys;c:\windows\SYSNATIVE\drivers\pofilterdrv.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe;c:\program files\Diebold\Warsaw\core.exe [x]
S3 GBPRCM;Service for G-Buster Driver (PM);c:\program files (x86)\GBPLUGIN\gbprcm64.sys;c:\program files (x86)\GBPLUGIN\gbprcm64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Warsaw_PP;Warsaw Protector;c:\progra~2\GbPlugin\wsftprp64.sys;c:\progra~2\GbPlugin\wsftprp64.sys [x]
S4 WinDivert1.1;WinDivert1.1;c:\program files\Diebold\Warsaw\WinDivert64.sys;c:\program files\Diebold\Warsaw\WinDivert64.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - GbFtIn
*Deregistered* - mad_inj_driver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-05 02:16    1363560    ----a-w-    c:\program files (x86)\Google\Chrome\Application\54.0.2840.87\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2015-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-02 13:45]
.
2016-11-09 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-31 02:25]
.
2016-11-09 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-31 02:25]
.
2016-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01 02:31]
.
2016-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01 02:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2016-05-24 00:49    2478880    ----a-w-    c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-08-26 18:03    1802432    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-08-26 18:03    1802432    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-08-26 18:03    1802432    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-08-26 18:03    1802432    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-08-26 18:03    1802432    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-10-12 12:25    775064    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-10-12 12:25    775064    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-10-12 12:25    775064    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-24 13:10    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.1.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-31 23:11    634872    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 413720]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2016-06-22 925744]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
uDefault_Search_URL = 
mDefault_Search_URL = 
mDefault_Page_URL = 
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = 
mSearch Bar = 
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\aapj
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: dell.com
Trusted Zone: gastecnologia.com.br\cloud
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: itaupersonnalite.com.br\www
FF - ProfilePath - c:\users\Andressa\AppData\Roaming\Mozilla\Firefox\Profiles\xi5lpzya.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Andressa\AppData\Roaming\unins000.exe
AddRemove-{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 - c:\users\Andressa\AppData\Roaming\unins001.exe
AddRemove-{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1 - c:\users\Andressa\AppData\Roaming\unins002.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,6a,49,52,d5,20,45,44,bd,c6,79,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,6a,49,52,d5,20,45,44,bd,c6,79,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Microsoft-Hyper-V-Integration-Services-Package~31bf3856ad364e35~amd64~~6.3.9600.18080]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2919469~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000070
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2952664~31bf3856ad364e35~amd64~~6.1.16.5]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3035583~31bf3856ad364e35~amd64~~6.1.3.4]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3072305~31bf3856ad364e35~amd64~~6.1.1.2]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000070
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3102429~31bf3856ad364e35~amd64~~6.1.2.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3108664~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3109560~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3115858~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3118401~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3121255~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3121461~31bf3856ad364e35~amd64~~6.1.1.2]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3121918~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3122648~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3123479~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3123862~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3124000~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3124001~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3124275~31bf3856ad364e35~amd64~~11.2.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3124280~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3126446~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3126593~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3127220~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3133977~31bf3856ad364e35~amd64~~6.1.1.2]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3134214~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3134814~31bf3856ad364e35~amd64~~11.2.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3135445~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3135983~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3135988~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3137061~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3138612~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3138901~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3138910~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3138962~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139398~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139852~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139914~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139923~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139929~31bf3856ad364e35~amd64~~11.2.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139940~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3140410~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3140735~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3141092~31bf3856ad364e35~amd64~~11.2.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
c:\program files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Tempo para conclusão: 2016-11-09  13:48:59 - Máquina reiniciou
ComboFix-quarantined-files.txt  2016-11-09 15:48
.
Pré-execução: 67.022.303.232 bytes disponíveis
Pós execução: 67.156.025.344 bytes disponíveis
.
- - End Of File - - E299569277B7315BFC1B35602BCCF6F8
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Grafitepf

 

Que bom! Mas não terminamos... ;)

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:
 

Citação

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

ADS::


Salve este arquivo na Área de Trabalho (Desktop) como CFScript.txt
Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe.

