Ir ao conteúdo
  • Cadastre-se

0k4m1

Membros Plenos
  • Total de itens

    29
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre 0k4m1

  • Data de Nascimento 15-01-1989 (30 anos)

Informações gerais

  • Cidade e Estado
    Joinville, SC

Outros

  • Ocupação
    Estudante
  1. Bom dia! Tudo feito, aparentemente agora o PC está livre de malware.
  2. Bom dia, acabei removendo ontem após o scan, segue abaixo o relatório gerado: RogueKiller Anti-Malware V13.0.22.0 [Jan 14 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits Started in : Normal mode User : Ricardo [Administrator] Started from : C:\Users\Ricardo\Desktop\RogueKiller_portable32.exe Mode : Standard Scan, Delete -- Date : 2019/01/15 13:12:02 (Duration : 00:47:44) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} -- [%ProgramFiles%\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax] -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{64697678-0000-0010-8000-00AA00389B71} -- [%ProgramFiles%\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax] -> Deleted [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} -- [%ProgramFiles%\MyFree Codec\1.0b beta\MyFree.ax] -> Deleted [PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2) [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- -> Replaced (1) [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyMusic -- -> Replaced (1) [Tr.Gen0 (Malicious)] CheckUpdate.exe [Baidu Online Network Technology (Beijing) Co.,Ltd.] -- %_Ricardo_appdata%\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe -> Deleted [PUP.AutoIt.Gen (Potentially Malicious)] gs-auto-clicker-3-1-4.exe -- %USERPROFILE%\Downloads\gs-auto-clicker-3-1-4.exe -> Deleted Em todo caso refiz o scan hoje, segue abaixo o relatório: RogueKiller Anti-Malware V13.0.22.0 [Jan 14 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits Started in : Normal mode User : Ricardo [Administrator] Started from : C:\Users\Ricardo\Desktop\RogueKiller_portable32.exe Mode : Standard Scan, Scan -- Date : 2019/01/16 07:31:24 (Duration : 00:44:15) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  3. Boa tarde, segue abaixo conforme solicitado: RogueKiller Anti-Malware V13.0.22.0 [Jan 14 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits Started in : Normal mode User : Ricardo [Administrator] Started from : C:\Users\Ricardo\Desktop\RogueKiller_portable32.exe Mode : Standard Scan, Scan -- Date : 2019/01/15 11:59:25 (Duration : 00:47:44) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> O101 - Clsid [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} -- C:\Program Files\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax (missing) -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{64697678-0000-0010-8000-00AA00389B71} -- C:\Program Files\MyFree Codec\1.0b beta\XVID-CORE\xvid.ax (missing) -> Found [PUP.Gen1 (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} -- C:\Program Files\MyFree Codec\1.0b beta\MyFree.ax (missing) -> Found >>>>>> XX - System Policies [PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found >>>>>> XX - Explorer Advanced [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -- 0 -> Found [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyMusic -- 0 -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Tr.Gen0 (Malicious)] (file) CheckUpdate.exe -- (Baidu Online Network Technology (Beijing) Co.,Ltd.) C:\Users\Ricardo\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe -> Found [PUP.AutoIt.Gen (Potentially Malicious)] (file) gs-auto-clicker-3-1-4.exe -- C:\Users\Ricardo\Downloads\gs-auto-clicker-3-1-4.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  4. Boa tarde, segue abaixo conforme solicitado: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/14/19 Scan Time: 11:57 AM Log File: 5d940d68-1804-11e9-8afb-14dae96f0930.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.519 Update Package Version: 1.0.8772 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: PC2-USIPROL\Ricardo -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 321872 Threats Detected: 21 Threats Quarantined: 21 Time Elapsed: 3 hr, 56 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 9 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{2DCDF007-A793-4745-85C5-948AA3025720}, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46178C1D-AAEB-4405-9012-DAB514469DE5}, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{46178C1D-AAEB-4405-9012-DAB514469DE5}, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{4CC22693-26A0-4A23-8727-EAF035EEA6B2}, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7C48C5AE-C33C-4B24-95BD-E492FCC33827}, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7C48C5AE-C33C-4B24-95BD-E492FCC33827}, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{83466C99-356B-4496-B10A-57FD99E34A45}, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F70545D6-3FF8-4D24-A22F-0DBCCEC5EA9C}, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F70545D6-3FF8-4D24-A22F-0DBCCEC5EA9C}, Quarantined, [0], [392686],1.0.8772 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 12 Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\{2DCDF007-A793-4745-85C5-948AA3025720}, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\{4CC22693-26A0-4A23-8727-EAF035EEA6B2}, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, C:\USERS\RICARDO\DOWNLOADS\ZOEK.EXE, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\{83466C99-356B-4496-B10A-57FD99E34A45}, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, C:\USERS\RICARDO\DESKTOP\ZA-SCAN.EXE, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, C:\USERS\RICARDO\DOWNLOADS\ZOEK\ZOEK.EXE, Quarantined, [0], [392686],1.0.8772 RiskWare.Tool.CK, C:\USERS\RICARDO\DOWNLOADS\MINI\MINI-KMS_ACTIVATOR_V1.31_OFFICE2010_VL_ENG.EXE, Quarantined, [5745], [299001],1.0.8772 RiskWare.Tool.CK, C:\USERS\RICARDO\DOWNLOADS\MINI-KMS_ACTIVATOR_V1.31_OFFICE2010_VL\MINI-KMS_ACTIVATOR_V1.31_OFFICE2010_VL_ENG-FREESOFT-WZT\MINI-KMS_ACTIVATOR_V1.31_OFFICE2010_VL_ENG.EXE, Quarantined, [5745], [299001],1.0.8772 RiskWare.Tool.CK, C:\WINDOWS\KMSEM\KMSERVICE.EXE, Quarantined, [5745], [133383],1.0.8772 Generic.Malware/Suspicious, C:\USERS\RICARDO\DOWNLOADS\ZOEK\ZA-SCAN.EXE, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, C:\USERS\RICARDO\DOWNLOADS\ZA-SCAN.EXE, Quarantined, [0], [392686],1.0.8772 Generic.Malware/Suspicious, C:\USERS\RICARDO\DOWNLOADS\ZOEK.ZIP, Quarantined, [0], [392686],1.0.8772 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) # ------------------------------- # Malwarebytes AdwCleaner 7.2.6.0 # ------------------------------- # Build: 12-18-2018 # Database: 2019-01-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 01-14-2019 # Duration: 00:00:01 # OS: Windows 7 Ultimate # Cleaned: 4 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\iorrt ***** [ Registry ] ***** Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C7CC9D3-39B6-4D62-9513-6F02A3EDEDB1} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C7CC9D3-39B6-4D62-9513-6F02A3EDEDB1} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iorrt ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2866 octets] - [10/01/2019 10:02:42] AdwCleaner[C00].txt - [2704 octets] - [10/01/2019 10:06:34] AdwCleaner[S01].txt - [1782 octets] - [14/01/2019 16:10:14] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## ~ ZHPCleaner v2019.1.11.7 by Nicolas Coolman (2019/01/11) ~ Run by Ricardo (Administrator) (14/01/2019 16:16:15) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\Ricardo\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Ricardo\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (20) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (0) ~ No malicious or unnecessary items found. ---\\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. ---\\ Result of repair ~ Any repair made ~ Browser not found (Mozilla Firefox) ---\\ Statistics ~ Items scanned : 72295 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 0 ~ End of search in 00h20mn56s ZHPCleaner--14012019-16_37_11.txt
  5. Bom dia, segue abaixo conforme solicitado: Fix result of Farbar Recovery Scan Tool (x86) Version: 13-01-2019 Ran by Ricardo (14-01-2019 07:34:16) Run:1 Running from C:\Users\Ricardo\Desktop Loaded Profiles: Ricardo (Available Profiles: Ricardo) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: reg: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" reg: reg query "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig /s" reg: reg query "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s HKLM\...\Run: [] => [X] HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\MountPoints2: {9b8996c9-6090-11e1-a91a-d027886071db} - F:\SETUP.EXE HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2972672 2016-08-29] (Microsoft Corporation) <==== ATTENTION CHR HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION S3 FXDrv32; \??\D:\FXDrv32.sys [X] S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2174] FirewallRules: [{AC591FB3-A1CB-431D-BC91-32C4883DE6CE}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{DEF0ED79-B55D-4BB7-AFAF-4083B1186D35}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{1E7E45F3-8385-4CAE-9CA2-709DA3F9A1C5}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{AC0F511B-5897-43EC-99E0-B89DC3C2EBAC}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{9967C476-D7B1-4700-8DF3-0E961DD284CD}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{2C92BDE1-0A99-48AF-AA11-7B7301CFD3A0}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Restore point was successfully created. Processes closed successfully. ========= reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" ========= ========= End of Reg: ========= ========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CertificateRegistration REG_SZ aetcrss1.exe NvBackend REG_SZ "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" ShadowPlay REG_SZ C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart (Default) REG_SZ HPUsageTrackingLEDM REG_SZ "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\" IgfxTray REG_SZ C:\Windows\system32\igfxtray.exe HotKeysCmds REG_SZ C:\Windows\system32\hkcmd.exe Persistence REG_SZ C:\Windows\system32\igfxpers.exe SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents ========= End of Reg: ========= ========= reg query "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig /s" ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg query "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s ========= ========= End