Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Marcio Handerson

Supeita de malware dentro chrome ações estranhas

Recommended Posts

O meu navegador Chrome esta abrindo automaticamente sites e o ESET Smart acusa como malicioso.

 

Tentei abrir um tópico no sábado, segue o logs dos testes que gerei e o print da tela se puderem me ajudar agradeço.

 

ZA-Scan V1.0.0.5 Updated 30-09-2015
Tool run by Marcio on 17/05/2017 at 21:34:02,56.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Marcio\Desktop\1 - ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\scpbrad\scpbradserv.exe
C:\Program Files (x86)\scpbrad\scpbradguard.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Users\Marcio\Desktop\1 - ZA-Scan.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Marcio\AppData\Local\Temp\ZAScan.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [DbxSvc] - DbxSvc - c:\windows\system32\dbxsvc.exe
R2 - [GREGService] - GREGService - c:\program files (x86)\acer\registration\gregsvc.exe
R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
R2 - [mfevtp] - McAfee Validation Trust Protection Service - c:\windows\system32\mfevtps.exe
R2 - [NOBU] - Norton Online Backup - c:\program files (x86)\symantec\norton online backup\nobuagent.exe
R2 - [scpbradserv] - Componente de Segurança Bradesco - c:\program files (x86)\scpbrad\scpbradserv.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe
R3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [dbupdate] - Serviço Atualização do Dropbox (dbupdate) - c:\program files (x86)\dropbox\update\dropboxupdate.exe
S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [dbupdatem] - Serviço Atualização do Dropbox (dbupdatem) - c:\program files (x86)\dropbox\update\dropboxupdate.exe
S3 - [DsiWMIService] - Dritek WMI Service - c:\program files (x86)\launch manager\dsiwmis.exe
S3 - [EgisTec Ticket Service] - EgisTec Ticket Service - c:\program files (x86)\common files\egistec\services\egisticketservice.exe
S3 - [ePowerSvc] - ePower Service - c:\program files\acer\acer epower management\epowersvc.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [GamesAppService] - GamesAppService - c:\program files (x86)\wildtangent games\app\gamesappservice.exe
S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Live Updater Service] - Live Updater Service - c:\program files\acer\acer updater\updaterservice.exe
S3 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [TurboBoost] - Intel(R) Turbo Boost Technology Monitor 2.0 - c:\program files\intel\turboboost\turboboost.exe
S3 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
R0 - [edevmon] - edevmon - C:\Windows\system32\Drivers\edevmon.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mfehidk] - McAfee Inc. mfehidk - C:\Windows\system32\Drivers\mfehidk.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [SmartDefragDriver] - SmartDefragDriver - C:\Windows\system32\Drivers\SmartDefragDriver.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"Dolby Advanced Audio v2"="C:\Dolby PCEE4\pcee4.exe -autostart"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Deskjet 3050 J610 series (NET)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Deskjet 3050 J610 series (NET)"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\HP\\HP Deskjet 3050 J610 series\\Bin\\ScanToPCActivationApp.exe\" -deviceID \"CN13P3B1W105HX:NW\" -scfn \"HP Deskjet 3050 J610 series
(NET)\" -AutoStart 1"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Marcio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitorar
alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk]
"item"="Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede)"
"path"="C:\\Users\\Marcio\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk"
"backup"="C:\\Windows\\pss\\Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Windows\\system32\\RunDll32.exe"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [08/03/2017 20:10]
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [08/03/2017 20:10]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/04/2015 13:50]
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d090fa377ab796.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/04/2015 13:50]
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0be756769bc21.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/04/2015 13:50]
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0e2b44ad79d16.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/04/2015 13:50]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d090fa37b3d89c.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/04/2015 13:50]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0be7567d17eaa.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/04/2015 13:50]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0e2b44b274404.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/04/2015 13:50]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0f18943ecc0cf.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/04/2015 13:50]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d12cf6980b849c.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/04/2015 13:50]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASC8_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe]
"C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"]
"C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"]
"C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d090fa377ab796" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d0be756769bc21" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d0e2b44ad79d16" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d12cf697c616e6" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d090fa37b3d89c" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d0be7567d17eaa" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d0e2b44b274404" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d0f18943ecc0cf" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d12cf6980b849c" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d15e0b283ce9ba" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"]
"C:\Windows\SysNative\tasks\{A74C5CDF-F131-49A1-B818-217C00BE9DD4}" [C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HP Deskjet 3050 J610 series.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\fax6zyz9.default
user_pref("browser.startup.homepage", "about:home");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\fax6zyz9.default
32534FFE70905DD87DDAAF7437897560    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll -    Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fabhkdeopjkcpkmofliimbjckmocfiom - No path found[]

Photo Zoom for Facebook - Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi
Flix Plus by Lifehacker - Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla
Unseen - Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop
Video Downloader GetThemAll - Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm
videospeed - Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk
Downloads - Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi
TZWebChartWindow - Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmdhbmdklokcmpmcegmbfehjencmbeab
Chrome Media Router - Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

==== HijackThis Entries ======================

C:\Users\Marcio\Desktop\1 - ZA-Scan.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

==== EOF on 17/05/2017 at 21:37:46,95 ======================
 

 

runcheck.txt

ZA-Scan.txt

Editado por Marcio Handerson
Log do ZA-Scan atualizado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Marcio Handerson

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

# AdwCleaner v6.047 - Relatório criado 25/05/2017 às 09:00:58
# Atualizado em 19/05/2017 por Malwarebytes
# Banco de dados : 2017-05-23.1 [Local]
# Sistema operacional : Windows 7 Home Basic Service Pack 1 (X64)
# Usuário : Marcio - MARCIO-PC
# Executando de : C:\Users\Marcio\Desktop\1 - adwcleaner_6.047.exe
# Modo: Limpo
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

***** [ Pastas ] *****

[-] Pasta excluída:C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop


***** [ Arquivos ] *****

[-] Arquivo excluído:C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iicapmagmhahddefgokbabbgieiogjop_0.localstorage
[-] Arquivo excluído:C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iicapmagmhahddefgokbabbgieiogjop_0.localstorage-journal


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Atividades agendadas ] *****

***** [ Registro ] *****

***** [ Verificando navegadores ... ] *****

[-] [C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:snapseed.softonic.com.br
[-] [C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:iasplus.com
[-] [C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:br.ask.com
[-] [C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:ask.com
[-] [C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:start.facemoods.com
[-] [C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:netflix.com
[-] [C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:isearch.avg.com
[-] [C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:receita.fazenda.gov.br
[-] [C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminado:iicapmagmhahddefgokbabbgieiogjop


*************************

:: Políticas do IE excluídas
:: Políticas do Chrome excluídas

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2385 Bytes] - [25/05/2017 09:00:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [2973 Bytes] - [25/05/2017 08:53:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [3043 Bytes] - [25/05/2017 09:00:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2604 Bytes] ##########
 

AdwCleaner[C0].txt

AdwCleaner[S0].txt

AdwCleaner[S1].txt

adicionado 48 minutos depois

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Basic x64 
Ran by Marcio (Administrator) on 25/05/2017 at  9:07:47,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 8 

Successfully deleted: C:\Users\Marcio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\083RFG7F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marcio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49NZ7H3A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marcio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTQEGKJL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marcio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVMC4WCU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\083RFG7F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49NZ7H3A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTQEGKJL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VVMC4WCU (Temporary Internet Files Folder) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/05/2017 at  9:53:23,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

JRT.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

~ ZHPCleaner v2017.5.12.80 by Nicolas Coolman (2017/05/12)
~ Run by Marcio (Administrator)  (25/05/2017 10:15:12)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Marcio\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Marcio\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (1)
SUPRIMIDO dados: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;<local>;*.local]  =>Hijacker.Proxy


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (1)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (65)
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\%%%3311.tmp    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\%%%6289.tmp    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\%%%9474.tmp    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\%%%A45A.tmp    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\%%%ABCC.tmp    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\%%%B404.tmp    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\%%%CD69.tmp    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\%%%CE09.tmp    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\11223344556677889900112233445566    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\aipflib.log    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\badext.txt    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR1399.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR1691.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR235C.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR2735.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR2B65.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR3F62.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR4089.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR4A4A.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR5257.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR5BFB.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR70CF.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR7D2D.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR80F2.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR875E.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR957E.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR96C6.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR978E.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR9948.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVR9ADC.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVRA479.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVRAD6E.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVRB475.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVRB9DD.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVRC1E7.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVRE65.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVRE736.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVRED6A.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVRF51A.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\CVRF97B.tmp.cvr    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\databases.txt    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\iex64.reg    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\JavaDeployReg.log    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\LManager.log    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\LocalStorage.txt    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\MMDUtl.log    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\modaltrader_20170518201722.log    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\modaltrader_20170518201722_000_ModalTrader.msi.log    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Temp\~DF526B07F923CE78FC.TMP    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage    =>.Superfluous.Atwola
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage-journal    =>.Superfluous.Atwola
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic2.dl.myway.com_0.localstorage    =>.Superfluous.MindSpark
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic2.dl.myway.com_0.localstorage-journal    =>.Superfluous.MindSpark
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic2.dl.tb.ask.com_0.localstorage    =>.Superfluous.MindSpark
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_filmfanatic2.dl.tb.ask.com_0.localstorage-journal    =>.Superfluous.MindSpark
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_motitags.dl.myway.com_0.localstorage    =>.Superfluous.MindSpark
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_motitags.dl.myway.com_0.localstorage-journal    =>.Superfluous.MindSpark
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_motitags.dl.tb.ask.com_0.localstorage    =>.Superfluous.MindSpark
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_motitags.dl.tb.ask.com_0.localstorage-journal    =>.Superfluous.MindSpark
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_notehomepage.dl.tb.ask.com_0.localstorage    =>Toolbar.Ask
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_notehomepage.dl.tb.ask.com_0.localstorage-journal    =>Toolbar.Ask
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_readingfanatic.dl.myway.com_0.localstorage    =>PUP.Optional.SearchSettings
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_readingfanatic.dl.myway.com_0.localstorage-journal    =>PUP.Optional.SearchSettings
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_readingfanatic.dl.tb.ask.com_0.localstorage    =>PUP.Optional.SearchSettings
MOVIDO pasta: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_readingfanatic.dl.tb.ask.com_0.localstorage-journal    =>PUP.Optional.SearchSettings


---\\  Registro ( Chaves, Valores, Dados ) (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Resumo dos elementos encontrados na sua estação de trabalho (6)
https://nicolascoolman.eu/2017/04/03/hijacker-proxy/  =>Hijacker.Proxy
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.Temporary.Empty
https://nicolascoolman.eu/2017/02/04/superfluous-atwola/  =>.Superfluous.Atwola
https://nicolascoolman.eu/2017/01/15/superfluous-mindspark/  =>.Superfluous.MindSpark
https://nicolascoolman.eu/2017/02/28/toolbar-ask/  =>Toolbar.Ask
https://www.nicolascoolman.com/fr/adware-searchsettings/  =>PUP.Optional.SearchSettings


---\\  Dodatkowe oczyszczenie. (31)
~ Chave de registro Tracing Supprimido (28)
~ Remover os relatórios antigos ZHPCleaner. (3)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 1580
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 66


~ End of clean in 00h00mn44s
~====================
ZHPCleaner-[R]-25052017-10_15_56.txt
ZHPCleaner--25052017-10_13_37.txt
 

ZHPCleaner.txt

adicionado 0 minutos depois

@diego_moicano anexei conforme solicitado os relatórios.

 

Obrigado desde já!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Marcio Handerson

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

 