 

2872959479_997d4500c4_o.gif

 

Quando a ferramenta terminar, será gerado um log C:\ComboFix.txt

Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá amigo @diego_moicano ,

SEgue o log do combofix com as alterações:

 

ComboFix 16-11-06.01 - Andressa 12/11/2016  16:03:03.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.3895.2073 [GMT -2:00]
Executando de: c:\users\Andressa\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Andressa\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andressa\AppData\Local\Temp\nsyAC66.tmp\nsProcess.dll
c:\users\Andressa\AppData\Local\Temp\nsyAC66.tmp\System.dll
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2016-10-12 to 2016-11-12  ))))))))))))))))))))))))))))
.
.
2016-11-12 19:24 . 2016-11-12 19:24    --------    d-----w-    c:\users\Default\AppData\Local\temp
2016-11-12 17:24 . 2016-11-12 17:24    --------    d-----w-    C:\OneDriveTemp
2016-11-11 17:05 . 2016-10-19 14:14    12033040    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{F28EBBBF-AF5A-4FF4-A696-ADB973ABC7CD}\mpengine.dll
2016-11-08 22:46 . 2016-08-22 16:19    1386496    ----a-w-    c:\windows\system32\diagtrack.dll
2016-11-08 21:39 . 2016-11-08 22:24    --------    d-----w-    c:\users\Andressa\AppData\Roaming\ZHP
2016-11-08 21:28 . 2016-11-08 21:29    --------    d-----w-    c:\programdata\ProductData
2016-11-07 22:49 . 2016-11-07 22:49    75888    ----a-w-    c:\windows\system32\drivers\dbx-stable.sys
2016-11-07 22:49 . 2016-11-07 22:49    75888    ----a-w-    c:\windows\system32\drivers\dbx-dev.sys
2016-11-07 22:49 . 2016-11-07 22:49    75888    ----a-w-    c:\windows\system32\drivers\dbx-canary.sys
2016-11-07 22:49 . 2016-11-07 22:49    42096    ----a-w-    c:\windows\system32\DbxSvc.exe
2016-11-01 11:38 . 2016-11-01 11:38    --------    d-----w-    C:\zoek_backup
2016-10-28 17:58 . 2016-10-28 17:58    --------    d-----w-    c:\programdata\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-10-28 04:10 . 2016-10-28 04:10    --------    d-----w-    c:\windows\SysWow64\Avast
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-26 19:29 . 2010-11-21 03:27    485032    ------w-    c:\windows\system32\MpSigStub.exe
2016-10-07 15:12 . 2016-11-08 22:47    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2016-09-30 22:18 . 2016-09-30 22:18    142336    ----a-w-    c:\windows\system32\poqexec.exe
2016-09-30 22:18 . 2016-09-30 22:18    123904    ----a-w-    c:\windows\SysWow64\poqexec.exe
2016-09-12 21:17 . 2016-10-13 16:16    77032    ----a-w-    c:\windows\system32\CompatTelRunner.exe
2016-09-12 21:08 . 2016-10-13 16:20    107520    ----a-w-    c:\windows\system32\adsmsext.dll
2016-09-12 21:08 . 2016-10-13 16:16    1226752    ----a-w-    c:\windows\system32\aeinv.dll
2016-09-12 20:49 . 2016-10-13 16:20    76800    ----a-w-    c:\windows\SysWow64\adsmsext.dll
2016-09-12 19:08 . 2016-10-13 16:20    1251328    ----a-w-    c:\windows\SysWow64\DWrite.dll
2016-09-12 18:43 . 2016-10-13 16:20    1180160    ----a-w-    c:\windows\system32\FntCache.dll
2016-09-12 18:43 . 2016-10-13 16:20    1648128    ----a-w-    c:\windows\system32\DWrite.dll
2016-09-09 15:54 . 2016-10-13 16:16    586752    ----a-w-    c:\windows\system32\generaltel.dll
2016-09-09 15:54 . 2016-10-13 16:16    314368    ----a-w-    c:\windows\system32\invagent.dll
2016-09-09 15:54 . 2016-10-13 16:16    129024    ----a-w-    c:\windows\system32\acmigration.dll
2016-09-09 15:54 . 2016-10-13 16:16    1629184    ----a-w-    c:\windows\system32\appraiser.dll
2016-09-09 15:54 . 2016-10-13 16:16    575488    ----a-w-    c:\windows\system32\devinv.dll
2016-09-09 15:54 . 2016-10-13 16:16    273408    ----a-w-    c:\windows\system32\centel.dll
2016-09-09 15:54 . 2016-10-13 16:16    224256    ----a-w-    c:\windows\system32\aepic.dll
2016-09-08 20:34 . 2016-10-13 16:20    263680    ----a-w-    c:\windows\system32\WebClnt.dll
2016-09-08 20:34 . 2016-10-13 16:20    108544    ----a-w-    c:\windows\system32\davclnt.dll
2016-09-08 20:34 . 2016-10-13 16:20    208896    ----a-w-    c:\windows\SysWow64\WebClnt.dll
2016-09-08 20:34 . 2016-10-13 16:20    87040    ----a-w-    c:\windows\SysWow64\davclnt.dll
2016-09-08 14:55 . 2016-10-13 16:20    142336    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2016-09-08 14:55 . 2016-10-13 16:20    106496    ----a-w-    c:\windows\system32\drivers\dfsc.sys
2016-08-29 15:31 . 2016-10-13 16:15    14183424    ----a-w-    c:\windows\system32\shell32.dll
2016-08-29 15:31 . 2016-10-13 16:15    1867776    ----a-w-    c:\windows\system32\ExplorerFrame.dll
2016-08-29 15:31 . 2016-10-13 16:15    1941504    ----a-w-    c:\windows\system32\authui.dll
2016-08-29 15:12 . 2016-10-13 16:15    1499648    ----a-w-    c:\windows\SysWow64\ExplorerFrame.dll
2016-08-29 15:12 . 2016-10-13 16:15    1806848    ----a-w-    c:\windows\SysWow64\authui.dll
2016-08-29 15:04 . 2016-10-13 16:15    3229696    ----a-w-    c:\windows\explorer.exe
2016-08-29 14:55 . 2016-10-13 16:15    2972672    ----a-w-    c:\windows\SysWow64\explorer.exe