of Reg: ========= "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully. "HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar" => removed successfully. "HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar" => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b8996c9-6090-11e1-a91a-d027886071db} => removed successfully. HKLM\Software\Classes\CLSID\{9b8996c9-6090-11e1-a91a-d027886071db} => not found "HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Policies\Google => removed successfully. HKLM\System\CurrentControlSet\Services\FXDrv32 => removed successfully. FXDrv32 => service removed successfully. HKLM\System\CurrentControlSet\Services\NdisrdMP => removed successfully. NdisrdMP => service removed successfully. HKLM\System\CurrentControlSet\Services\Synth3dVsc => removed successfully. Synth3dVsc => service removed successfully. HKLM\System\CurrentControlSet\Services\tsusbhub => removed successfully. tsusbhub => service removed successfully. HKLM\System\CurrentControlSet\Services\VGPU => removed successfully. VGPU => service removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07} => removed successfully. HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => removed successfully. C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removed successfully. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC591FB3-A1CB-431D-BC91-32C4883DE6CE}" => removed successfully. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DEF0ED79-B55D-4BB7-AFAF-4083B1186D35}" => removed successfully. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E7E45F3-8385-4CAE-9CA2-709DA3F9A1C5}" => removed successfully. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC0F511B-5897-43EC-99E0-B89DC3C2EBAC}" => removed successfully. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9967C476-D7B1-4700-8DF3-0E961DD284CD}" => removed successfully. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C92BDE1-0A99-48AF-AA11-7B7301CFD3A0}" => removed successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully. "HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully. "HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully. "HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully. ========= End of RemoveProxy: ========= Restore point was successfully created. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3859261 B Java, Flash, Steam htmlcache => 529 B Windows/system/drivers => 770050 B Edge => 0 B Chrome => 477043384 B Firefox => 0 B Opera => 29188434 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 22916232 B LocalService => 66228 B NetworkService => 0 B Ricardo => 241518046 B RecycleBin => 0 B EmptyTemp: => 747.5 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 07:35:39 ====
  6. Bom dia, grato pela ajuda! Segue abaixo conforme solicitado: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-01-2019 01 Ran by Ricardo (administrator) on PC2-USIPROL (11-01-2019 11:07:49) Running from C:\Users\Ricardo\Desktop Loaded Profiles: Ricardo (Available Profiles: Ricardo) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP) C:\Windows\System32\HPSIsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Unimake Software) C:\Unimake\UniNFe\unidanfe.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [151552 2011-03-24] (A.E.T. Europe B.V.) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart HKLM\...\Run: [] => [X] HKLM\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\" HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\MountPoints2: {9b8996c9-6090-11e1-a91a-d027886071db} - F:\SETUP.EXE HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2972672 2016-08-29] (Microsoft Corporation) <==== ATTENTION HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-14] (Google Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{53979C64-81F6-41f7-8739-696716EC5468}] -> C:\Windows\system32\aetcpss1.dll [2011-03-24] (A.E.T. Europe B.V.) HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corp.) CHR HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-1300964193-1459114441-3536200422-1000] => 127.0.0.1:8080 AutoConfigURL: [S-1-5-21-1300964193-1459114441-3536200422-1000] => 127.0.0.1:8080 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{833CBE24-AA2E-4091-9847-93E99894666E}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{AB7CCDCF-E13A-4F86-99CF-1C508C693A51}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{AB7CCDCF-E13A-4F86-99CF-1C508C693A51}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CD9DD971-0312-4351-8B5B-F77615C2A0E8}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/ BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-18] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-18] (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} hxxp://200.98.128.50/video/web.cab FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll [2013-03-05] () FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-18] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-02-26] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1300964193-1459114441-3536200422-1000: gastecnologia.com.br/sf/bb -> C:\Users\Ricardo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2014-08-15] (GAS Tecnologia) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> hxxps://www.google.com/ CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/?hl=en" CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default [2016-10-20] CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-01-08] CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-01-11] CHR Extension: (Apresentações) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Documentos) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-03] CHR Extension: (YouTube) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-03] CHR Extension: (Web PKI) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcngeagmmhegagicpcmpinaoklddcgon [2018-06-18] CHR Extension: (Planilhas) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Documentos Google off-line) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-13] CHR Extension: (AdBlock) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-11] CHR Extension: (Certisign) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jjoehgfmpefldljiipnmgnfmcbfjkaad [2018-06-25] CHR Extension: (Google Maps) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-01-16] CHR Extension: (Verificador de mensagens do Google) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-01-16] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Gmail) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-03] CHR Extension: (Chrome Media Router) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-14] CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-08] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) S4 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) R2 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe [3727360 2010-09-17] (Firebird Project) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [921208 2015-08-26] (NVIDIA Corporation) R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S4 KMService; C:\Windows\system32\srvany.exe [8192 2012-04-19] () [File not signed] S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4305016 2015-08-26] (NVIDIA Corporation) S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [72704 2012-05-16] (SolidWorks) [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [11660528 2018-12-07] (TeamViewer GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [883544 2018-10-18] (GAS Tecnologia LTDA) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.) R3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [99968 2014-11-10] (Gemalto) R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-04-03] (GAS Tecnologia) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18552 2015-08-26] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44840 2015-08-11] (NVIDIA Corporation) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [22744 2019-01-11] (GAS Tecnologia) R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [41944 2018-04-25] (GAS Tecnologia) R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [42576 2017-12-14] (GAS Tecnologia) R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [41000 2018-04-10] (GAS Tecnologia) S3 FXDrv32; \??\D:\FXDrv32.sys [X] S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-11 11:05 - 2019-01-11 11:06 - 000041395 _____ C:\Users\Ricardo\Desktop\Addition.txt 2019-01-11 11:04 - 2019-01-11 11:07 - 000016425 _____ C:\Users\Ricardo\Desktop\FRST.txt 2019-01-11 11:04 - 2019-01-11 11:07 - 000000000 ____D C:\FRST 2019-01-11 11:03 - 2019-01-11 11:03 - 001785344 _____ (Farbar) C:\Users\Ricardo\Desktop\FRST.exe 2019-01-11 07:26 - 2018-04-19 22:18 - 002041445 _____ C:\Users\Ricardo\Downloads\Z-Analyse.exe 2019-01-11 07:26 - 2018-04-18 00:39 - 002038755 _____ C:\Users\Ricardo\Downloads\zoek.exe 2019-01-11 07:26 - 2018-04-18 00:39 - 002038755 _____ C:\Users\Ricardo\Downloads\ZA-Scan.exe 2019-01-11 07:26 - 2018-04-18 00:39 - 002038755 _____ C:\Users\Ricardo\Desktop\ZA-Scan.exe 2019-01-10 11:06 - 2019-01-10 11:17 - 000000000 ____D C:\Users\Ricardo\Downloads\zoek 2019-01-10 11:05 - 2019-01-10 11:06 - 006102389 _____ C:\Users\Ricardo\Downloads\zoek.zip 2019-01-10 11:01 - 2019-01-10 11:01 - 000000835 _____ C:\Users\Ricardo\Desktop\ZHPCleaner.lnk 2019-01-10 11:00 - 2019-01-10 11:00 - 003300224 _____ C:\Users\Ricardo\Downloads\ZHPCleaner.exe 2019-01-10 09:36 - 2019-01-10 09:36 - 000000000 ____D C:\LinhaDefensiva 2019-01-10 09:20 - 2019-01-10 09:20 - 000000000 ____D C:\Users\Ricardo\AppData\Local\mbam 2019-01-10 09:19 - 2019-01-10 09:19 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-01-10 09:19 - 2019-01-10 09:19 - 000000000 ____D C:\Users\Ricardo\AppData\Local\mbamtray 2019-01-10 09:19 - 2019-01-10 09:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-01-10 09:18 - 2019-01-10 09:18 - 000178597 _____ (Igor Pavlov) C:\Users\Ricardo\Downloads\bankerfix-3.0.0_3.0.0.exe 2019-01-10 09:18 - 2019-01-10 09:18 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-01-10 09:18 - 2019-01-10 09:18 - 000000000 ____D C:\Program Files\Malwarebytes 2019-01-10 09:18 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys 2019-01-10 09:16 - 2019-01-10 11:03 - 000000000 ____D C:\Users\Ricardo\AppData\Roaming\ZHP 2019-01-10 09:16 - 2019-01-10 10:06 - 000000000 ____D C:\AdwCleaner 2019-01-10 09:16 - 2019-01-10 09:16 - 000000000 ____D C:\Users\Ricardo\AppData\Local\ZHP 2019-01-10 09:15 - 2019-01-10 09:16 - 007320272 _____ (Malwarebytes) C:\Users\Ricardo\Desktop\ADW.exe 2019-01-10 09:14 - 2019-01-10 09:17 - 081227760 _____ (Malwarebytes ) C:\Users\Ricardo\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe 2019-01-09 16:10 - 2019-01-09 16:10 - 000000009 _____ C:\Users\Ricardo\Desktop\VALDENIR.txt 2019-01-09 09:54 - 2019-01-09 09:54 - 000250382 _____ C:\Users\Ricardo\Downloads\vivoinv_845120328599 (2).pdf 2019-01-09 09:53 - 2019-01-09 09:53 - 000027900 _____ C:\Users\Ricardo\Downloads\01-20194530518543 (2).pdf 2019-01-09 09:41 - 2019-01-09 09:41 - 000027900 _____ C:\Users\Ricardo\Downloads\01-20194530518543 (1).pdf 2019-01-09 09:35 - 2019-01-09 09:35 - 000250382 _____ C:\Users\Ricardo\Downloads\vivoinv_845120328599 (1).pdf 2019-01-09 09:34 - 2019-01-09 09:34 - 000027657 _____ C:\Users\Ricardo\Downloads\01-20184115771394.pdf 2019-01-09 09:33 - 2019-01-09 09:33 - 000027711 _____ C:\Users\Ricardo\Downloads\01-20184328967208 (1).pdf 2019-01-09 09:33 - 2019-01-09 09:33 - 000027673 _____ C:\Users\Ricardo\Downloads\01-20184249975998.pdf 2019-01-09 09:33 - 2019-01-09 09:33 - 000027653 _____ C:\Users\Ricardo\Downloads\01-20184172769907.pdf 2019-01-09 09:32 - 2019-01-09 09:32 - 000027908 _____ C:\Users\Ricardo\Downloads\01-20184428434282 (1).pdf 2019-01-09 09:11 - 2019-01-09 09:11 - 000000025 _____ C:\Users\Ricardo\Desktop\CELESC 49401906.txt 2019-01-09 09:04 - 2019-01-09 09:04 - 000027900 _____ C:\Users\Ricardo\Downloads\01-20194530518543.pdf 2019-01-09 07:27 - 2019-01-09 07:27 - 000431616 _____ C:\Windows\system32\FNTCACHE.DAT 2019-01-08 16:58 - 2019-01-08 16:58 - 000000000 ____D C:\Users\Ricardo\AppData\Local\ElevatedDiagnostics 2019-01-08 16:52 - 2019-01-08 16:52 - 000002358 _____ C:\Users\Ricardo\Downloads\ICP-Brasilv9.crt 2019-01-08 16:52 - 2019-01-08 16:52 - 000002358 _____ C:\Users\Ricardo\Downloads\ICP-Brasilv8.crt 2019-01-08 16:52 - 2019-01-08 16:52 - 000002358 _____ C:\Users\Ricardo\Downloads\ICP-Brasilv5 (2).crt 2019-01-08 16:50 - 2019-01-08 16:50 - 000312815 _____ C:\Users\Ricardo\Downloads\v1_v2_v5_v8_v9_msie.p7b 2019-01-08 09:59 - 2019-01-08 10:00 - 000002464 _____ C:\Users\Ricardo\Downloads\Autoridade_Certificadora_SERPRORFBv5 (2).crt 2019-01-08 09:59 - 2019-01-08 09:59 - 000002273 _____ C:\Users\Ricardo\Downloads\AC_Secretaria_da_Receita_Federal_do_Brasil_v4 (3).crt 2019-01-08 09:58 - 2019-01-08 09:58 - 000002273 _____ C:\Users\Ricardo\Downloads\AC_Secretaria_da_Receita_Federal_do_Brasil_v3 (1).crt 2019-01-08 09:57 - 2019-01-08 09:57 - 000123288 _____ C:\Users\Ricardo\AppData\Local\GDIPFONTCACHEV1.DAT 2019-01-07 08:14 - 2019-01-07 08:14 - 000000000 _____ C:\Users\Ricardo\Downloads\ATT00001 2018-12-19 07:42 - 2018-12-19 07:43 - 000000000 ____D C:\Program Files\GUM49AC.tmp 2018-12-17 14:45 - 2018-12-17 14:45 - 000000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk 2018-12-17 14:45 - 2018-12-17 14:45 - 000000917 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk 2018-12-13 17:07 - 2018-12-13 17:07 - 000595849 _____ C:\Users\Ricardo\Downloads\relatorio (16).pdf 2018-12-13 17:06 - 2018-12-13 17:06 - 000120276 _____ C:\Users\Ricardo\Downloads\ExibirDAS-13122018_170641_12_2018.pdf 2018-12-13 17:05 - 2018-12-13 17:05 - 000120089 _____ C:\Users\Ricardo\Downloads\ExibirDAS-13122018_170522_12_2018.pdf 2018-12-12 10:10 - 2018-12-17 15:35 - 000011065 _____ C:\Users\Ricardo\Desktop\SUCATA.xlsx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-11 11:07 - 2009-07-14 02:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-01-11 11:07 - 2009-07-14 02:34 - 000017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-01-11 11:00 - 2018-01-12 15:34 - 000102912 _____ C:\Users\Ricardo\Desktop\Follow-up Perini.xls 2019-01-11 10:43 - 2018-05-14 12:13 - 000000000 ____D C:\Users\Ricardo\Desktop\Borderô 2019-01-11 08:04 - 2016-02-10 16:22 - 000000000 ____D C:\Users\Ricardo\Desktop\Materiais recebidos Perini 2019-01-11 07:41 - 2016-11-01 11:14 - 000000000 ____D C:\Users\Ricardo\Desktop\Motoboy 2019-01-11 07:26 - 2018-01-10 15:43 - 000708514 _____ C:\Users\Ricardo\Desktop\Programação Produção.xlsx 2019-01-11 07:20 - 2018-09-20 14:12 - 000000000 ____D C:\Program Files\TeamViewer 2019-01-11 07:20 - 2017-01-05 13:59 - 000022744 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2019-01-11 07:20 - 2015-09-22 20:45 - 000000000 ____D C:\ProgramData\NVIDIA 2019-01-11 07:20 - 2009-07-14 02:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-01-10 17:00 - 2012-03-12 12:40 - 000000000 ____D C:\Users\Ricardo\Documents\NF-e 2019-01-10 17:00 - 2009-07-14 00:04 - 000000682 _____ C:\Windows\win.ini 2019-01-10 09:19 - 2009-07-14 00:37 - 000000000 ____D C:\Windows\inf 2019-01-09 08:37 - 2012-03-19 16:10 - 000000000 ____D C:\Users\Ricardo\Desktop\Etiquetas 2019-01-09 08:29 - 2016-11-09 10:45 - 000030208 _____ C:\Users\Ricardo\Desktop\Follow-up KaVo.xls 2019-01-08 16:58 - 2009-07-14 00:37 - 000000000 ____D C:\Windows\system32\NDF 2019-01-08 16:14 - 2013-06-14 16:28 - 000000000 ____D C:\Users\Ricardo\Desktop\Ordem de Serviço 2019-01-08 09:49 - 2018-04-30 17:43 - 000000000 ____D C:\Program Files\Opera 2019-01-08 09:41 - 2018-09-28 08:21 - 000000000 ____D C:\Windows\Minidump 2019-01-08 09:41 - 2018-07-17 14:01 - 000000000 ____D C:\Users\Ricardo\AppData\Local\CrashDumps 2019-01-08 09:41 - 2018-06-14 12:08 - 