  • Clique duas vezes para executar a ferramenta.
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
  • Anexe o log Addition.txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 24-05-2017
Executado por Marcio (administrador) em MARCIO-PC (28-05-2017 07:05:17)
Executando a partir de C:\Users\Marcio\Desktop
Perfis Carregados: Marcio (Perfis Disponíveis: Marcio)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradserv.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28734456 2017-05-16] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-08-10] (Caixa Economica Federal)
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-12] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-08-10] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{008F778E-442B-4173-90ED-87859B7E07DE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8010445A-E4CD-4809-8243-F77EAF30D091}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2766664585-520136655-3584524175-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-08-10] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-12] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\fax6zyz9.default [2017-05-28]
FF Homepage: Mozilla\Firefox\Profiles\fax6zyz9.default -> about:home
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => não encontrado (a)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => não encontrado (a)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR DefaultSearchURL: Default -> hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://br.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default [2017-05-28]
CHR Extension: (Google Tradutor) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-05-12]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-05-12]
CHR Extension: (Flix Plus by Lifehacker) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2017-05-21]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-05-21]
CHR Extension: (Video Speed Controller) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2017-05-12]
CHR Extension: (Downloads) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi [2017-05-12]
CHR Extension: (TZWebChartWindow) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmdhbmdklokcmpmcegmbfehjencmbeab [2017-05-12]
CHR Extension: (Baixe vídeos Vimeo, Premium) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\phpaiffimemgakmakpcehgbophkbllkf [2017-05-20]
CHR Extension: (Chrome Media Router) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR Profile: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-05-11]
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-08] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-16] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2016-12-14] (ESET)
S3 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-16] (Foxit Software Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-08-10] (GAS Tecnologia)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2017-05-13] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [1995208 2017-04-04] (Scopus Soluções em TI Ltda)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [106768 2017-01-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [49672 2017-01-17] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [77616 2017-01-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [60536 2017-01-17] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [96856 2017-01-17] (ESET)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-08-10] (GAS Tecnologia)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2017-05-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106120 2017-05-13] (McAfee, Inc.)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [242688 2013-12-09] (QUALCOMM Incorporated) [Arquivo não assinado]
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-08-10] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-05-28] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-05-28 07:05 - 2017-05-28 07:07 - 00023055 _____ C:\Users\Marcio\Desktop\FRST.txt
2017-05-28 07:05 - 2017-05-28 07:05 - 00000000 ____D C:\FRST
2017-05-28 07:02 - 2017-05-28 07:03 - 02429952 _____ (Farbar) C:\Users\Marcio\Desktop\FRST64.exe
2017-05-26 18:05 - 2017-05-26 18:06 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-05-26 18:05 - 2017-05-26 18:06 - 00000286 __RSH C:\ProgramData\ntuser.pol
2017-05-26 18:04 - 2017-05-26 18:17 - 00000000 ____D C:\Users\Todos os Usuários\TEMP
2017-05-26 18:04 - 2017-05-26 18:17 - 00000000 ____D C:\ProgramData\TEMP
2017-05-26 18:04 - 2017-05-26 18:06 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-05-26 18:04 - 2017-05-26 18:04 - 00001083 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2017-05-26 18:04 - 2017-05-26 18:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-05-26 18:04 - 2017-05-26 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-05-26 18:04 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2017-05-26 15:50 - 2017-05-26 15:50 - 00034013 _____ C:\ComboFix.txt
2017-05-26 14:11 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2017-05-26 14:11 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2017-05-26 14:11 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-05-26 14:11 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-05-26 14:11 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-05-26 14:11 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2017-05-26 14:11 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2017-05-26 14:11 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2017-05-26 14:09 - 2017-05-26 15:51 - 00000000 ____D C:\Qoobox
2017-05-25 08:49 - 2017-05-26 14:04 - 00000000 ____D C:\AdwCleaner
2017-05-24 18:34 - 2017-05-28 06:57 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-05-24 18:34 - 2017-05-24 18:34 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2017-05-24 18:34 - 2017-05-24 18:34 - 00000000 ___HD C:\Program Files (x86)\Diebold
2017-05-24 18:34 - 2016-06-16 18:43 - 00036984 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
2017-05-24 18:34 - 2016-06-16 18:43 - 00008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
2017-05-24 18:34 - 2016-06-08 18:43 - 00097376 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2017-05-24 18:33 - 2017-05-24 18:33 - 00000000 ____D C:\Program Files\Diebold
2017-05-24 18:32 - 2017-05-28 06:57 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-05-24 18:32 - 2017-05-28 06:57 - 00000000 ____D C:\ProgramData\GbPlugin
2017-05-24 18:32 - 2017-05-28 06:57 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-05-24 18:32 - 2017-05-24 18:32 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2017-05-24 18:32 - 2017-05-24 18:32 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2017-05-22 06:46 - 2017-05-26 08:05 - 00000000 ____D C:\Users\Marcio\AppData\LocalLow\uTorrent
2017-05-21 06:17 - 2017-05-21 06:17 - 00003298 _____ C:\Windows\System32\Tasks\{08BA2DAF-DDC3-4F80-959E-24FB8A4B34D0}
2017-05-20 16:14 - 2017-05-20 16:15 - 03602062 _____ C:\Users\Marcio\Downloads\Antifragil - Nassim Nicholas Taleb.pdf
2017-05-18 20:17 - 2017-05-18 20:17 - 00001138 _____ C:\Users\Marcio\Desktop\modaltrader.lnk
2017-05-18 20:17 - 2017-05-18 20:17 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\modalmais
2017-05-18 20:17 - 2017-05-18 20:17 - 00000000 ____D C:\Users\Marcio\AppData\Local\Package Cache
2017-05-18 20:17 - 2017-05-18 20:17 - 00000000 ____D C:\Users\Marcio\AppData\Local\modaltrader
2017-05-17 21:37 - 2017-05-17 21:37 - 00021238 _____ C:\ZA-Scan.txt
2017-05-17 19:35 - 2017-05-17 19:35 - 00000000 ____D C:\zoek_backup
2017-05-17 18:43 - 2017-05-17 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-16 18:01 - 2017-05-16 18:01 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-05-13 15:34 - 2017-05-28 07:04 - 00000000 ____D C:\Users\Marcio\Desktop\Malware
2017-05-13 15:31 - 2017-05-13 15:31 - 00000000 ____D C:\Windows\ERUNT
2017-05-13 15:24 - 2017-05-13 15:24 - 00000112 ___RH C:\Users\Marcio\Desktop\Stinger.opt
2017-05-13 09:45 - 2017-05-13 09:45 - 00000000 ____D C:\Quarantine
2017-05-13 09:27 - 2017-05-13 09:27 - 00864072 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2017-05-13 09:27 - 2017-05-13 09:27 - 00250672 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2017-05-13 09:27 - 2017-05-13 09:27 - 00106120 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2017-05-13 09:26 - 2017-05-13 15:24 - 00000000 ____D C:\Program Files\stinger
2017-05-13 09:26 - 2017-05-13 09:26 - 00000000 ____D C:\Program Files\McAfee
2017-05-13 07:03 - 2017-05-25 10:15 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\ZHP
2017-05-13 07:03 - 2017-05-25 10:01 - 00000000 ____D C:\Users\Marcio\AppData\Local\ZHP
2017-05-12 19:02 - 2017-05-13 06:42 - 00010907 _____ C:\Users\Marcio\Desktop\CONDOMINIO VALOR.xlsx
2017-05-11 21:18 - 2017-05-11 21:18 - 00000000 ____D C:\Windows\pss
2017-05-11 21:17 - 2017-05-11 21:17 - 00087338 _____ C:\Users\Marcio\Documents\cc_20170511_211751.reg
2017-05-09 21:18 - 2017-04-27 22:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-09 21:18 - 2017-04-27 22:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-09 21:18 - 2017-04-27 22:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-09 21:18 - 2017-04-27 22:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-09 21:18 - 2017-04-27 22:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-09 21:18 - 2017-04-27 22:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-09 21:18 - 2017-04-27 21:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-09 21:18 - 2017-04-27 21:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-09 21:18 - 2017-04-27 21:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-09 21:18 - 2017-04-27 21:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-09 21:18 - 2017-04-27 21:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-09 21:18 - 2017-04-27 21:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-09 21:18 - 2017-04-27 21:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-09 21:18 - 2017-04-27 21:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-09 21:18 - 2017-04-27 21:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-09 21:18 - 2017-04-27 21:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-09 21:18 - 2017-04-27 21:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-09 21:18 - 2017-04-27 21:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-09 21:18 - 2017-04-27 21:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-09 21:18 - 2017-04-27 21:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-09 21:18 - 2017-04-27 21:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-09 21:18 - 2017-04-27 21:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-09 21:18 - 2017-04-27 21:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-09 21:18 - 2017-04-27 21:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-09 21:18 - 2017-04-27 21:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-09 21:18 - 2017-04-26 11:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-09 21:18 - 2017-04-21 12:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-09 21:18 - 2017-04-21 12:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-09 21:18 - 2017-04-19 21:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-09 21:18 - 2017-04-19 20:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-09 21:18 - 2017-04-17 12:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-09 21:18 - 2017-04-17 12:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-09 21:18 - 2017-04-17 12:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-09 21:18 - 2017-04-17 12:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-09 21:18 - 2017-04-17 12:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-09 21:18 - 2017-04-17 12:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-09 21:18 - 2017-04-17 12:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-09 21:18 - 2017-04-17 12:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-09 21:18 - 2017-04-17 11:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-09 21:18 - 2017-04-16 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-09 21:18 - 2017-04-16 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-09 21:18 - 2017-04-16 05:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-09 21:18 - 2017-04-16 05:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-09 21:18 - 2017-04-16 05:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-09 21:18 - 2017-04-16 05:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-09 21:18 - 2017-04-16 05:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-09 21:18 - 2017-04-16 05:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-09 21:18 - 2017-04-16 05:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-09 21:18 - 2017-04-16 05:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-09 21:18 - 2017-04-16 05:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-09 21:18 - 2017-04-16 05:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-09 21:18 - 2017-04-16 05:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-09 21:18 - 2017-04-16 05:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-09 21:18 - 2017-04-16 05:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-09 21:18 - 2017-04-16 05:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-09 21:18 - 2017-04-16 05:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-09 21:18 - 2017-04-16 05:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-09 21:18 - 2017-04-16 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-09 21:18 - 2017-04-16 05:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-09 21:18 - 2017-04-16 05:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-09 21:18 - 2017-04-16 05:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-09 21:18 - 2017-04-16 05:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-09 21:18 - 2017-04-16 05:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-09 21:18 - 2017-04-16 05:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-09 21:18 - 2017-04-16 05:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-09 21:18 - 2017-04-16 05:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-09 21:18 - 2017-04-16 05:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-09 21:18 - 2017-04-16 05:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-09 21:18 - 2017-04-16 05:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-09 21:18 - 2017-04-16 05:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-09 21:18 - 2017-04-16 04:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-09 21:18 - 2017-04-16 04:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-09 21:18 - 2017-04-16 04:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-09 21:18 - 2017-04-16 04:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-09 21:18 - 2017-04-16 04:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-09 21:18 - 2017-04-16 04:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-09 21:18 - 2017-04-16 04:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-09 21:18 - 2017-04-16 04:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-09 21:18 - 2017-04-16 04:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-09 21:18 - 2017-04-16 04:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-09 21:18 - 2017-04-16 04:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-09 21:18 - 2017-04-16 04:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-09 21:18 - 2017-04-16 04:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-09 21:18 - 2017-04-16 04:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-09 21:18 - 2017-04-16 04:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-09 21:18 - 2017-04-16 04:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-09 21:18 - 2017-04-16 04:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-09 21:18 - 2017-04-16 04:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-09 21:18 - 2017-04-16 04:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-09 21:18 - 2017-04-16 04:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-09 21:18 - 2017-04-16 04:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-09 21:18 - 2017-04-16 04:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-09 21:18 - 2017-04-16 04:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-09 21:18 - 2017-04-16 04:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-09 21:18 - 2017-04-16 04:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-09 21:18 - 2017-04-16 04:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-09 21:18 - 2017-04-16 04:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-09 21:18 - 2017-04-16 04:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-09 21:18 - 2017-04-16 04:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-09 21:18 - 2017-04-16 03:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-09 21:18 - 2017-04-16 03:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-09 21:18 - 2017-04-16 03:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-09 21:18 - 2017-04-16 03:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-09 21:18 - 2017-04-16 03:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-09 21:18 - 2017-04-16 03:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-09 21:18 - 2017-04-12 12:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-09 21:18 - 2017-04-12 12:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-09 21:18 - 2017-04-12 12:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-09 21:18 - 2017-04-12 12:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-09 21:18 - 2017-04-12 12:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-09 21:18 - 2017-04-12 12:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-09 21:18 - 2017-04-12 12:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-09 21:18 - 2017-04-12 12:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-09 21:18 - 2017-04-07 12:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-09 21:18 - 2017-04-07 12:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-09 21:18 - 2017-04-07 12:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-09 21:18 - 2017-04-07 12:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-09 21:18 - 2017-04-07 12:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-09 21:18 - 2017-04-05 11:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-09 21:18 - 2017-04-05 11:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-09 21:18 - 2017-04-05 11:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-09 21:18 - 2017-04-04 12:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-09 21:18 - 2017-04-04 12:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-09 21:18 - 2017-04-04 12:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-09 21:18 - 2017-04-04 11:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-09 21:18 - 2017-04-04 11:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-09 21:18 - 2017-03-10 13:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-09 21:18 - 2017-03-10 13:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-09 21:18 - 2017-03-10 13:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-09 21:18 - 2017-03-10 13:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-09 21:18 - 2017-03-10 12:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-09 21:18 - 2017-03-10 12:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-09 21:18 - 2017-03-10 12:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-09 21:18 - 2017-03-09 13:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-09 21:18 - 2017-03-09 13:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-05 19:09 - 2017-05-05 19:10 - 00000000 ___RD C:\Users\Marcio\Dropbox
2017-04-29 15:43 - 2017-05-17 19:37 - 00000626 _____ C:\Users\Marcio\Desktop\TIMBETA.txt
2017-04-29 14:09 - 2017-04-29 14:09 - 00000000 ____D C:\Users\Todos os Usuários\ESET
2017-04-29 14:09 - 2017-04-29 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-04-29 14:09 - 2017-04-29 14:09 - 00000000 ____D C:\ProgramData\ESET
2017-04-29 14:09 - 2017-04-29 14:09 - 00000000 ____D C:\Program Files\ESET
2017-04-25 12:47 - 2017-04-25 12:47 - 00000000 ____D C:\Users\Marcio\Desktop\Poster
2017-04-25 11:03 - 2017-04-25 11:03 - 00000768 _____ C:\Users\Marcio\Desktop\Corretagem 2014 - Mirae - Atalho.lnk
2017-04-17 14:15 - 2017-04-17 14:16 - 02579728 _____ C:\Users\Marcio\Downloads\Guia de Modelagem 4T16 PORT (Valores)_site.xlsx
2017-04-12 20:45 - 2017-03-22 12:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 20:45 - 2017-03-22 12:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 20:45 - 2017-03-22 12:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 20:45 - 2017-03-22 12:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 20:45 - 2017-03-22 12:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 20:45 - 2017-03-22 12:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 20:45 - 2017-03-22 12:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 20:45 - 2017-03-22 12:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 20:45 - 2017-03-22 12:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 20:45 - 2017-03-22 12:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 20:45 - 2017-03-22 12:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 20:45 - 2017-03-22 12:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 20:45 - 2017-03-22 12:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 20:45 - 2017-03-22 12:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 20:45 - 2017-03-22 12:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 20:45 - 2017-03-22 12:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 20:45 - 2017-03-10 13:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 20:45 - 2017-03-10 13:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 20:45 - 2017-03-10 13:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 20:45 - 2017-03-10 13:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 20:45 - 2017-03-10 13:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 20:45 - 2017-03-10 13:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 20:45 - 2017-03-10 13:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 20:45 - 2017-03-10 13:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 20:45 - 2017-03-10 13:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 20:45 - 2017-03-10 12:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 20:45 - 2017-03-07 13:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 20:45 - 2017-03-07 13:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 20:45 - 2017-03-03 22:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 20:45 - 2017-03-03 22:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 20:45 - 2017-03-03 22:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 20:45 - 2017-03-03 22:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 20:45 - 2017-02-14 13:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 20:45 - 2017-02-14 13:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 20:45 - 2017-02-09 13:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 20:45 - 2017-02-09 13:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 20:45 - 2017-02-09 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 20:45 - 2017-01-18 12:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-11 21:54 - 2017-04-11 21:55 - 157445255 _____ C:\Users\Marcio\Downloads\Webinar - Ferramentas e filosofias operacionais para daytrade 480p.mp4
2017-04-09 12:35 - 2017-04-16 09:30 - 00000000 ____D C:\Users\Marcio\Desktop\71 - 02.04.2017 (Sport)
2017-04-01 20:50 - 2017-04-01 20:50 - 00004550 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-30 07:58 - 2017-03-30 07:58 - 00003188 _____ C:\Windows\System32\Tasks\{F6277D72-0254-43B5-9BB2-6F8583B04EE8}
2017-03-26 20:33 - 2017-03-26 20:33 - 00028344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-03-26 20:33 - 2017-03-26 20:33 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2017-03-26 20:33 - 2017-03-26 20:33 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-03-26 20:33 - 2017-03-26 20:33 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2017-03-26 20:29 - 2017-03-26 20:29 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-03-26 20:29 - 2017-03-26 20:29 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2017-03-26 20:29 - 2017-03-26 20:29 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-03-26 20:29 - 2017-03-26 20:29 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
2017-03-26 06:04 - 2017-03-26 06:04 - 00000000 ____D C:\Users\Marcio\Tracing
2017-03-26 06:04 - 2017-03-26 06:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-22 20:42 - 2017-03-22 20:46 - 50066626 _____ C:\Users\Marcio\Downloads\WS.PDFelement.5.12.1.1603.Portable.rar
2017-03-22 20:28 - 2017-03-22 20:33 - 238710724 _____ C:\Users\Marcio\Downloads\Webinar - Como traçar Extensões e Retrações de  Fibonacci 480p.mp4
2017-03-22 07:07 - 2017-03-22 07:07 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-22 07:07 - 2017-03-22 07:07 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-22 07:07 - 2017-03-22 07:07 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-03-21 10:50 - 2017-03-21 10:51 - 00000000 ____D C:\Users\Marcio\Desktop\TIM Problema ETIENE
2017-03-15 20:52 - 2017-03-15 20:55 - 246002128 _____ C:\Users\Marcio\Downloads\Webinar - Como utilizar Ondas de Elliott 480p.mp4
2017-03-14 20:59 - 2017-02-10 13:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-14 20:59 - 2017-02-10 13:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-14 20:59 - 2017-02-10 11:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-14 20:59 - 2017-02-09 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-14 20:59 - 2017-02-09 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-14 20:59 - 2017-02-06 13:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 20:59 - 2017-01-13 15:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-14 20:59 - 2017-01-11 15:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-14 20:59 - 2017-01-11 14:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-14 20:58 - 2017-02-09 13:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-14 20:58 - 2017-02-09 13:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-14 20:58 - 2017-02-09 13:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-14 20:58 - 2017-02-09 13:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-14 20:58 - 2017-02-09 13:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-14 20:58 - 2017-02-09 12:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-14 20:58 - 2017-01-13 15:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-14 20:58 - 2017-01-13 14:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-14 20:58 - 2017-01-13 14:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-14 20:58 - 2017-01-11 15:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-14 20:58 - 2017-01-11 14:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-14 20:52 - 2017-02-22 20:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-14 20:52 - 2017-02-22 20:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-14 20:52 - 2017-02-18 11:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-14 20:52 - 2017-02-18 11:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-14 20:52 - 2016-12-31 12:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-14 20:52 - 2016-12-31 12:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-14 20:52 - 2016-12-31 12:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-14 20:52 - 2016-12-31 12:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-14 20:52 - 2016-12-31 12:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-13 11:35 - 2017-03-13 11:35 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\TeamViewer
2017-03-13 09:46 - 2017-05-12 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-13 09:46 - 2017-05-12 20:01 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-03-13 09:40 - 2017-05-11 21:13 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017
2017-03-13 09:40 - 2017-03-13 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017
2017-03-08 21:34 - 2017-03-08 21:34 - 00000911 _____ C:\Users\Marcio\Desktop\- Mestrado Contabeis - 2017 - Atalho.lnk
2017-03-08 20:11 - 2017-03-08 20:16 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Dropbox
2017-03-08 20:10 - 2017-05-28 06:56 - 00001016 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-08 20:10 - 2017-05-27 21:15 - 00001020 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-08 20:10 - 2017-05-18 19:23 - 00000000 ____D C:\Users\Marcio\AppData\Local\Dropbox
2017-03-08 20:10 - 2017-05-17 18:44 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-08 20:10 - 2017-03-08 20:10 - 00004016 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-03-08 20:10 - 2017-03-08 20:10 - 00003764 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-03-08 20:10 - 2017-03-08 20:10 - 00000000 ____D C:\Users\Todos os Usuários\Dropbox
2017-03-08 20:10 - 2017-03-08 20:10 - 00000000 ____D C:\ProgramData\Dropbox
2017-03-01 08:46 - 2017-03-01 08:50 - 00010433 _____ C:\Users\Marcio\Desktop\Acompanhamento Peso e Massa.xlsx