2016-08-16 20:40 . 2016-10-13 16:16    343552    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2016-08-16 20:40 . 2016-10-13 16:16    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2016-08-16 20:40 . 2016-10-13 16:16    56320    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2016-08-16 20:40 . 2016-10-13 16:16    327168    ----a-w-    c:\windows\system32\drivers\usbport.sys
2016-08-16 20:40 . 2016-10-13 16:16    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2016-08-16 20:40 . 2016-10-13 16:16    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2016-08-16 20:40 . 2016-10-13 16:16    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2016-08-16 17:36 . 2016-09-16 00:32    1009152    ----a-w-    c:\windows\system32\user32.dll
2016-08-16 02:48 . 2016-09-16 00:32    833024    ----a-w-    c:\windows\SysWow64\user32.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-08-26 18:03    1748168    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-08-26 18:03    1748168    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-08-26 18:03    1748168    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-08-26 18:03    1748168    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-08-26 18:03    1748168    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    223552    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"OneDrive"="c:\users\Andressa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2016-08-26 633024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"Dropbox"="c:\program files (x86)\Dropbox\Client\Dropbox.exe" [2016-11-07 25673776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GBPLUGIN\gbiehuni.dll" [2015-07-06 1759992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2016-06-07 13:13    1947872    ----a-w-    c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2015-07-06 18:20    1759992    ------w-    c:\program files (x86)\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R0 gbpddreg;Gbpddreg svc;c:\windows\system32\drivers\gbpddreg64.sys;c:\windows\SYSNATIVE\drivers\gbpddreg64.sys [x]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]
R1 badriver;badriver;c:\windows\system32\drivers\badriver.sys;c:\windows\SYSNATIVE\drivers\badriver.sys [x]
R1 gbpddfac;Warsaw File Access svc;c:\windows\system32\drivers\gbpddfac64.sys;c:\windows\SYSNATIVE\drivers\gbpddfac64.sys [x]
R1 wsddfac;wsddfac;c:\windows\system32\drivers\wsddfac.sys;c:\windows\SYSNATIVE\drivers\wsddfac.sys [x]
R1 wsddpp;Warsaw - Driver (PP);c:\windows\system32\drivers\wsddpp.sys;c:\windows\SYSNATIVE\drivers\wsddpp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Serviço Atualização do Dropbox (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dbupdatem;Serviço Atualização do Dropbox (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys;c:\windows\SYSNATIVE\DRIVERS\dbx.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tapwp01;TAP-Win32 Adapter V9 (WiFi Protector);c:\windows\system32\DRIVERS\tapwp01.sys;c:\windows\SYSNATIVE\DRIVERS\tapwp01.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 gosaferdrv;gosaferdrv;c:\windows\system32\drivers\gosaferdrv.sys;c:\windows\SYSNATIVE\drivers\gosaferdrv.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 pofilterdrv;pofilterdrv;c:\windows\system32\drivers\pofilterdrv.sys;c:\windows\SYSNATIVE\drivers\pofilterdrv.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe;c:\program files\Diebold\Warsaw\core.exe [x]
S3 GBPRCM;Service for G-Buster Driver (PM);c:\program files (x86)\GBPLUGIN\gbprcm64.sys;c:\program files (x86)\GBPLUGIN\gbprcm64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Warsaw_PP;Warsaw Protector;c:\progra~2\GbPlugin\wsftprp64.sys;c:\progra~2\GbPlugin\wsftprp64.sys [x]
S4 WinDivert1.1;WinDivert1.1;c:\program files\Diebold\Warsaw\WinDivert64.sys;c:\program files\Diebold\Warsaw\WinDivert64.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*Deregistered* - GbFtIn
*Deregistered* - mad_inj_driver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-05 02:16    1363560    ----a-w-    c:\program files (x86)\Google\Chrome\Application\54.0.2840.87\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2015-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-02 13:45]
.
2016-11-12 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-31 02:25]
.
2016-11-12 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-31 02:25]
.
2016-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01 02:31]
.
2016-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01 02:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2016-05-24 00:49    2478880    ----a-w-    c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-08-26 18:03    1802432    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-08-26 18:03    1802432    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-08-26 18:03    1802432    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-08-26 18:03    1802432    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-08-26 18:03    1802432    ----a-w-    c:\users\Andressa\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-10-12 12:25    775064    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-10-12 12:25    775064    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-10-12 12:25    775064    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53    270144    ----a-w-    c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-31 23:11    634872    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 413720]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2016-06-22 925744]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