000000000 ____D C:\Users\Ricardo\Desktop\Emissores antigos 2019-01-08 09:41 - 2017-11-21 08:01 - 000000000 ____D C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas Sebrae 2019-01-08 09:41 - 2013-08-29 11:53 - 000000000 ____D C:\Users\Ricardo\AppData\Roaming\uTorrent 2019-01-07 14:31 - 2016-07-26 19:18 - 001820160 _____ C:\Users\Ricardo\Desktop\Tempo Perini.xls 2019-01-07 10:36 - 2016-07-26 19:26 - 000053248 _____ C:\Users\Ricardo\Desktop\Estoque Perini.xls 2019-01-07 08:51 - 2018-06-19 08:48 - 000000000 ____D C:\Users\Ricardo\AppData\Roaming\FileZilla 2019-01-07 08:45 - 2017-09-18 08:40 - 000053608 _____ C:\Users\Ricardo\Desktop\60106502.xls 2019-01-07 07:26 - 2015-11-12 11:01 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-12-17 13:49 - 2018-06-28 16:35 - 000000000 ____D C:\Users\Ricardo\Documents\XML ENTRADA 2018-12-17 09:22 - 2012-03-19 16:10 - 000000000 ____D C:\Users\Ricardo\Desktop\Normas, manuais e tabelas de medida 2018-12-17 09:04 - 2012-03-17 12:13 - 000000000 ____D C:\Users\Ricardo\AppData\Roaming\SolidWorks 2018-12-17 08:42 - 2018-08-28 09:04 - 000000284 _____ C:\Users\Ricardo\Desktop\LISTA TELEFONES QUE INCOMODAM.txt 2018-12-14 15:36 - 2012-07-31 11:37 - 000046080 _____ C:\Users\Ricardo\Desktop\Cálculo Peso.xls 2018-12-14 13:33 - 2018-08-28 12:32 - 000000000 ____D C:\Users\Ricardo\Desktop\Usirota 2018-12-14 07:22 - 2018-08-30 14:16 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-12-14 07:17 - 2018-07-04 17:13 - 000001268 _____ C:\Users\Public\Desktop\Skype.lnk 2018-12-14 07:17 - 2018-07-04 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ==================== Files in the root of some directories ======= 2014-11-03 15:47 - 2014-11-03 15:47 - 000016603 _____ () C:\Users\Ricardo\AppData\Roaming\unins001.dat 2015-01-26 09:21 - 2015-08-05 09:20 - 000000039 _____ () C:\Users\Ricardo\AppData\Local\ppreview.ini 2015-06-17 08:56 - 2015-06-17 08:56 - 000007606 _____ () C:\Users\Ricardo\AppData\Local\Resmon.ResmonCfg 2015-05-27 16:40 - 2015-05-27 16:40 - 000732064 _____ (DivX, LLC) C:\Users\Ricardo\AppData\Local\Tempdivx3b78.exe 2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx3ee5 2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx3f36 2015-05-27 16:36 - 2015-05-27 16:36 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx4237 2015-05-27 16:55 - 2015-05-27 16:55 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx6608 2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx8194 2015-05-27 16:55 - 2015-05-27 16:55 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivx9ded 2015-05-27 16:40 - 2015-05-27 16:40 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxa59c 2015-05-27 16:34 - 2015-05-27 16:34 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxadb0 2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxb796 2015-05-27 16:55 - 2015-05-27 16:55 - 000635544 _____ (DivX, LLC) C:\Users\Ricardo\AppData\Local\Tempdivxb815.exe 2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxbdfa 2015-05-19 03:43 - 2015-05-19 03:43 - 000247298 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxeadd 2015-05-27 16:37 - 2015-05-27 16:37 - 001328472 _____ (DivX, LLC) C:\Users\Ricardo\AppData\Local\Tempdivxf61e.exe 2015-05-27 16:37 - 2015-05-27 16:37 - 000043682 _____ () C:\Users\Ricardo\AppData\Local\Tempdivxf8c9 ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-01-03 09:13 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-01-2019 01 Ran by Ricardo (11-01-2019 11:08:15) Running from C:\Users\Ricardo\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2012-02-26 14:59:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1300964193-1459114441-3536200422-500 - Administrator - Disabled) Guest (S-1-5-21-1300964193-1459114441-3536200422-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1300964193-1459114441-3536200422-1004 - Limited - Enabled) Ricardo (S-1-5-21-1300964193-1459114441-3536200422-1000 - Administrator - Enabled) => C:\Users\Ricardo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.6.602.171 - Adobe Systems Incorporated) Assistente de Instalação Certisign (HKLM\...\{6FBA74BD-149F-4521-B921-FFCC84876864}) (Version: 3.10.0.0 - CERTISIGN) ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform) CertiPlugin 1.0.0.11 (HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\{E74B2E92-1570-41FB-AB75-1A618DD3FCE3}_is1) (Version: 1.0.0.11 - Certisign) CertiPlugin 1.1.0.2 (HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\{E74B2E92-1570-41FB-AB75-1A618DD3FCE3}}_is1) (Version: 1.1.0.2 - Certisign) D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DANFE View (HKLM\...\DANFE View_is1) (Version: 2.4.13 - Unimake programas) DWGeditor (HKLM\...\{F5125699-C01A-4ED8-BD3A-265DF29859FE}) (Version: 15.00.9022 - SolidWorks) EditiX-XML Editor 2017 (HKLM\...\5246-0923-7551-7727) (Version: 2017 - JAPISoft SARL) EPSON T25 Series Printer Uninstall (HKLM\...\EPSON T25 Series) (Version: - SEIKO EPSON Corporation) FileZilla Client 3.39.0 (HKLM\...\FileZilla Client) (Version: 3.39.0 - Tim Kosse) Firebird 2.5.0.26074 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project) GemPcCCID (HKLM\...\{8BD3AFAF-636E-4516-A7E8-D57CCDBE28B8}) (Version: 2.0.3 - Gemalto) Gerenciador de Certificados Digitais - Certisign (HKLM\...