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-05-28 07:07 - 2009-07-14 01:45 - 00022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-28 07:07 - 2009-07-14 01:45 - 00022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-28 06:57 - 2011-12-11 10:42 - 00000000 ____D C:\Users\Todos os Usuários\clear.fi
2017-05-28 06:57 - 2011-12-11 10:42 - 00000000 ____D C:\ProgramData\clear.fi
2017-05-28 06:56 - 2015-08-29 20:41 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2b44ad79d16.job
2017-05-28 06:56 - 2015-07-14 17:41 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0be756769bc21.job
2017-05-28 06:56 - 2015-05-17 20:35 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090fa377ab796.job
2017-05-28 06:56 - 2015-04-29 13:50 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-05-28 06:56 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-27 21:48 - 2015-12-02 08:42 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12cf6980b849c.job
2017-05-27 21:47 - 2015-09-17 17:41 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f18943ecc0cf.job
2017-05-27 21:46 - 2015-08-29 20:41 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e2b44b274404.job
2017-05-27 21:46 - 2015-07-14 17:41 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0be7567d17eaa.job
2017-05-27 21:46 - 2015-05-17 20:35 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090fa37b3d89c.job
2017-05-27 21:40 - 2015-04-29 13:50 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-05-27 08:50 - 2012-08-25 17:18 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\vlc
2017-05-26 20:02 - 2012-06-07 18:11 - 00000000 ____D C:\Users\Marcio\Downloads\Torrent Downloads
2017-05-26 15:30 - 2009-07-13 23:34 - 00000215 _____ C:\Windows\system.ini
2017-05-26 08:05 - 2012-06-07 18:09 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\uTorrent
2017-05-25 06:05 - 2011-12-10 23:40 - 00088920 _____ C:\Users\Marcio\AppData\Local\GDIPFONTCACHEV1.DAT
2017-05-25 06:05 - 2009-07-14 01:45 - 00341064 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-24 18:36 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-05-23 22:24 - 2013-09-08 10:30 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 22:20 - 2012-02-04 19:07 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-23 08:47 - 2011-10-26 18:14 - 00710146 _____ C:\Windows\system32\prfh0416.dat
2017-05-23 08:47 - 2011-10-26 18:14 - 00151794 _____ C:\Windows\system32\prfc0416.dat
2017-05-23 08:47 - 2009-07-14 02:13 - 01652682 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-21 10:39 - 2014-12-19 09:01 - 00028012 _____ C:\Users\Marcio\Desktop\RACHA GVT.xlsx
2017-05-21 06:20 - 2011-08-22 01:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-18 21:36 - 2016-12-05 20:50 - 00000000 ____D C:\Users\Marcio\AppData\LocalLow\Mozilla
2017-05-16 20:29 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-14 04:24 - 2014-12-11 08:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-13 17:52 - 2016-12-04 12:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-13 15:38 - 2015-08-07 07:45 - 00000000 ____D C:\Users\Marcio\Downloads\Curriculo - Márcio
2017-05-13 15:35 - 2015-02-03 20:59 - 00000000 ____D C:\Users\Marcio\Desktop\Condominio
2017-05-13 15:33 - 2011-08-22 01:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-13 09:17 - 2015-07-15 11:10 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2017-05-13 09:17 - 2015-07-15 11:10 - 00000000 ____D C:\ProgramData\IObit
2017-05-12 20:02 - 2014-10-18 08:15 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-11 21:14 - 2012-03-10 13:37 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2017-05-11 19:37 - 2015-04-29 13:53 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 08:21 - 2017-02-26 05:10 - 00000000 ____D C:\LinhaDefensiva
2017-05-10 05:29 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-09 23:07 - 2014-03-21 20:48 - 01617956 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-09 22:54 - 2012-02-04 19:44 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-05-09 16:37 - 2012-02-04 19:44 - 00000000 ____D C:\Users\Marcio\AppData\Local\Microsoft Help
2017-05-09 14:39 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-06 12:25 - 2014-10-08 18:59 - 00000000 ____D C:\Users\Marcio\AppData\Local\CutePDF Writer
2017-05-05 19:13 - 2011-12-10 23:40 - 00000000 ____D C:\Users\Marcio
2017-04-29 12:00 - 2016-02-02 19:43 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d15e0b283ce9ba
2017-04-29 12:00 - 2015-12-02 08:42 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d12cf697c616e6

==================== Arquivos na raiz de alguns diretórios =======

2017-05-18 20:18 - 2017-05-18 20:18 - 0000000 ____H () C:\Users\Marcio\AppData\Local\AppUpdate.log
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 ____H () C:\Users\Marcio\AppData\Local\BIT710D.tmp
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 ____H () C:\Users\Marcio\AppData\Local\BIT71AA.tmp
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 ____H () C:\Users\Marcio\AppData\Local\BIT7237.tmp
2015-02-10 16:10 - 2015-07-29 06:11 - 0007640 _____ () C:\Users\Marcio\AppData\Local\Resmon.ResmonCfg
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 _____ () C:\Users\Marcio\AppData\Local\{491CC074-0BDD-4B8D-B86C-DAF6F9D4AAB2}
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 _____ () C:\Users\Marcio\AppData\Local\{B8A1E03B-A318-4A29-889B-6803826F94F9}
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 _____ () C:\Users\Marcio\AppData\Local\{C040E248-AC0D-4AF3-AF4C-AC8B60B8E9E8}
2012-12-19 23:20 - 2012-12-19 23:20 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-10-26 12:46 - 2011-10-26 12:48 - 0015224 _____ () C:\ProgramData\ArcadeDeluxe5.log

Alguns arquivos em TEMP:
====================
2017-05-27 09:58 - 2014-07-01 10:20 - 11719232 _____ (Foxit Corporation) C:\Users\Marcio\AppData\Local\Temp\Foxit Reader Updater.exe
2017-05-26 20:05 - 2017-05-26 20:05 - 30950664 _____ () C:\Users\Marcio\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2017-05-24 19:19

==================== Fim de FRST.txt ============================

FRST.txt

adicionado 0 minutos depois

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 24-05-2017
Executado por Marcio (28-05-2017 07:09:11)
Executando a partir de C:\Users\Marcio\Desktop
Windows 7 Home Basic Service Pack 1 (X64) (2011-12-11 02:39:59)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-2766664585-520136655-3584524175-500 - Administrator - Disabled)
Convidado (S-1-5-21-2766664585-520136655-3584524175-501 - Limited - Disabled)
Marcio (S-1-5-21-2766664585-520136655-3584524175-1000 - Administrator - Enabled) => C:\Users\Marcio