uDefault_Search_URL = 
mDefault_Search_URL = 
mDefault_Page_URL = 
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = 
mSearch Bar = 
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\aapj
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: dell.com
Trusted Zone: gastecnologia.com.br\cloud
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: itaupersonnalite.com.br\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andressa\AppData\Roaming\Mozilla\Firefox\Profiles\xi5lpzya.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-10 - (no file)
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Andressa\AppData\Roaming\unins000.exe
AddRemove-{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 - c:\users\Andressa\AppData\Roaming\unins001.exe
AddRemove-{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1 - c:\users\Andressa\AppData\Roaming\unins002.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Microsoft-Hyper-V-Integration-Services-Package~31bf3856ad364e35~amd64~~6.3.9600.18080]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2919469~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000070
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2952664~31bf3856ad364e35~amd64~~6.1.16.5]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3035583~31bf3856ad364e35~amd64~~6.1.3.4]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3072305~31bf3856ad364e35~amd64~~6.1.1.2]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000070
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3102429~31bf3856ad364e35~amd64~~6.1.2.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3108664~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3109560~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3115858~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3118401~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3121255~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3121461~31bf3856ad364e35~amd64~~6.1.1.2]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3121918~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3122648~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3123479~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3123862~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3124000~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3124001~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3124275~31bf3856ad364e35~amd64~~11.2.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3124280~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3126446~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3126593~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3127220~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3133977~31bf3856ad364e35~amd64~~6.1.1.2]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3134214~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3134814~31bf3856ad364e35~amd64~~11.2.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3135445~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3135983~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3135988~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3137061~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3138612~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3138901~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3138910~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3138962~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139398~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139852~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139914~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139923~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139929~31bf3856ad364e35~amd64~~11.2.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3139940~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3140410~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3140735~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3141092~31bf3856ad364e35~amd64~~11.2.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
c:\program files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Tempo para conclusão: 2016-11-12  18:21:58 - Máquina reiniciou
ComboFix-quarantined-files.txt  2016-11-12 20:21
ComboFix2.txt  2016-11-09 15:49
.
Pré-execução: 67.107.487.744 bytes disponíveis
Pós execução: 66.435.207.168 bytes disponíveis
.
- - End Of File - - 7A70C8D5C96A0F1A832D1EA552A89E7A
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Grafitepf