\{B4C4CBBB-A7FF-4581-B7EC-A501781ADCA3}) (Version: 2.3.0.1 - Certisign Certificadora Digital S.A.) Google Chrome (HKLM\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - ) hppLaserJetService (HKLM\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.003.000145 - Hewlett-Packard) Hidden hppM1130M1210SeriesLaserJetService (HKLM\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.003.00073 - Hewlett-Packard) Hidden hppusgM1130M1210Series (HKLM\...\{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}) (Version: 1.0.0.2 - Hewlett-Packard) Hidden HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Java 8 Update 191 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation) Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Macro Recorder 5.8.0 (HKLM\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software) Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft CAPICOM 2.1.0.2 SDK (HKLM\...\{2FF43F5D-5729-4E02-A548-310E30A5F29B}) (Version: 2.1.0.2 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Módulo de Segurança - Banco do Brasil (HKLM\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.11.0.1 - ) MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation) NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation) NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Opera Stable 57.0.3098.106 (HKLM\...\Opera 57.0.3098.106) (Version: 57.0.3098.106 - Opera Software) PC-CCID (HKLM\...\{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}) (Version: 2.0.0 - Gemalto) Readiris Pro 12 (HKLM\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.5965 - I.R.I.S.) Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6231 - Realtek Semiconductor Corp.) SafeSign (HKLM\...\{66913111-2F8A-4950-AA93-51C26182FC35}) (Version: 3.0.45 - A.E.T. Europe B.V.) Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.14.5 - NVIDIA Corporation) Hidden Skype version 8.36 (HKLM\...\Skype_is1) (Version: 8.36 - Skype Technologies S.A.) SolidWorks 2007 SP0 (HKLM\...\{2B6E020C-F269-4E03-9994-818271E4BF4E}) (Version: 15.1.0003 - SolidWorks) SolidWorks Installation Manager (HKLM\...\{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}) (Version: 15.00.9022 - SolidWorks) TeamViewer 14 (HKLM\...\TeamViewer) (Version: 14.1.3399 - TeamViewer) UniDANFE (HKLM\...\UniDANFE_is1) (Version: 3.6.29 - Unimake Software) VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN) VueScan x32 (HKLM\...\VueScan x32) (Version: - Hamrick Software) Warsaw 2.7.0.135 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.7.0.135 - GAS Tecnologia) Web PKI (HKLM\...\{4079BB26-9AFF-2C76-EE2E-D7B767B2EE49}) (Version: 2.6.2.290 - Lacuna Software) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ricardo\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] () ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-09-13] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] () ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0292E601-C993-4874-865F-187BCE64ED78} - System32\Tasks\Opera scheduled Autoupdate 1525117504 => C:\Program Files\Opera\launcher.exe [2018-12-19] (Opera Software) Task: {0BBFA221-B2A0-4E8D-A9D8-0A2C64D879B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-30] (Google Inc.) Task: {30815CFD-D6EB-4106-A267-4853506BDA90} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2015-12-04] () Task: {45C82E20-4F10-44E6-BD8F-7150E2EA25C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-30] (Google Inc.) Task: {46178C1D-AAEB-4405-9012-DAB514469DE5} - System32\Tasks\{2DCDF007-A793-4745-85C5-948AA3025720} => C:\Windows\system32\pcalua.exe -a C:\Users\Ricardo\Downloads\zoek\Z-Analyse.exe -d C:\Users\Ricardo\Downloads\zoek Task: {7C48C5AE-C33C-4B24-95BD-E492FCC33827} - System32\Tasks\{4CC22693-26A0-4A23-8727-EAF035EEA6B2} => C:\Windows\system32\pcalua.exe -a C:\Users\Ricardo\Downloads\zoek\zoek.exe -d C:\Users\Ricardo\Downloads\zoek Task: {827B09B7-4C59-42A8-9EBE-C489DEB613DE} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2015-12-04] () Task: {E617AD31-097E-42E2-9BD2-6D3C80D99AE8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated) Task: {F70545D6-3FF8-4D24-A22F-0DBCCEC5EA9C} - System32\Tasks\{83466C99-356B-4496-B10A-57FD99E34A45} => C:\Windows\system32\pcalua.exe -a C:\Users\Ricardo\Desktop\ZA-Scan.exe -d C:\Users\Ricardo\Desktop (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-09-29 09:37 - 2012-09-29 14:24 - 000167936 ____N () C:\Windows\System32\HPM1210LM.DLL 2014-09-29 09:40 - 2012-09-29 14:24 - 000069632 ____N () C:\Windows\system32\spool\PRTPROCS\W32X86\HPM1210PP.dll 2014-09-29 09:37 - 2012-09-29 14:24 - 002396160 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\hpm1210su.dll 2014-09-29 09:37 - 2012-09-29 14:54 - 000794624 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HPM1210GC.dll 2009-10-15 12:13 - 2009-10-15 12:13 - 000061440 _____ () C:\Program Files\HP\HPLaserJetService\HPTools.dll 2009-10-15 12:13 - 2009-10-15 12:13 - 000964096 _____ () C:\Program Files\HP\HPLaserJetService\LEDMXMLObjects.dll 2012-12-24 07:53 - 2012-12-24 07:53 - 000081920 _____ () C:\Windows\system32\mvusbews.DLL 2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2018-11-30 10:48 - 2018-11-30 10:48 - 000049320 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2012-02-26 16:16 - 2012-02-17 21:55 - 