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Firewall pessoal da ESET (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Componente de Segurança Bradesco (HKLM-x32\...\scpbrad) (Version: 1.0.0 - Bradesco (Departamento de segurança Corporativa))
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 26.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
ESET Smart Security (HKLM\...\{E6FCE1BD-5FF4-4662-BD8A-59DA42D1F1E3}) (Version: 10.0.390.0 - ESET, spol. s r.o.)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.6.36.116 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Software básico do dispositivo (HKLM\...\{E6E28DE7-446E-4E27-BE37-4B6D925A385B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2013) (Version: 1.0 - Receita Federal do Brasil)
IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2014) (Version: 1.0 - Receita Federal do Brasil)
IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.0 - Receita Federal do Brasil)
IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2016) (Version: 1.1 - Receita Federal do Brasil)
IRPF2017 (HKLM-x32\...\IRPF2017) (Version: 1.1 - Receita Federal do Brasil)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
modaltrader (HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\{d564c39a-15ae-44ec-a207-8bffc9adbbdf}) (Version: 1.0.6277.17502 - modalmais)
modaltrader (x32 Version: 1.0.6277.17502 - modalmais) Hidden
Mozilla Firefox 53.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 pt-BR)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
NextUp-ScanSoft Raquel Brazilian Portuguese Voice (HKLM-x32\...\{5FAFC823-5E8C-40FB-8238-F2C536B2FB11}) (Version: 4.0.0 - NextUp.com)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Software de dispositivo do Chipset Intel® (x32 Version: 10.0.26 - Intel(R) Corporation) Hidden
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TZWebChart Chrome Compat versão 1.0 (HKLM-x32\...\{11B4A1FB-2794-4E0E-B96D-8E8611FED667}_is1) (Version: 1.0 - Tradezone - IT Evolution)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Warsaw 1.13.0.525 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.13.0.525 - GAS Tecnologia)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
ZD Soft Screen Recorder 4.1.3.0 (HKLM-x32\...\ZD Soft Screen Recorder) (Version: 4.1.3.0 - ZD Soft)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {04634239-A4E5-49E0-AD9D-9DD13FD443F8} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f18943ecc0cf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {09D14090-C809-4FC8-90E6-28825E1E7CD2} - System32\Tasks\GoogleUpdateTaskMachineUA1d0be7567d17eaa => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {2A718665-C195-4692-9B6D-D1F18C619E5A} - System32\Tasks\{8C95140B-D16F-4380-869D-7045B6457735} => pcalua.exe -a "C:\Users\Marcio\Desktop\ug30d\All MTK USB Driverv.9.2.PDanet.Adb 2015\Android WinADBUSB\installer\InstallADBDriver.exe" -d "C:\Users\Marcio\Desktop\ug30d\All MTK USB Driverv.9.2.PDanet.Adb 2015\Android WinADBUSB\installer"
Task: {3DADE325-51A7-4B6F-9C87-B6D38678B18D} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {52E0C135-3451-45CB-B31B-2494A1D66E65} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {56A9BDC3-4797-4163-B7C4-9281E3BABAD7} - System32\Tasks\GoogleUpdateTaskMachineUA1d090fa37b3d89c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {60E2B8F9-4D94-4215-B9FF-A3D2052C85F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-01] (Adobe Systems Incorporated)
Task: {63FCE471-F1BD-4689-8A29-9F5FCD485530} - System32\Tasks\{2AD3B5FA-0867-4305-85C7-87BF58D20FF1} => pcalua.exe -a "E:\Imposto de Renda\PROG IR 2015\IRPF2015.exe" -d "E:\Imposto de Renda\PROG IR 2015"
Task: {6868D3E5-9D1C-4DF7-A511-77A3BF87D3C1} - System32\Tasks\GoogleUpdateTaskMachineCore1d12cf697c616e6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {92C778D0-A0FC-4F69-ACEB-520D20BD67C0} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e2b44ad79d16 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {9378FDC7-BECB-408B-A21A-983CECB504FD} - System32\Tasks\GoogleUpdateTaskMachineUA1d15e0b283ce9ba => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {9AB483C1-9AD4-4CB4-91DE-A74C58FFE39F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {A7D565C6-1490-4A86-B8FD-22854D604B78} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-04-01] (Adobe Systems Incorporated)
Task: {AC9CB033-695E-4B47-A4A7-76BC047A4A3D} - System32\Tasks\GoogleUpdateTaskMachineUA1d12cf6980b849c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {B666226D-D990-4E21-86E9-CD5FA5FCAAF0} - System32\Tasks\{08BA2DAF-DDC3-4F80-959E-24FB8A4B34D0} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
Task: {BB809616-895A-4FFF-A35B-852343462FF2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-08] (Dropbox, Inc.)
Task: {C61BB702-CB56-4D27-8C4A-305577F1E573} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-08] (Dropbox, Inc.)
Task: {CE42DD44-E84B-4A0A-8BC3-A8E0EC964448} - System32\Tasks\{D25A2FDC-354F-435B-9296-0E1F0ED0A393} => pcalua.exe -a "C:\Users\Marcio\Desktop\All MTK USB Driver 2014\All MTK USB Driver 2014\All MTK Drivers\FeaturePhoneDriver\v1.1032.1\InstallDriver.exe" -d "C:\Users\Marcio\Desktop\All MTK USB Driver 2014\All MTK USB Driver 2014\All MTK Drivers\FeaturePhoneDriver\v1.1032.1"
Task: {D178833F-3655-424D-BEA3-7A9A353CB718} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe 
Task: {D8FD40D1-A424-4B72-80BA-3A754DECF7D2} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {E37E631B-AF53-46AE-B7D8-AD7C1B792C3E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e2b44b274404 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {EE5AE1DE-567F-4825-AEA4-DD6FD80704F5} - System32\Tasks\{BD8EE84B-885D-4065-A3C3-0DB8F42AF58A} => pcalua.exe -a C:\Users\Marcio\Downloads\dotnetfx35.exe -d C:\Users\Marcio\Downloads
Task: {EF4BB98F-A1F3-41F7-BDEC-21B46AFD7E76} - System32\Tasks\GoogleUpdateTaskMachineCore1d0be756769bc21 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {F1CF992C-1EAD-4527-83E6-0CFD0CCC9A06} - System32\Tasks\GoogleUpdateTaskMachineCore1d090fa377ab796 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {F64BB11C-309D-4266-BFC4-CC81332F986E} - System32\Tasks\{A74C5CDF-F131-49A1-B818-217C00BE9DD4} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HP Deskjet 3050 J610 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F7FA5464-5C18-418B-8542-946AADF4A62A} - System32\Tasks\{F6277D72-0254-43B5-9BB2-6F8583B04EE8} => pcalua.exe -a "C:\Arquivos de Programas RFB\LEAO2017\LEAO2017.exe" -d "C:\Arquivos de Programas RFB\LEAO2017"
Task: {FC71B5DA-7ED9-4B1F-8760-71372F96CC91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090fa377ab796.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0be756769bc21.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2b44ad79d16.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090fa37b3d89c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0be7567d17eaa.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e2b44b274404.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f18943ecc0cf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12cf6980b849c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2014-10-08 18:54 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2009-01-21 20:45 - 2009-01-21 20:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-08-22 01:53 - 2011-06-10 14:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-24 17:03 - 2011-08-24 17:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2011-04-23 22:29 - 2011-04-23 22:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2017-05-17 18:42 - 2017-05-16 17:55 - 00871744 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-05-17 18:42 - 2017-05-16 17:55 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-05-17 18:43 - 2017-04-25 21:38 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-05-17 18:43 - 2017-04-25 21:38 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-05-17 18:43 - 2017-04-25 21:38 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-05-17 18:43 - 2017-05-16 18:00 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-05-17 18:43 - 2017-04-25 21:39 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-05-17 18:43 - 2017-04-25 21:38 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-05-17 18:42 - 2017-04-25 21:38 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-05-17 18:42 - 2017-04-25 21:39 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-05-17 18:42 - 2017-04-25 21:38 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-05-17 18:43 - 2017-04-25 21:40 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-05-17 18:43 - 2017-05-16 18:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-05-17 18:42 - 2017-04-25 21:38 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-05-17 18:42 - 2017-04-25 21:40 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-05-17 18:43 - 2017-05-16 18:00 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-05-17 18:43 - 2017-05-16 18:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-17 18:43 - 2017-05-16 18:01 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-05-17 18:43 - 2017-05-16 18:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-05-17 18:43 - 2017-04-25 21:39 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-05-17 18:43 - 2017-05-16 18:01 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-05-17 18:43 - 2017-05-16 18:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-05-17 18:43 - 2017-05-16 18:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-05-17 18:43 - 2017-05-16 18:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-05-17 18:43 - 2017-05-16 18:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-05-17 18:43 - 2017-04-25 21:40 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-05-17 18:43 - 2017-05-16 18:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-05-17 18:42 - 2017-04-25 21:34 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-05-17 18:42 - 2017-05-16 18:00 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-05-17 18:43 - 2017-05-16 18:01 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-05-17 18:42 - 2017-04-25 21:43 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-05-17 18:42 - 2017-04-25 21:43 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-05-17 18:43 - 2017-05-16 18:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-05-17 18:43 - 2017-05-16 18:01 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-05-17 18:42 - 2017-05-16 18:00 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-05-10 06:13 - 2017-05-10 06:13 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\913ed07a8752e6647c1a3dd74be009dd\IsdiInterop.ni.dll
2011-08-22 01:13 - 2011-04-30 04:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:0E4A860B_Cef.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2166]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:5C321E34 [125]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\1001movie.com -> 1001movie.com

Existem ainda 6127 sites a mais.


==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-13 23:34 - 2017-05-11 09:20 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-2766664585-520136655-3584524175-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

MSCONFIG\startupfolder: C:^Users^Marcio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk => C:\Windows\pss\Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk.Startup
MSCONFIG\startupreg: HP Deskjet 3050 J610 series (NET) => "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN13P3B1W105HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{D7E727BD-214B-49AA-AD55-A7A4AD28F28D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F9C4F27A-6C35-4265-8224-00AE030C3A1F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B6E6D0B1-6C1C-4CCE-85AD-5D5F89E80293}] => (Allow) LPort=2869
FirewallRules: [{68FB00F1-95A8-4141-A34E-BDDFB58A29B5}] => (Allow) LPort=1900
FirewallRules: [{73B80DF3-958A-46D0-A3F3-F1EC249A26C8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{70DC368E-4BDF-4496-AAC0-AFE5238CE556}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{83178053-31C9-4BD0-BC61-3B97FE3B60BD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{E8DA2D0A-8165-4C2F-8A6D-0BAD4F19D6AD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{826CB48C-4845-441E-AF13-47DEBD922899}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{51E9A904-5B72-44C3-A7C1-88D4946B94FD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{7A2A71ED-04F8-4228-9549-E5711DC88D39}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{E8DD1378-11D2-431F-A635-9FF879FF57D8}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{1264AD5F-D2DD-454B-A838-86DAA5B885D3}] => (Allow) C:\Users\Marcio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FCA9E611-920B-4908-9C01-E0E58846270F}] => (Allow) C:\Users\Marcio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0C5CEC4A-9B58-448A-9518-90711E83F8C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAD9C3E0-FB2C-4C62-8ABB-B2DC2B97CDF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CD51DDD-D832-414B-919E-C179A90F108A}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{A8663170-CB8D-4E3B-9ECD-E09FB3657F38}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{56E22939-1078-4C83-9235-C39D5C83E2EF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C27E98F2-3813-4B79-B307-7EA02D0B76F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2CBE9F83-DBF9-4CE1-A762-2E790E79C802}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F2D52289-733D-4C82-BD3B-B3A12E2CB3EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CDAB80B9-90FA-4811-9EDB-59C1EFF6C614}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{A7FF1DC1-1055-4D5D-83CF-8A23F8561F8C}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe

==================== Pontos de Restauração =========================

23-05-2017 22:19:19 Windows Update
24-05-2017 18:35:41 Instalação de Pacote de Driver de Dispositivo: Diebold Network Monitor Serviço de Rede
25-05-2017 09:07:55 JRT Pre-Junkware Removal
26-05-2017 16:02:22 JRT Pre-Junkware Removal

==================== Dispositivos Apresentando Falhas No Gerenciador =============

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (05/28/2017 06:58:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/27/2017 08:36:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/26/2017 05:59:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/26/2017 02:07:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/26/2017 01:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/26/2017 01:45:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/26/2017 06:57:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/25/2017 06:19:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/25/2017 09:04:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/25/2017 08:49:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Erros de Sistema:
=============
Error: (05/28/2017 06:57:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/28/2017 06:57:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/28/2017 06:57:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/28/2017 06:57:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/28/2017 06:57:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/28/2017 06:57:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: 
gbpddfac
gbpddreg

Error: (05/27/2017 09:58:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: O servidor {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} não se registrou com o DCOM dentro do tempo limite requerido.

Error: (05/27/2017 08:35:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/27/2017 08:35:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/27/2017 08:35:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.


CodeIntegrity:
===================================
  Date: 2017-05-11 09:19:05.103
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-11 09:19:04.932
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-11 09:19:04.682
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-11 09:19:04.510
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-23 11:37:30.243
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-23 11:37:30.133
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-19 13:11:18.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\AV\ESET Smart Security 6.0\upgrade.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 06:57:30.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\AV\ESET Smart Security 6.0\upgrade.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-23 17:38:37.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-23 17:38:37.766
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentagem de memória em uso: 43%
RAM física total: 3947.86 MB
RAM física disponível: 2221.63 MB
Virtual Total: 7893.9 MB
Virtual disponível: 6197.3 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:187.43 GB) (Free:32.89 GB) NTFS
Drive e: () (Fixed) (Total:390.64 GB) (Free:144.58 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: A971498C)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=187.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=390.6 GB) - (Type=OF Extended)

==================== Fim de Addition.txt ============================

Addition.txt

adicionado 2 minutos depois

@diego_moicano é para mandar executar a correção?

 

Eu fiz como falasse mandei somente rodar o teste.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Marcio Handerson

 

Agora sim... isso, somente faça o que é pedido. ;)

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o arquivo (fixlist.txt) no anexo deste post e salve-o na Área de Trabalho (Desktop).

Execute o FRST.exe (ou FRST64.exe) e clique no botão Corrigir.