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

 

  • Clique duas vezes para executar a ferramenta.
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
  • Anexe o log Addition.txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano fiz isso mas continua a mesma coisa. Segue o print anexo.

 

2016-11-14.png

adicionado 46 minutos depois

Fica só nessa tela e depois aparece a mensagem que o programa não está respondendo.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Grafitepf

 

Muito estranho... depois voltamos nele.

 

Baixe a Malwarebytes Anti-Malware (MBAM).
 
Clique duas vezes no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
  • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano

Segue o log do mbam:

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verificação: 15/11/2016
Hora da verificação: 12:43
Arquivo de registro: mbamlog.txt
Administrador: Sim

Versão: 2.2.1.1043
Banco de dados de malware: v2016.11.15.09
Banco de dados de rootkit: v2016.10.31.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Andressa

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 315453
Tempo decorrido: 1 hr, 13 min, 57 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 18
PUP.Optional.MySearchDial, HKU\S-1-5-21-39692063-4080472851-2728763232-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarentena, [187d962a2a7045f1d2c2158e847d21df], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarentena, [187d962a2a7045f1d2c2158e847d21df], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, Quarentena, [dcb9912ffe9ca195aade495eb9483cc4], 
PUP.Optional.GoSafer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gosaferdrv, Quarentena, [464fc2fe306a072f78bc8209d032de22], 
PUP.Optional.POFilter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pofilterdrv, Quarentena, [e7aec5fb2377082e332a0c8aef1302fe], 
PUP.Optional.PopDeals, HKLM\SOFTWARE\PopDeals, Quarentena, [8213ab154c4e61d5b5b9fb9b19e9619f], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0844ED8C-6940-4E83-AB26-123C1074DFA4}, Quarentena, [197cc8f8a3f770c60726d7af1de5758b], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{469BCB91-8135-4010-8E21-4741FACA0CBC}, Quarentena, [10850cb45f3b7bbb68c664228a78946c], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{56CC0271-9F41-4169-BE9E-E97061E5F202}, Quarentena, [02934878a2f81f17b27ded99f50d1ce4], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F496E47-4884-46C6-8847-4D411E638933}, Quarentena, [583d5868069456e0bb735036aa586898], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{95596884-7BC5-4E95-A4E4-25D5A211D012}, Quarentena, [3362c000fb9f2a0c1718701699698e72], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DBF40B41-304B-4D39-8681-F90C01D15672}, Quarentena, [247101bf5b3fb38316170c7a4db5b64a], 
PUP.Optional.PopDeals, HKLM\SOFTWARE\MICROSOFT\TRACING\PopDeals_RASAPI32, Quarentena, [326399276634fe389ff3b212ac5640c0], 
PUP.Optional.CrossRider, HKU\S-1-5-21-39692063-4080472851-2728763232-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{208DA7A2-C143-4DDD-833B-36569F5E4B8C}, Quarentena, [abea5a668d0da78fc5532d59a75b33cd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-39692063-4080472851-2728763232-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{404D885E-18E3-438B-932C-64DABE2CDFB4}, Quarentena, [6c295c6464361323a871e5a108faf907], 
PUP.Optional.CrossRider, HKU\S-1-5-21-39692063-4080472851-2728763232-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{578EA12A-14CB-4FEB-B0CC-BC38AA3A88BC}, Quarentena, [f2a3a818fc9ea492b069b7cf36cc14ec], 
PUP.Optional.CrossRider, HKU\S-1-5-21-39692063-4080472851-2728763232-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7407F99D-E3EA-4CC5-A2E9-BCA2792DCA99}, Quarentena, [1a7b6e526b2f6ec8c3557e089a68f10f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-39692063-4080472851-2728763232-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A981BCCF-B9B4-4969-AA4D-74FC95EC8426}, Quarentena, [d1c4e7d9ebaf3df9d5442d5948bab14f], 