Aguarde... ao final será gerado o log Fixlog.txt  salvo em sua Área de Trabalho (Desktop).

Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

fixlist.txt

Editado por diego_moicano

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

@diego_moicano Segue o log conforme solicitado .... limpou a configuração do meu Chrome .... posso instalar os plugins novamente?

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 24-05-2017
Executado por Marcio (29-05-2017 21:48:09) Run:1
Executando a partir de C:\Users\Marcio\Desktop
Perfis Carregados: Marcio (Perfis Disponíveis: Marcio)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> Nenhum Arquivo
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2766664585-520136655-3584524175-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSuggestURL: Default -> hxxps://br.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 ____H () C:\Users\Marcio\AppData\Local\BIT710D.tmp
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 ____H () C:\Users\Marcio\AppData\Local\BIT71AA.tmp
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 ____H () C:\Users\Marcio\AppData\Local\BIT7237.tmp
2017-05-27 09:58 - 2014-07-01 10:20 - 11719232 _____ (Foxit Corporation) C:\Users\Marcio\AppData\Local\Temp\Foxit Reader Updater.exe
2017-05-26 20:05 - 2017-05-26 20:05 - 30950664 _____ () C:\Users\Marcio\AppData\Local\Temp\vlc-2.2.6-win32.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:5C321E34 [125]
CMD:ipconfig /flushdns
EmptyTemp:

*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock => chave removido (a) com sucesso.
HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => chave não encontrado (a). 
C:\Windows\system32\GroupPolicy\Machine => movido com sucesso
C:\Windows\system32\GroupPolicy\GPT.ini => movido com sucesso
HKLM\SOFTWARE\Policies\Google => chave removido (a) com sucesso.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => chave removido (a) com sucesso.
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave removido (a) com sucesso.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a). 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a). 
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
CHR DefaultProfile: Default => Erro: Nenhuma correção automática foi encontrada para esta entrada.
Chrome DefaultSearchURL => removido (a) com sucesso.
Chrome DefaultSuggestURL => removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\catchme => chave removido (a) com sucesso.
catchme => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\dbx => chave removido (a) com sucesso.
dbx => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\gbpddfac => chave removido (a) com sucesso.
gbpddfac => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\gbpddreg => chave removido (a) com sucesso.
gbpddreg => serviço removido (a) com sucesso.
C:\Users\Marcio\AppData\Local\BIT710D.tmp => movido com sucesso
C:\Users\Marcio\AppData\Local\BIT71AA.tmp => movido com sucesso
C:\Users\Marcio\AppData\Local\BIT7237.tmp => movido com sucesso
C:\Users\Marcio\AppData\Local\Temp\Foxit Reader Updater.exe => movido com sucesso
C:\Users\Marcio\AppData\Local\Temp\vlc-2.2.6-win32.exe => movido com sucesso
C:\ProgramData\TEMP => ":5C321E34" ADS removido (a) com sucesso..
"C:\Users\Todos os Usuários\TEMP" => ":5C321E34" ADS não encontrado (a).

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50044199 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 4991148 B
Edge => 0 B
Chrome => 844053598 B
Firefox => 60960021 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 115106 B
systemprofile32 => 98849 B
LocalService => 0 B
NetworkService => 10626 B
Marcio => 10432424 B

RecycleBin => 12437306 B
EmptyTemp: => 945.6 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 21:50:09 ====

Fixlog.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Marcio Handerson

 

Pode sim! :)

 

Baixe a Malwarebytes Anti-Malware (MBAM).
 
Clique duas vezes no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
  • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Segue @diego_moicano

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 31/05/17
Hora da análise: 06:56
Arquivo de registro: Malwarebits LOG.txt
Administrador: Sim

-Informação do software-
Versão: 3.1.2.1733
Versão de componentes: 1.0.122
Versão do pacote de definições: 1.0.2057
Licença: Versão de avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Marcio-PC\Marcio

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 353697
Ameaças detectadas: 3
Ameaças em quarentena: 3
Tempo decorrido: 43 min, 13 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 3
RiskWare.Tool.CK, C:\USERS\MARCIO\DOWNLOADS\MINI-KMS_ACTIVATOR_V1.31_OFFICE2010_VL.RAR, Quarentena, [272], [299001],1.0.2057
Trojan.MalPack.Krunchy, C:\USERS\MARCIO\DESKTOP\ATALHOS PROGS\PORTABLE\PARTITION WIZARD PROFESSIONAL EDITION 9.0 PORTABLE\KEYGEN-SND.ZIP, Quarentena, [3091], [83935],1.0.2057
Trojan.MalPack.Krunchy, C:\USERS\MARCIO\DESKTOP\ATALHOS PROGS\PORTABLE\PARTITION WIZARD PROFESSIONAL EDITION 9.0 PORTABLE\KEYGEN.EXE, Quarentena, [3091], [83935],1.0.2057

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

Malwarebits LOG.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

@diego_moicano FRST

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 24-05-2017
Executado por Marcio (administrador) em MARCIO-PC (31-05-2017 19:43:45)
Executando a partir de C:\Users\Marcio\Desktop
Perfis Carregados: Marcio (Perfis Disponíveis: Marcio)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradserv.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Farbar) C:\Users\Marcio\Desktop\5 - FRST64.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [29246632 2017-05-30] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-08-10] (Caixa Economica Federal)
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-12] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-08-10] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{008F778E-442B-4173-90ED-87859B7E07DE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8010445A-E4CD-4809-8243-F77EAF30D091}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2766664585-520136655-3584524175-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2766664585-520136655-3584524175-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2766664585-520136655-3584524175-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-08-10] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-12] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\fax6zyz9.default [2017-05-31]
FF Homepage: Mozilla\Firefox\Profiles\fax6zyz9.default -> about:home
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => não encontrado (a)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => não encontrado (a)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2008-04-28] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2017-05-31] <==== ATENÇÃO (Aponta para arquivo *.cfg)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\warsaw.cfg [2017-05-31] <==== ATENÇÃO

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR DefaultSearchURL: Default -> hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://br.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default [2017-05-31]
CHR Extension: (Google Tradutor) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-05-29]
CHR Extension: (MEGA) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-05-29]
CHR Extension: (Gerenciador de favoritos) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\biojdgbkkgmnfijfpdppmlomdapfpcnl [2017-05-29]
CHR Extension: (Tampermonkey) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-29]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-05-29]
CHR Extension: (Flix Plus by Lifehacker) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2017-05-29]
CHR Extension: (Marvel Comics) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2017-05-29]
CHR Extension: (Unseen) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2017-05-29]
CHR Extension: (Downloads) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2017-05-29]
CHR Extension: (Downloads) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbalphdbabbndjidpoacmfgjaniipcj [2017-05-29]
CHR Extension: (Google Play Books) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-05-29]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-05-29]
CHR Extension: (Video Speed Controller) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2017-05-29]
CHR Extension: (TZWebChartWindow) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmdhbmdklokcmpmcegmbfehjencmbeab [2017-05-29]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-29]
CHR Extension: (Chrome Media Router) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-29]
CHR Profile: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-05-29]
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-08] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-30] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2016-12-14] (ESET)
S3 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-16] (Foxit Software Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-08-10] (GAS Tecnologia)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2017-05-13] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [1995208 2017-04-04] (Scopus Soluções em TI Ltda)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [106768 2017-01-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [49672 2017-01-17] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [77616 2017-01-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [60536 2017-01-17] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [96856 2017-01-17] (ESET)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-08-10] (GAS Tecnologia)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2017-05-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106120 2017-05-13] (McAfee, Inc.)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [242688 2013-12-09] (QUALCOMM Incorporated) [Arquivo não assinado]
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-08-10] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-05-31] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-05-31 19:43 - 2017-05-31 19:48 - 00023345 _____ C:\Users\Marcio\Desktop\FRST.txt
2017-05-31 19:26 - 2017-05-28 07:03 - 02429952 _____ (Farbar) C:\Users\Marcio\Desktop\5 - FRST64.exe
2017-05-31 19:15 - 2017-05-31 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-31 14:28 - 2017-05-31 14:28 - 00478028 _____ C:\Users\Marcio\Downloads\MARLUCE BENEVIDES.pdf
2017-05-31 14:28 - 2017-05-31 14:28 - 00477770 _____ C:\Users\Marcio\Downloads\JOSE ADELMO.pdf
2017-05-31 14:27 - 2017-05-31 14:27 - 00085274 _____ C:\Users\Marcio\Downloads\MARCIO HANDERSON BENEVIDES DE FREITAS.pdf
2017-05-30 08:10 - 2017-05-30 08:10 - 00000000 ____D C:\Users\Todos os Usuários\SafeNet Sentinel
2017-05-30 08:10 - 2017-05-30 08:10 - 00000000 ____D C:\Users\Marcio\AppData\Local\IBM
2017-05-30 08:10 - 2017-05-30 08:10 - 00000000 ____D C:\ProgramData\SafeNet Sentinel
2017-05-30 08:09 - 2017-05-30 08:09 - 00000000 ____D C:\Users\Todos os Usuários\SPSS
2017-05-30 08:09 - 2017-05-30 08:09 - 00000000 ____D C:\ProgramData\SPSS
2017-05-30 08:09 - 2017-05-30 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2017-05-30 08:08 - 2017-05-30 08:08 - 00000000 ____D C:\Program Files\Common Files\IBM
2017-05-30 08:06 - 2017-05-30 08:06 - 00000000 ____D C:\Program Files\IBM
2017-05-30 08:05 - 2017-05-30 08:05 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.tgz
2017-05-30 08:05 - 2017-05-30 08:05 - 00001025 _____ C:\Windows\SysWOW64\sysprs7.dll
2017-05-30 08:05 - 2017-05-30 08:05 - 00000219 _____ C:\Windows\SysWOW64\lsprst7.tgz
2017-05-30 08:05 - 2017-05-30 08:05 - 00000205 _____ C:\Windows\SysWOW64\lsprst7.dll
2017-05-30 08:05 - 2017-05-30 08:05 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm
2017-05-30 07:22 - 2017-05-30 07:22 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-05-29 22:00 - 2017-05-29 22:00 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Google
2017-05-28 13:29 - 2017-05-28 13:29 - 00002794 _____ C:\Users\Marcio\Downloads\ss_favorites_20170528.m3u
2017-05-28 07:05 - 2017-05-31 19:43 - 00000000 ____D C:\FRST
2017-05-26 18:05 - 2017-05-29 21:53 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-05-26 18:05 - 2017-05-29 21:53 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-05-26 18:04 - 2017-05-29 21:48 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-05-26 18:04 - 2017-05-26 18:17 - 00000000 ____D C:\Users\Todos os Usuários\TEMP
2017-05-26 18:04 - 2017-05-26 18:17 - 00000000 ____D C:\ProgramData\TEMP
2017-05-26 18:04 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2017-05-26 15:50 - 2017-05-26 15:50 - 00034013 _____ C:\ComboFix.txt
2017-05-26 14:11 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2017-05-26 14:11 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2017-05-26 14:11 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-05-26 14:11 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-05-26 14:11 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-05-26 14:11 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2017-05-26 14:11 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2017-05-26 14:11 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2017-05-26 14:09 - 2017-05-26 15:51 - 00000000 ____D C:\Qoobox
2017-05-25 08:49 - 2017-05-26 14:04 - 00000000 ____D C:\AdwCleaner
2017-05-24 18:34 - 2017-05-31 19:42 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-05-24 18:34 - 2017-05-24 18:34 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2017-05-24 18:34 - 2017-05-24 18:34 - 00000000 ___HD C:\Program Files (x86)\Diebold
2017-05-24 18:34 - 2016-06-16 18:43 - 00036984 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
2017-05-24 18:34 - 2016-06-16 18:43 - 00008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
2017-05-24 18:34 - 2016-06-08 18:43 - 00097376 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2017-05-24 18:33 - 2017-05-24 18:33 - 00000000 ____D C:\Program Files\Diebold
2017-05-24 18:32 - 2017-05-31 19:42 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-05-24 18:32 - 2017-05-31 19:42 - 00000000 ____D C:\ProgramData\GbPlugin
2017-05-24 18:32 - 2017-05-31 19:42 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-05-24 18:32 - 2017-05-24 18:32 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2017-05-24 18:32 - 2017-05-24 18:32 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2017-05-22 06:46 - 2017-05-26 08:05 - 00000000 ____D C:\Users\Marcio\AppData\LocalLow\uTorrent
2017-05-21 06:17 - 2017-05-21 06:17 - 00003298 _____ C:\Windows\System32\Tasks\{08BA2DAF-DDC3-4F80-959E-24FB8A4B34D0}
2017-05-20 16:14 - 2017-05-20 16:15 - 03602062 _____ C:\Users\Marcio\Downloads\Antifragil - Nassim Nicholas Taleb.pdf
2017-05-18 20:17 - 2017-05-18 20:17 - 00001138 _____ C:\Users\Marcio\Desktop\modaltrader.lnk
2017-05-18 20:17 - 2017-05-18 20:17 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\modalmais
2017-05-18 20:17 - 2017-05-18 20:17 - 00000000 ____D C:\Users\Marcio\AppData\Local\Package Cache
2017-05-18 20:17 - 2017-05-18 20:17 - 00000000 ____D C:\Users\Marcio\AppData\Local\modaltrader
2017-05-17 21:37 - 2017-05-17 21:37 - 00021238 _____ C:\ZA-Scan.txt
2017-05-17 19:35 - 2017-05-17 19:35 - 00000000 ____D C:\zoek_backup
2017-05-13 15:34 - 2017-05-28 07:39 - 00000000 ____D C:\Users\Marcio\Desktop\Malware
2017-05-13 15:31 - 2017-05-13 15:31 - 00000000 ____D C:\Windows\ERUNT
2017-05-13 15:24 - 2017-05-13 15:24 - 00000112 ___RH C:\Users\Marcio\Desktop\Stinger.opt
2017-05-13 09:45 - 2017-05-13 09:45 - 00000000 ____D C:\Quarantine
2017-05-13 09:27 - 2017-05-13 09:27 - 00864072 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2017-05-13 09:27 - 2017-05-13 09:27 - 00250672 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2017-05-13 09:27 - 2017-05-13 09:27 - 00106120 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2017-05-13 09:26 - 2017-05-13 15:24 - 00000000 ____D C:\Program Files\stinger
2017-05-13 09:26 - 2017-05-13 09:26 - 00000000 ____D C:\Program Files\McAfee
2017-05-13 07:03 - 2017-05-25 10:15 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\ZHP
2017-05-13 07:03 - 2017-05-25 10:01 - 00000000 ____D C:\Users\Marcio\AppData\Local\ZHP
2017-05-12 19:02 - 2017-05-13 06:42 - 00010907 _____ C:\Users\Marcio\Desktop\CONDOMINIO VALOR.xlsx
2017-05-11 21:18 - 2017-05-11 21:18 - 00000000 ____D C:\Windows\pss
2017-05-11 21:17 - 2017-05-11 21:17 - 00087338 _____ C:\Users\Marcio\Documents\cc_20170511_211751.reg
2017-05-09 21:18 - 2017-04-27 22:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-09 21:18 - 2017-04-27 22:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-09 21:18 - 2017-04-27 22:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-09 21:18 - 2017-04-27 22:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-09 21:18 - 2017-04-27 22:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-09 21:18 - 2017-04-27 22:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-09 21:18 - 2017-04-27 22:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 22:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-09 21:18 - 2017-04-27 21:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-09 21:18 - 2017-04-27 21:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-09 21:18 - 2017-04-27 21:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-09 21:18 - 2017-04-27 21:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-09 21:18 - 2017-04-27 21:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-09 21:18 - 2017-04-27 21:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-09 21:18 - 2017-04-27 21:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-09 21:18 - 2017-04-27 21:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-09 21:18 - 2017-04-27 21:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-09 21:18 - 2017-04-27 21:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-09 21:18 - 2017-04-27 21:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-09 21:18 - 2017-04-27 21:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-09 21:18 - 2017-04-27 21:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-09 21:18 - 2017-04-27 21:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-09 21:18 - 2017-04-27 21:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-09 21:18 - 2017-04-27 21:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-09 21:18 - 2017-04-27 21:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-09 21:18 - 2017-04-27 21:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-09 21:18 - 2017-04-27 21:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-09 21:18 - 2017-04-27 21:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-09 21:18 - 2017-04-26 11:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-09 21:18 - 2017-04-21 12:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-09 21:18 - 2017-04-21 12:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-09 21:18 - 2017-04-19 21:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-09 21:18 - 2017-04-19 20:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-09 21:18 - 2017-04-17 12:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-09 21:18 - 2017-04-17 12:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-09 21:18 - 2017-04-17 12:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-09 21:18 - 2017-04-17 12:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-09 21:18 - 2017-04-17 12:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-09 21:18 - 2017-04-17 12:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-09 21:18 - 2017-04-17 12:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-09 21:18 - 2017-04-17 12:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-09 21:18 - 2017-04-17 11:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-09 21:18 - 2017-04-16 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-09 21:18 - 2017-04-16 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-09 21:18 - 2017-04-16 05:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-09 21:18 - 2017-04-16 05:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-09 21:18 - 2017-04-16 05:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-09 21:18 - 2017-04-16 05:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-09 21:18 - 2017-04-16 05:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-09 21:18 - 2017-04-16 05:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-09 21:18 - 2017-04-16 05:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-09 21:18 - 2017-04-16 05:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-09 21:18 - 2017-04-16 05:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-09 21:18 - 2017-04-16 05:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-09 21:18 - 2017-04-16 05:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-09 21:18 - 2017-04-16 05:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-09 21:18 - 2017-04-16 05:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-09 21:18 - 2017-04-16 05:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-09 21:18 - 2017-04-16 05:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-09 21:18 - 2017-04-16 05:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-09 21:18 - 2017-04-16 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-09 21:18 - 2017-04-16 05:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-09 21:18 - 2017-04-16 05:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-09 21:18 - 2017-04-16 05:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-09 21:18 - 2017-04-16 05:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-09 21:18 - 2017-04-16 05:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-09 21:18 - 2017-04-16 05:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-09 21:18 - 2017-04-16 05:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-09 21:18 - 2017-04-16 05:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-09 21:18 - 2017-04-16 05:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-09 21:18 - 2017-04-16 05:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-09 21:18 - 2017-04-16 05:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-09 21:18 - 2017-04-16 05:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-09 21:18 - 2017-04-16 04:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-09 21:18 - 2017-04-16 04:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-09 21:18 - 2017-04-16 04:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-09 21:18 - 2017-04-16 04:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-09 21:18 - 2017-04-16 04:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-09 21:18 - 2017-04-16 04:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-09 21:18 - 2017-04-16 04:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-09 21:18 - 2017-04-16 04:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-09 21:18 - 2017-04-16 04:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-09 21:18 - 2017-04-16 04:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-09 21:18 - 2017-04-16 04:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-09 21:18 - 2017-04-16 04:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-09 21:18 - 2017-04-16 04:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-09 21:18 - 2017-04-16 04:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-09 21:18 - 2017-04-16 04:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-09 21:18 - 2017-04-16 04:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-09 21:18 - 2017-04-16 04:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-09 21:18 - 2017-04-16 04:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-09 21:18 - 2017-04-16 04:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-09 21:18 - 2017-04-16 04:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-09 21:18 - 2017-04-16 04:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-09 21:18 - 2017-04-16 04:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-09 21:18 - 2017-04-16 04:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-09 21:18 - 2017-04-16 04:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-09 21:18 - 2017-04-16 04:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-09 21:18 - 2017-04-16 04:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-09 21:18 - 2017-04-16 04:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-09 21:18 - 2017-04-16 04:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-09 21:18 - 2017-04-16 04:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-09 21:18 - 2017-04-16 03:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-09 21:18 - 2017-04-16 03:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-09 21:18 - 2017-04-16 03:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-09 21:18 - 2017-04-16 03:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-09 21:18 - 2017-04-16 03:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-09 21:18 - 2017-04-16 03:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-09 21:18 - 2017-04-12 12:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-09 21:18 - 2017-04-12 12:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-09 21:18 - 2017-04-12 12:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-09 21:18 - 2017-04-12 12:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-09 21:18 - 2017-04-12 12:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-09 21:18 - 2017-04-12 12:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-09 21:18 - 2017-04-12 12:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-09 21:18 - 2017-04-12 12:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-09 21:18 - 2017-04-07 12:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-09 21:18 - 2017-04-07 12:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-09 21:18 - 2017-04-07 12:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-09 21:18 - 2017-04-07 12:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-09 21:18 - 2017-04-07 12:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-09 21:18 - 2017-04-05 11:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-09 21:18 - 2017-04-05 11:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-09 21:18 - 2017-04-05 11:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-09 21:18 - 2017-04-04 12:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-09 21:18 - 2017-04-04 12:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-09 21:18 - 2017-04-04 12:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-09 21:18 - 2017-04-04 11:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-09 21:18 - 2017-04-04 11:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-09 21:18 - 2017-03-10 13:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-09 21:18 - 2017-03-10 13:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-09 21:18 - 2017-03-10 13:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-09 21:18 - 2017-03-10 13:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-09 21:18 - 2017-03-10 12:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-09 21:18 - 2017-03-10 12:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-09 21:18 - 2017-03-10 12:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-09 21:18 - 2017-03-09 13:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-09 21:18 - 2017-03-09 13:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-05 19:09 - 2017-05-05 19:10 - 00000000 ___RD C:\Users\Marcio\Dropbox

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-05-31 19:48 - 2015-12-02 08:42 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12cf6980b849c.job
2017-05-31 19:47 - 2015-09-17 17:41 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f18943ecc0cf.job
2017-05-31 19:46 - 2015-08-29 20:41 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e2b44b274404.job
2017-05-31 19:46 - 2015-07-14 17:41 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0be7567d17eaa.job
2017-05-31 19:46 - 2015-05-17 20:35 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090fa37b3d89c.job
2017-05-31 19:42 - 2017-03-08 20:10 - 00001016 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-05-31 19:42 - 2015-08-29 20:41 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2b44ad79d16.job
2017-05-31 19:42 - 2015-07-14 17:41 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0be756769bc21.job
2017-05-31 19:42 - 2015-05-17 20:35 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090fa377ab796.job
2017-05-31 19:42 - 2015-04-29 13:50 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-05-31 19:42 - 2011-12-11 10:42 - 00000000 ____D C:\Users\Todos os Usuários\clear.fi
2017-05-31 19:42 - 2011-12-11 10:42 - 00000000 ____D C:\ProgramData\clear.fi
2017-05-31 19:41 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-31 19:40 - 2015-04-29 13:50 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-05-31 19:17 - 2009-07-14 01:45 - 00022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-31 19:17 - 2009-07-14 01:45 - 00022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-31 19:16 - 2017-03-08 20:10 - 00000000 ____D C:\Users\Marcio\AppData\Local\Dropbox
2017-05-31 19:15 - 2017-03-08 20:10 - 00001020 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-05-31 19:15 - 2017-03-08 20:10 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-05-31 10:03 - 2012-08-25 17:18 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\vlc
2017-05-30 14:31 - 2011-10-26 18:14 - 00710146 _____ C:\Windows\system32\prfh0416.dat
2017-05-30 14:31 - 2011-10-26 18:14 - 00151794 _____ C:\Windows\system32\prfc0416.dat
2017-05-30 14:31 - 2009-07-14 02:13 - 01652682 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-30 14:31 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-05-30 14:19 - 2016-12-04 12:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-26 20:02 - 2012-06-07 18:11 - 00000000 ____D C:\Users\Marcio\Downloads\Torrent Downloads
2017-05-26 15:30 - 2009-07-13 23:34 - 00000215 _____ C:\Windows\system.ini
2017-05-26 08:05 - 2012-06-07 18:09 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\uTorrent
2017-05-25 06:05 - 2011-12-10 23:40 - 00088920 _____ C:\Users\Marcio\AppData\Local\GDIPFONTCACHEV1.DAT
2017-05-25 06:05 - 2009-07-14 01:45 - 00341064 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-23 22:24 - 2013-09-08 10:30 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 22:20 - 2012-02-04 19:07 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-21 10:39 - 2014-12-19 09:01 - 00028012 _____ C:\Users\Marcio\Desktop\RACHA GVT.xlsx
2017-05-21 06:20 - 2011-08-22 01:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-18 21:36 - 2016-12-05 20:50 - 00000000 ____D C:\Users\Marcio\AppData\LocalLow\Mozilla
2017-05-17 19:37 - 2017-04-29 15:43 - 00000626 _____ C:\Users\Marcio\Desktop\TIMBETA.txt
2017-05-16 20:29 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-14 04:24 - 2014-12-11 08:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-13 15:38 - 2015-08-07 07:45 - 00000000 ____D C:\Users\Marcio\Downloads\Curriculo - Márcio
2017-05-13 15:35 - 2015-02-03 20:59 - 00000000 ____D C:\Users\Marcio\Desktop\Condominio
2017-05-13 15:33 - 2011-08-22 01:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-13 09:17 - 2015-07-15 11:10 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2017-05-13 09:17 - 2015-07-15 11:10 - 00000000 ____D C:\ProgramData\IObit
2017-05-12 20:02 - 2017-03-13 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-12 20:02 - 2014-10-18 08:15 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-12 20:01 - 2017-03-13 09:46 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-05-11 21:14 - 2012-03-10 13:37 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2017-05-11 21:13 - 2017-03-13 09:40 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017
2017-05-11 19:37 - 2015-04-29 13:53 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 08:21 - 2017-02-26 05:10 - 00000000 ____D C:\LinhaDefensiva
2017-05-10 05:29 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-09 23:07 - 2014-03-21 20:48 - 01617956 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-09 22:54 - 2012-02-04 19:44 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-05-09 16:37 - 2012-02-04 19:44 - 00000000 ____D C:\Users\Marcio\AppData\Local\Microsoft Help
2017-05-09 14:39 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-06 12:25 - 2014-10-08 18:59 - 00000000 ____D C:\Users\Marcio\AppData\Local\CutePDF Writer
2017-05-05 19:13 - 2011-12-10 23:40 - 00000000 ____D C:\Users\Marcio

==================== Arquivos na raiz de alguns diretórios =======

2017-05-18 20:18 - 2017-05-18 20:18 - 0000000 ____H () C:\Users\Marcio\AppData\Local\AppUpdate.log
2015-02-10 16:10 - 2015-07-29 06:11 - 0007640 _____ () C:\Users\Marcio\AppData\Local\Resmon.ResmonCfg
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 _____ () C:\Users\Marcio\AppData\Local\{491CC074-0BDD-4B8D-B86C-DAF6F9D4AAB2}
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 _____ () C:\Users\Marcio\AppData\Local\{B8A1E03B-A318-4A29-889B-6803826F94F9}
2015-07-24 12:42 - 2015-07-24 12:42 - 0000000 _____ () C:\Users\Marcio\AppData\Local\{C040E248-AC0D-4AF3-AF4C-AC8B60B8E9E8}
2012-12-19 23:20 - 2012-12-19 23:20 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-10-26 12:46 - 2011-10-26 12:48 - 0015224 _____ () C:\ProgramData\ArcadeDeluxe5.log

Alguns arquivos em TEMP:
====================
2017-05-30 13:52 - 2014-07-01 10:20 - 11719232 _____ (Foxit Corporation) C:\Users\Marcio\AppData\Local\Temp\Foxit Reader Updater.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2017-05-24 19:19

==================== Fim de FRST.txt ============================

FRST.txt

adicionado 1 minuto depois

@diego_moicano  Addition.