Valores de registro: 12
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0844ed8c-6940-4e83-ab26-123c1074dfa4}|AppName, Plus-HD-4.4-bg.exe, Quarentena, [197cc8f8a3f770c60726d7af1de5758b]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{469bcb91-8135-4010-8e21-4741faca0cbc}|AppName, Plus-HD-1.6-buttonutil.exe, Quarentena, [10850cb45f3b7bbb68c664228a78946c]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{56cc0271-9f41-4169-be9e-e97061e5f202}|AppName, Plus-HD-1.6-codedownloader.exe, Quarentena, [02934878a2f81f17b27ded99f50d1ce4]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8f496e47-4884-46c6-8847-4d411e638933}|AppName, Plus-HD-4.4-buttonutil.exe, Quarentena, [583d5868069456e0bb735036aa586898]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{95596884-7bc5-4e95-a4e4-25d5a211d012}|AppName, Plus-HD-4.4-codedownloader.exe, Quarentena, [3362c000fb9f2a0c1718701699698e72]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{dbf40b41-304b-4d39-8681-f90c01d15672}|AppName, Plus-HD-1.6-bg.exe, Quarentena, [247101bf5b3fb38316170c7a4db5b64a]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, Quarentena, [6134af11a5f54ee8fb9d71224db5e719]
PUP.Optional.CrossRider, HKU\S-1-5-21-39692063-4080472851-2728763232-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{208DA7A2-C143-4DDD-833B-36569F5E4B8C}|AppName, Wifi Protector BI-enabler.exe-buttonutil.exe, Quarentena, [abea5a668d0da78fc5532d59a75b33cd]
PUP.Optional.CrossRider, HKU\S-1-5-21-39692063-4080472851-2728763232-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{404D885E-18E3-438B-932C-64DABE2CDFB4}|AppName, Wifi Protector BI-enabler.exe-codedownloader.exe, Quarentena, [6c295c6464361323a871e5a108faf907]
PUP.Optional.CrossRider, HKU\S-1-5-21-39692063-4080472851-2728763232-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{578EA12A-14CB-4FEB-B0CC-BC38AA3A88BC}|AppName, Wifi Protector BI-enabler.exe-codedownloader.exe, Quarentena, [f2a3a818fc9ea492b069b7cf36cc14ec]
PUP.Optional.CrossRider, HKU\S-1-5-21-39692063-4080472851-2728763232-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7407F99D-E3EA-4CC5-A2E9-BCA2792DCA99}|AppName, Wifi Protector BI-enabler.exe-buttonutil.exe, Quarentena, [1a7b6e526b2f6ec8c3557e089a68f10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-39692063-4080472851-2728763232-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A981BCCF-B9B4-4969-AA4D-74FC95EC8426}|AppName, Wifi Protector BI-enabler.exe-codedownloader.exe, Quarentena, [d1c4e7d9ebaf3df9d5442d5948bab14f]