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 24-05-2017
Executado por Marcio (31-05-2017 19:50:44)
Executando a partir de C:\Users\Marcio\Desktop
Windows 7 Home Basic Service Pack 1 (X64) (2011-12-11 02:39:59)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-2766664585-520136655-3584524175-500 - Administrator - Disabled)
Convidado (S-1-5-21-2766664585-520136655-3584524175-501 - Limited - Disabled)
Marcio (S-1-5-21-2766664585-520136655-3584524175-1000 - Administrator - Enabled) => C:\Users\Marcio

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Firewall pessoal da ESET (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Componente de Segurança Bradesco (HKLM-x32\...\scpbrad) (Version: 1.0.0 - Bradesco (Departamento de segurança Corporativa))
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 27.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
ESET Smart Security (HKLM\...\{E6FCE1BD-5FF4-4662-BD8A-59DA42D1F1E3}) (Version: 10.0.390.0 - ESET, spol. s r.o.)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.6.36.116 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Software básico do dispositivo (HKLM\...\{E6E28DE7-446E-4E27-BE37-4B6D925A385B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2013) (Version: 1.0 - Receita Federal do Brasil)
IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2014) (Version: 1.0 - Receita Federal do Brasil)
IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.0 - Receita Federal do Brasil)
IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2016) (Version: 1.1 - Receita Federal do Brasil)
IRPF2017 (HKLM-x32\...\IRPF2017) (Version: 1.1 - Receita Federal do Brasil)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
modaltrader (HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\{d564c39a-15ae-44ec-a207-8bffc9adbbdf}) (Version: 1.0.6277.17502 - modalmais)
modaltrader (x32 Version: 1.0.6277.17502 - modalmais) Hidden
Mozilla Firefox 53.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 pt-BR)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
NextUp-ScanSoft Raquel Brazilian Portuguese Voice (HKLM-x32\...\{5FAFC823-5E8C-40FB-8238-F2C536B2FB11}) (Version: 4.0.0 - NextUp.com)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Real Alternative 1.8.0 (HKLM-x32\...\RealAlt_is1) (Version: 1.8.0 - )
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Software de dispositivo do Chipset Intel® (x32 Version: 10.0.26 - Intel(R) Corporation) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TZWebChart Chrome Compat versão 1.0 (HKLM-x32\...\{11B4A1FB-2794-4E0E-B96D-8E8611FED667}_is1) (Version: 1.0 - Tradezone - IT Evolution)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Warsaw 1.13.0.525 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.13.0.525 - GAS Tecnologia)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
ZD Soft Screen Recorder 4.1.3.0 (HKLM-x32\...\ZD Soft Screen Recorder) (Version: 4.1.3.0 - ZD Soft)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {04634239-A4E5-49E0-AD9D-9DD13FD443F8} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f18943ecc0cf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {09D14090-C809-4FC8-90E6-28825E1E7CD2} - System32\Tasks\GoogleUpdateTaskMachineUA1d0be7567d17eaa => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {2A718665-C195-4692-9B6D-D1F18C619E5A} - System32\Tasks\{8C95140B-D16F-4380-869D-7045B6457735} => pcalua.exe -a "C:\Users\Marcio\Desktop\ug30d\All MTK USB Driverv.9.2.PDanet.Adb 2015\Android WinADBUSB\installer\InstallADBDriver.exe" -d "C:\Users\Marcio\Desktop\ug30d\All MTK USB Driverv.9.2.PDanet.Adb 2015\Android WinADBUSB\installer"
Task: {3DADE325-51A7-4B6F-9C87-B6D38678B18D} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {52E0C135-3451-45CB-B31B-2494A1D66E65} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {56A9BDC3-4797-4163-B7C4-9281E3BABAD7} - System32\Tasks\GoogleUpdateTaskMachineUA1d090fa37b3d89c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {60E2B8F9-4D94-4215-B9FF-A3D2052C85F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-01] (Adobe Systems Incorporated)
Task: {63FCE471-F1BD-4689-8A29-9F5FCD485530} - System32\Tasks\{2AD3B5FA-0867-4305-85C7-87BF58D20FF1} => pcalua.exe -a "E:\Imposto de Renda\PROG IR 2015\IRPF2015.exe" -d "E:\Imposto de Renda\PROG IR 2015"
Task: {6868D3E5-9D1C-4DF7-A511-77A3BF87D3C1} - System32\Tasks\GoogleUpdateTaskMachineCore1d12cf697c616e6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {92C778D0-A0FC-4F69-ACEB-520D20BD67C0} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e2b44ad79d16 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {9378FDC7-BECB-408B-A21A-983CECB504FD} - System32\Tasks\GoogleUpdateTaskMachineUA1d15e0b283ce9ba => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {9AB483C1-9AD4-4CB4-91DE-A74C58FFE39F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {A7D565C6-1490-4A86-B8FD-22854D604B78} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-04-01] (Adobe Systems Incorporated)
Task: {AC9CB033-695E-4B47-A4A7-76BC047A4A3D} - System32\Tasks\GoogleUpdateTaskMachineUA1d12cf6980b849c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {B666226D-D990-4E21-86E9-CD5FA5FCAAF0} - System32\Tasks\{08BA2DAF-DDC3-4F80-959E-24FB8A4B34D0} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
Task: {BB809616-895A-4FFF-A35B-852343462FF2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-08] (Dropbox, Inc.)
Task: {C61BB702-CB56-4D27-8C4A-305577F1E573} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-08] (Dropbox, Inc.)
Task: {CE42DD44-E84B-4A0A-8BC3-A8E0EC964448} - System32\Tasks\{D25A2FDC-354F-435B-9296-0E1F0ED0A393} => pcalua.exe -a "C:\Users\Marcio\Desktop\All MTK USB Driver 2014\All MTK USB Driver 2014\All MTK Drivers\FeaturePhoneDriver\v1.1032.1\InstallDriver.exe" -d "C:\Users\Marcio\Desktop\All MTK USB Driver 2014\All MTK USB Driver 2014\All MTK Drivers\FeaturePhoneDriver\v1.1032.1"
Task: {D178833F-3655-424D-BEA3-7A9A353CB718} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe 
Task: {D8FD40D1-A424-4B72-80BA-3A754DECF7D2} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {E37E631B-AF53-46AE-B7D8-AD7C1B792C3E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e2b44b274404 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {EE5AE1DE-567F-4825-AEA4-DD6FD80704F5} - System32\Tasks\{BD8EE84B-885D-4065-A3C3-0DB8F42AF58A} => pcalua.exe -a C:\Users\Marcio\Downloads\dotnetfx35.exe -d C:\Users\Marcio\Downloads
Task: {EF4BB98F-A1F3-41F7-BDEC-21B46AFD7E76} - System32\Tasks\GoogleUpdateTaskMachineCore1d0be756769bc21 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {F1CF992C-1EAD-4527-83E6-0CFD0CCC9A06} - System32\Tasks\GoogleUpdateTaskMachineCore1d090fa377ab796 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)
Task: {F64BB11C-309D-4266-BFC4-CC81332F986E} - System32\Tasks\{A74C5CDF-F131-49A1-B818-217C00BE9DD4} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HP Deskjet 3050 J610 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F7FA5464-5C18-418B-8542-946AADF4A62A} - System32\Tasks\{F6277D72-0254-43B5-9BB2-6F8583B04EE8} => pcalua.exe -a "C:\Arquivos de Programas RFB\LEAO2017\LEAO2017.exe" -d "C:\Arquivos de Programas RFB\LEAO2017"
Task: {FC71B5DA-7ED9-4B1F-8760-71372F96CC91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d090fa377ab796.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0be756769bc21.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2b44ad79d16.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090fa37b3d89c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0be7567d17eaa.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e2b44b274404.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f18943ecc0cf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12cf6980b849c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2014-10-08 18:54 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2009-01-21 20:45 - 2009-01-21 20:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-08-22 01:53 - 2011-06-10 14:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-24 17:03 - 2011-08-24 17:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2011-04-23 22:29 - 2011-04-23 22:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2017-05-31 19:14 - 2017-05-30 07:19 - 00775488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-05-31 19:14 - 2017-05-30 07:19 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-05-31 19:15 - 2017-05-11 23:25 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-05-31 19:15 - 2017-05-11 23:25 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-05-31 19:15 - 2017-05-11 23:25 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-05-31 19:15 - 2017-05-30 07:21 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-05-31 19:15 - 2017-05-11 23:25 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-05-31 19:15 - 2017-05-11 23:25 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-05-31 19:14 - 2017-05-11 23:25 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-05-31 19:14 - 2017-05-11 23:25 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-05-31 19:14 - 2017-05-11 23:25 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-05-31 19:15 - 2017-05-11 23:27 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-05-31 19:15 - 2017-05-30 07:22 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-05-31 19:14 - 2017-05-11 23:25 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-05-31 19:14 - 2017-05-11 23:27 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-05-31 19:15 - 2017-05-30 07:21 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-05-31 19:15 - 2017-05-30 07:22 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-31 19:15 - 2017-05-30 07:22 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-05-31 19:15 - 2017-05-30 07:22 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-05-31 19:15 - 2017-05-11 23:25 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-05-31 19:15 - 2017-05-30 07:22 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-05-31 19:15 - 2017-05-30 07:22 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-05-31 19:15 - 2017-05-30 07:22 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-05-31 19:15 - 2017-05-30 07:22 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-05-31 19:15 - 2017-05-30 07:22 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-05-31 19:15 - 2017-05-11 23:27 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-05-31 19:15 - 2017-05-30 07:22 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-05-31 19:14 - 2017-05-11 23:20 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-05-31 19:14 - 2017-05-30 07:21 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-05-31 19:15 - 2017-05-30 07:21 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-05-31 19:14 - 2017-05-11 23:30 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-05-31 19:14 - 2017-05-11 23:30 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-05-31 19:15 - 2017-05-30 07:22 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-05-31 19:15 - 2017-05-30 07:21 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-05-31 19:14 - 2017-05-30 07:21 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-05-10 06:13 - 2017-05-10 06:13 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\913ed07a8752e6647c1a3dd74be009dd\IsdiInterop.ni.dll
2011-08-22 01:13 - 2011-04-30 04:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:0E4A860B_Cef.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2166]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2766664585-520136655-3584524175-1000\...\1001movie.com -> 1001movie.com

Existem ainda 6127 sites a mais.


==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-13 23:34 - 2017-05-11 09:20 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-2766664585-520136655-3584524175-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

MSCONFIG\startupfolder: C:^Users^Marcio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk => C:\Windows\pss\Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk.Startup
MSCONFIG\startupreg: HP Deskjet 3050 J610 series (NET) => "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN13P3B1W105HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{D7E727BD-214B-49AA-AD55-A7A4AD28F28D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F9C4F27A-6C35-4265-8224-00AE030C3A1F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B6E6D0B1-6C1C-4CCE-85AD-5D5F89E80293}] => (Allow) LPort=2869
FirewallRules: [{68FB00F1-95A8-4141-A34E-BDDFB58A29B5}] => (Allow) LPort=1900
FirewallRules: [{73B80DF3-958A-46D0-A3F3-F1EC249A26C8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{70DC368E-4BDF-4496-AAC0-AFE5238CE556}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{83178053-31C9-4BD0-BC61-3B97FE3B60BD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{E8DA2D0A-8165-4C2F-8A6D-0BAD4F19D6AD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{826CB48C-4845-441E-AF13-47DEBD922899}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{51E9A904-5B72-44C3-A7C1-88D4946B94FD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{7A2A71ED-04F8-4228-9549-E5711DC88D39}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{E8DD1378-11D2-431F-A635-9FF879FF57D8}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{1264AD5F-D2DD-454B-A838-86DAA5B885D3}] => (Allow) C:\Users\Marcio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FCA9E611-920B-4908-9C01-E0E58846270F}] => (Allow) C:\Users\Marcio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0C5CEC4A-9B58-448A-9518-90711E83F8C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAD9C3E0-FB2C-4C62-8ABB-B2DC2B97CDF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CD51DDD-D832-414B-919E-C179A90F108A}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{A8663170-CB8D-4E3B-9ECD-E09FB3657F38}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{56E22939-1078-4C83-9235-C39D5C83E2EF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C27E98F2-3813-4B79-B307-7EA02D0B76F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2CBE9F83-DBF9-4CE1-A762-2E790E79C802}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F2D52289-733D-4C82-BD3B-B3A12E2CB3EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A7FF1DC1-1055-4D5D-83CF-8A23F8561F8C}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{179D78E7-9E68-4A28-A8F7-99012BB0F628}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{CD35F8BE-54A1-4C6D-A9E1-3145B61DA444}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{D3977CFF-3C52-495D-8A4D-59081B2399E2}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{A21A2738-2121-4F6F-90AA-6533CF0AE6FA}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{2ACC5DAA-DA09-43B9-BA35-38C13AC44B40}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{74CF2703-57D4-4787-828C-1B976C002BD0}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{7C4C3483-4FAC-440E-84F9-C073A5872DC4}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Pontos de Restauração =========================

26-05-2017 16:02:22 JRT Pre-Junkware Removal
29-05-2017 21:48:11 Restore Point Created by FRST
30-05-2017 08:03:01 Installed IBM SPSS Statistics 22.
30-05-2017 13:57:09 Windows Update
30-05-2017 21:18:56 Windows Update

==================== Dispositivos Apresentando Falhas No Gerenciador =============

Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Deskjet 3050 J610 series
Description: Deskjet 3050 J610 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (05/31/2017 07:43:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/31/2017 07:11:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/31/2017 07:43:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/31/2017 06:40:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 08:18:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 01:50:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 10:46:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 08:20:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 08:14:03 AM) (Source: MsiInstaller) (EventID: 1043) (User: AUTORIDADE NT)
Description: Falha ao terminar uma transação do Windows Installer. Erro 5 ao terminar a transação.