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 5
PUP.Optional.BrowseFox, C:\WINDOWS\SYSTEM32\drivers\trz2A91.tmp, Excluir ao reiniciar, [efc2dba785994d4df83bbbc0a61c8cf0], 
PUP.Optional.GoSafer, C:\Windows\System32\drivers\gosaferdrv.sys, Excluir ao reiniciar, [7144d953dc4a27f20c891fb74485d0f9], 
PUP.Optional.POFilter, C:\Windows\System32\drivers\pofilterdrv.sys, Excluir ao reiniciar, [f80393a5e4e0789392105b9acb460632], 
PUP.Optional.CrossRider, C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdcmldniciaadnhphngjgajcaiddomka_0.localstorage, Quarentena, [4c49d4ec7f1b082e17f3e79e0101857b], 
PUP.Optional.QuickStart, C:\Users\Andressa\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx, Quarentena, [e8adb9072575999df79205920af8bd43], 

Setores físicos: 0
(Nenhum item malicioso detectado)


(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano  Cara, tentei rodar de tudo quanto é jeito..como administrador, normal..mas não vai. Ele trava..Agora até saiu daquela tela mas trava logo em seguida, nem consigo clicar no "ultimos 90 dias". Uma vez deu a mensagem "update failed" mas travou tbém logo q apareceu a mensagem.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Grafitepf

 

Deixe o FRST de lado então, vamos para outra tool. ;)

 

Faça o donwload do OTL by OldTimer e salve em seu Área de Trabalho (Desktop).

Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif


Deixe a tela principal configurada conforme figura abaixo: 5369448421_6bf795eb1a_b.jpg


Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

 

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dl
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
/md5stop


Clique no botão 5370056362_e3d07d5d8a_m.jpg


Não interrompa o scan em hipótese alguma;
Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
Anexe os dois logs em sua próxima resposta.
Não exclua o OTL

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Grafitepf

 

Novamente com o OTL.
Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif


Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

 

OTL:
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{666806CD-94D4-4689-BA73-E35EA1EA9666}: "URL" = http://start2.me/?qry={searchTerms}
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE14
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
[2014/11/08 18:47:08 | 000,000,000 | ---D | M] -- C:\Users\Andressa\AppData\Roaming\baidu
[2014/10/24 09:14:19 | 000,000,000 | ---D | M] -- C:\Users\Andressa\AppData\Roaming\Baidu Security
[2014/01/15 03:15:14 | 000,167,784 | ---- | C] (Baidu, Inc.) -- C:\ProgramData\FileSplitUpLoad.dll
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:933D54A9
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C36D0DFD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:CA400C1B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A52D07E2

:Commands
[purity]
[emptyflash]
[resethosts]
[clearallrestorepoints]
[createrestorepoint]
[emptytemp]
[reboot]

 

Clique no botão 5370056394_358505935a_m.jpg

 

  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Poste o conteúdo desse log em sua próxima resposta.


Atenção: se fechar o log sem ter salvo antes ele sumirá.Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg

 

  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste mais este log em sua próxima resposta o log gerado.


Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Grafitepf

 

Etapa 1º

 

Faça o download do rKill e salve em sua Área de Trabalho (Desktop)

 

Clique no rkill.exe com o botão direito do mouse e escolha: execadmin.png e aguarde.

  • Na janela que aparecer clique em OK, será aberto um relatório.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

Atenção1: Se necessário execute o RKill em Modo Seguro.

Atenção2: Não reinicie o computador.

 

Etapa 2º

 

Refaça o procedimento do meu último post com o OTL (c/ script).

 

Poste todos os logs.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

@diego_moicano

log do rkill:

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/20/2016 09:48:42 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity: 

 * TBS [Missing Service]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1       localhost

Program finished at: 11/20/2016 09:55:20 PM
Execution time: 0 hours(s), 6 minute(s), and 38 seconds(s)
 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×