Error: (05/30/2017 07:47:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Erros de Sistema:
=============
Error: (05/31/2017 07:42:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/31/2017 07:42:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/31/2017 07:42:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/31/2017 07:42:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/31/2017 07:42:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/31/2017 07:41:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: 
gbpddfac
gbpddreg

Error: (05/31/2017 07:10:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/31/2017 07:10:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/31/2017 07:10:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/31/2017 07:10:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.


CodeIntegrity:
===================================
  Date: 2017-05-11 09:19:05.103
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-11 09:19:04.932
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-11 09:19:04.682
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-11 09:19:04.510
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-23 11:37:30.243
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-23 11:37:30.133
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-19 13:11:18.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\AV\ESET Smart Security 6.0\upgrade.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 06:57:30.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\AV\ESET Smart Security 6.0\upgrade.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-23 17:38:37.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-23 17:38:37.766
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentagem de memória em uso: 56%
RAM física total: 3947.86 MB
RAM física disponível: 1716.75 MB
Virtual Total: 7893.9 MB
Virtual disponível: 6017.99 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:187.43 GB) (Free:31.47 GB) NTFS
Drive e: () (Fixed) (Total:390.64 GB) (Free:144.58 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: A971498C)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=187.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=390.6 GB) - (Type=OF Extended)

==================== Fim de Addition.txt ============================

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Marcio Handerson

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o arquivo (fixlist.txt) no anexo deste post e salve-o na Área de Trabalho (Desktop).

Execute o FRST.exe (ou FRST64.exe) e clique no botão Corrigir.

Aguarde... ao final será gerado o log Fixlog.txt  salvo em sua Área de Trabalho (Desktop).

Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Amigo, como está seu Windows?

 

Abraços :D

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

@diego_moicano  

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 24-05-2017
Executado por Marcio (03-06-2017 10:03:25) Run:2
Executando a partir de C:\Users\Marcio\Desktop
Perfis Carregados: Marcio (Perfis Disponíveis: Marcio)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
2017-05-30 13:52 - 2014-07-01 10:20 - 11719232 _____ (Foxit Corporation) C:\Users\Marcio\AppData\Local\Temp\Foxit Reader Updater.exe
Task: {F7FA5464-5C18-418B-8542-946AADF4A62A} - System32\Tasks\{F6277D72-0254-43B5-9BB2-6F8583B04EE8} => pcalua.exe -a "C:\Arquivos de Programas RFB\LEAO2017\LEAO2017.exe" -d "C:\Arquivos de Programas RFB\LEAO2017"
File: C:\Arquivos de Programas RFB\LEAO2017\LEAO2017.exe
Reboot:

*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKLM\System\CurrentControlSet\Services\gbpddfac => chave removido (a) com sucesso.
gbpddfac => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\gbpddreg => chave removido (a) com sucesso.
gbpddreg => serviço removido (a) com sucesso.
C:\Users\Marcio\AppData\Local\Temp\Foxit Reader Updater.exe => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7FA5464-5C18-418B-8542-946AADF4A62A} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7FA5464-5C18-418B-8542-946AADF4A62A} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\{F6277D72-0254-43B5-9BB2-6F8583B04EE8} => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F6277D72-0254-43B5-9BB2-6F8583B04EE8} => chave removido (a) com sucesso.

========================= File: C:\Arquivos de Programas RFB\LEAO2017\LEAO2017.exe ========================

"C:\Arquivos de Programas RFB\LEAO2017\LEAO2017.exe" => não encontrado (a).
====== Fim de File: ======

O sistema precisou ser reiniciado.

==== Fim de Fixlog 10:04:15 ====

Fixlog.txt

adicionado 2 minutos depois

@diego_moicano bom dia,

 

Não percebi ultimamente a abertura das abas que estavam ocorrendo.

 

Você acha que já foi finalizado o caso? Teriam outros testes para fazer e como me proteger?

 

Se ocorrer novamente, devo seguir esse passo a passo que fizemos? Ou cada caso é um caso?

 

Abração

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Marcio Handerson

 

Citação

Você acha que já foi finalizado o caso? Teriam outros testes para fazer e como me proteger?

 

Estamos finalizando... vamos continuar. ;)

 

Citação

Se ocorrer novamente, devo seguir esse passo a passo que fizemos? Ou cada caso é um caso?

 

Você poderia usar somente as 3 primeiras ferramentas que passei em meu primeiro post, no mais cada caso é um caso.

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Stinger e salve em sua Área de trabalho (Desktop).
32 bit (x86) ou 64 bit (x64)

  • Execute o arquivo Stinger.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Clique no botão “I Accept”


Stinger%20a.png

Na nova janela clique em “Advanced” e depois “Settings”

Stinger%20b.png

Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

9hnsyu.png

Clique em “Customize my Scan”

Stinger%20f.png

Selecione as unidades do sistema e em seguida clique no botão “Scan”

Stinger%20g.png

Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

@diego_moicano

 

McAfee Stinger Scan Results


McAfee® Labs Stinger™ Version 12.1.0.2391 built on Jun  4 2017 at 23:34:03
Copyright© 2015, McAfee, Inc. All Rights Reserved.

AV Engine version v5900.7806 for Windows.
Virus data file v1000.0 created on Jun 5, 2017
Ready to scan for 10132 viruses, trojans and variants.

Custom scan initiated on segunda-feira, junho 05, 2017 15:07:43


Rootkit scan result : Clean.


C:\Users\Marcio\Desktop\Atalhos Progs\Portable\Partition Wizard Professional Edition 9.0 Portable.rar\keygen-SND.zip\keygen.exe is infected with Artemis!BA44807770DA
C:\Users\Marcio\Desktop\Atalhos Progs\Portable\Partition Wizard Professional Edition 9.0 Portable.rar\keygen-SND.zip\keygen.exe couldn't be repaired
C:\Users\Marcio\Desktop\Atalhos Progs\Portable\Partition Wizard Professional Edition 9.0 Portable.rar is infected

Summary Report on C:
E:
File(s)
    TotalFiles:............    1159876
    Clean:.................    197334
    Not Scanned:........... 962540
    Possibly Infected:.....    2

Time: 14:34:14

Scan completed on terça-feira, junho 06, 2017 05:41:57
 

McAfee Stinger Scan Results.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Marcio Handerson

 

Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Aguarde enquanto a ferramenta faz o exame.
  • Ao final salve log como SecurityCheck.html
  • Abra o arquivo com o bloco de notas;
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

@diego_moicano Bom dia segue conforme solicitado.

 

SecurityCheck by glax24 & Severnyj v.1.4.0.49 [15.04.17]
WebSite: www.safezone.cc
DateLog: 06.06.2017 08:21:39
Path starting: C:\Users\Marcio\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Marcio
VersionXML: 4.32is-04.06.2017
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomeBasic Lang: Portuguese(0416)
Installation date OS: 11.12.2011 02:39:59
LicenseStatus: Windows(R) 7, HomeBasic edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [187.4 Gb] Used: [153.4 Gb] Free: [34 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18665
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2017-06-06 08:54:12
Windows Update (wuauserv) - The service is running
Central de Segurança (wscsvc) - The service is running
Registro remoto (RemoteRegistry) - The service has stopped
Descoberta SSDP (SSDPSRV) - The service is running
Serviços de Área de Trabalho Remota (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x86 v.14.0.7015.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
ESET Smart Security 10.0.390.0 (enabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Firewall pessoal da ESET (enabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
ESET Smart Security 10.0.390.0 (enabled and up to date)
Windows Defender (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Smart Security v.10.0.390.0
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 9.20 (x64 edition) v.9.20.00.0 Warning!
Download Update
Uninstall old version and install new one.
Microsoft Silverlight v.5.1.50906.0
Foxit Reader v.6.1.5.624 Warning!
Download Update
VLC media player v.2.2.6
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.33 v.7.33.105 Warning! Download Update

^Optional update.^
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.5.0.43580 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 131 v.8.0.1310.11
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 17 ActiveX v.17.0.0.169 Warning!
Download
Update
Adobe Flash Player 23 NPAPI v.23.0.0.185 Warning!
Download Update

Adobe Flash Player 25 PPAPI v.25.0.0.127 Warning!
Download
Update
------------------------------- [ Browser ] -------------------------------
Google Chrome v.58.0.3029.110
Mozilla Firefox 53.0.2 (x86 pt-BR) v.53.0.2 Warning! [url=https://www.mozilla.org/en-
US/firefox/all/]Download Update[/url]
----------------------------- [ EmailClient ] -----------------------------
Windows Live Mail v.15.4.3502.0922 Warning! This software is no longer supported.
Почта Windows Live v.15.4.3502.0922 Warning! This software is no longer supported.

--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.58.0.3029.110
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\ESET\ESET Smart Security\egui.exe v.10.0.386.0
ESET Service (ekrn) - The service is running
C:\Program Files\ESET\ESET Smart Security\ekrn.exe v.10.0.386.0
McAfee Validation Trust Protection Service (mfevtp) - The service is running
C:\Windows\System32\mfevtps.exe
Windows Defender (WinDefend) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
FATE v.2.2.0.97 << Hidden Warning! Application is distributed through the
partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of
fraud or social engineering.
Jewel Quest Solitaire v.2.2.0.95 << Hidden Warning! Suspected
Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC
scanning using Malwarebytes Anti-Malware and
Malwarebytes AdwCleaner. Before
uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Update Installer for WildTangent Games App << Hidden Warning! Application
is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible
you became a victim of fraud or social engineering.
WildTangent Games App (Acer Games) v.4.0.5.14 << Hidden Warning!
Application is distributed through the partnership programs and bundle assemblies. Uninstallation
recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------
 

SecurityCheck.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Marcio Handerson

 

Como está seu Windows?

 

# Etapa nº 1 #

 

Baixe o Delfix by Xplode e salve na sua área de trabalho.

 

Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

 

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

 

2mez6ld.png

 

Clique no botão Executar.

 

Ao final será gerado um log, mas não é necessário postar.

# Etapa nº 2 #

imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.

Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).

Basta clicar no Download Update de cada aviso (post acima), que irá para o site do desenvolvedor.

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

 

# Etapa nº 3 #

 

O Ccleaner é um excelente utilitário de limpeza para o computador.

 

Faça o download dele aqui Ccleaner

 

  • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
  • Clique duas vezes nesta pasta;
  • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
  • Coloque o nome de backups.
  • Abra o programa e clique em Executar Limpeza;
  • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
  • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

@diego_moicano   Boa noite =D

 

Até agora como havia te informado não teve mais aquela bronca de abertura de abas no Chrome, creio que deva ter resolvido.

 

Tu sabe se tem como verificar também no android? Se tens dicas de programas para verificar, o celular da minha mãe esta tendo um problema de drenagem de bateria.

 

Obrigado desde já pela ajuda!

 

 

# DelFix v1.013 - Relatório criado 07/06/2017 às 20:26:25
# Atualizado 17/04/2016 por Xplode
# Usuário : Marcio - MARCIO-PC
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)

~ Removendo ferramentas de desinfecção ...

Removido : C:\Qoobox
Removido : C:\AdwCleaner
Removido : C:\Windows\grep.exe
Removido : C:\Windows\PEV.exe
Removido : C:\Windows\NIRCMD.exe
Removido : C:\Windows\MBR.exe
Removido : C:\Windows\SED.exe
Removido : C:\Windows\SWREG.exe
Removido : C:\Windows\SWSC.exe
Removido : C:\Windows\SWXCACLS.exe
Removido : C:\Windows\Zip.exe
Removido : HKLM\SOFTWARE\Swearware
Removido : HKLM\SOFTWARE\TrendMicro\Hijackthis
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Criando backup do registro ... OK

~ Limpando pontos da restauração do sistema ...

Removido : RP #396 [Restore Point Created by FRST | 06/03/2017 13:03:33]
Removido : RP #397 [Windows Update | 06/06/2017 08:52:33]

Novo ponto de restauração criado !

~ Redefinindo configurações do sistema ... OK

########## - EOF - ##########
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Marcio Handerson

 

Android você encontra os aplicativos antivírus e scanners de remoção, até agora, que eu saiba, não temos nenhuma ferramenta para análise como fazemos aqui.

 

Podemos finalizar?

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

@diego_moicano acredito que podemos finalizar ..... não teve mais o problema da abertura das abas.

 

E nos testes que fizemos não foi encontrado mais nada, né?

 

Obrigado mesmo por toda ajuda!

 

Abração

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×