000166912 _____ () C:\Program Files\WinRAR\rarext.dll 2015-09-22 20:45 - 2015-08-26 22:37 - 000011896 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll 2014-03-31 21:35 - 2014-03-31 21:35 - 000270016 _____ () C:\Program Files\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll 2014-03-31 21:35 - 2014-03-31 21:35 - 000278208 _____ () C:\Program Files\Windows Live\Writer\pt-BR\WindowsLive.Writer.Localization.resources.dll 2018-02-01 10:19 - 2016-09-22 15:29 - 000270336 _____ () C:\Unimake\UniNFe\QRGenerator.dll 2018-02-01 10:19 - 2010-05-10 00:54 - 000141312 _____ () C:\Unimake\UniNFe\zlibwapi.dll 2018-12-14 07:21 - 2018-12-12 02:58 - 004430304 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\libglesv2.dll 2018-12-14 07:21 - 2018-12-12 02:58 - 000097248 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2174] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\bb.com.br -> aapj.bb.com.br IE trusted site: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\...\gastecnologia.com.br -> cloud.gastecnologia.com.br ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 00:04 - 2015-02-18 07:33 - 000000822 ____N C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared;C:\Program Files\NVIDIA Corporation\PhysX\Common HKU\S-1-5-21-1300964193-1459114441-3536200422-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AeLookupSvc => 3 MSCONFIG\Services: ehRecvr => 3 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: EPSON_EB_RPCV4_04 => 2 MSCONFIG\Services: EPSON_PM_RPCV4_04 => 2 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: KMService => 2 MSCONFIG\Services: NovaPdfServer => 2 MSCONFIG\Services: SolidWorks Licensing Service => 3 MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe (Microsoft Corporation) FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe (Microsoft Corporation) FirewallRules: [{474EC1CE-8D0A-4BE0-BBC0-F4137AFCE65F}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) FirewallRules: [TCP Query User{5737DB6A-73DC-4793-90B0-24B3DF859D56}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe No File FirewallRules: [UDP Query User{1BD732CE-60F7-49CC-B737-A652B619201E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe No File FirewallRules: [{F87EE6C8-8E89-412D-8B77-A76166501FBD}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) FirewallRules: [{0DE12B52-039E-47DA-A823-2DB22EE7BE4E}] => (Allow) LPort=2869 FirewallRules: [{AD06B7AB-66E6-452C-9380-1AACBF23A82A}] => (Allow) LPort=1900 FirewallRules: [{716876DE-22AC-40B3-BDE8-809CEDFB092F}] => (Allow) C:\Windows\System32\muzapp.exe (Musiccity Co.Ltd.) FirewallRules: [{11DAB3E9-8336-44AD-8D30-EDA5D344CCFB}] => (Allow) C:\Windows\System32\muzapp.exe (Musiccity Co.Ltd.) FirewallRules: [{8629D4EA-ECB3-4E72-9F9D-3EF5DF99F05B}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) FirewallRules: [{067ECA88-804B-4B9C-ADF2-215C721010E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) FirewallRules: [{16F3F185-1D9E-48AE-92CA-8742AD90EFB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) FirewallRules: [{D2FCA2F5-FD65-4993-8756-8FE6F1079BE8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) FirewallRules: [{97141357-4B3B-41EC-98AA-1D5304037B4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) FirewallRules: [{754C1B2E-8BD1-4B94-B02B-41E4EB6AC9DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation) FirewallRules: [{C0678D76-E9D0-4037-B6D3-37471A25EF96}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation) FirewallRules: [{AC591FB3-A1CB-431D-BC91-32C4883DE6CE}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{DEF0ED79-B55D-4BB7-AFAF-4083B1186D35}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{1E7E45F3-8385-4CAE-9CA2-709DA3F9A1C5}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{AC0F511B-5897-43EC-99E0-B89DC3C2EBAC}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{9967C476-D7B1-4700-8DF3-0E961DD284CD}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{2C92BDE1-0A99-48AF-AA11-7B7301CFD3A0}] => (Allow) C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{074908E2-B790-4035-837E-789876DB0D50}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA) FirewallRules: [{5C3B8C14-425E-4F7F-A138-A5DC2DAB49C6}] => (Allow) C:\Program Files\Opera\53.0.2907.68\opera.exe (Opera Software) FirewallRules: [{0BD00732-1665-4EE2-B1A7-49A08500248F}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software) FirewallRules: [{65659737-FA35-497A-AB9F-D32B3D1A520E}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software) FirewallRules: [{97C80074-0B56-4283-80BB-6D62E9CFA3A2}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) FirewallRules: [{4DCFC6F9-AB6B-453B-8906-54268D035278}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) FirewallRules: [{AB940B6B-F365-488A-9BF7-C5C1E9EC4FA3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) FirewallRules: [{AAF1CCC0-15E8-484D-A182-AFB2FEB7BD6B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) FirewallRules: [{9E945D9C-77B9-4286-B77C-8C115A1340A4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) FirewallRules: [{F7050D21-0013-46A9-9928-C9E2A24E0BF0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) FirewallRules: [{8DC50B3C-C3C5-4493-AFC4-44ABDF298322}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) FirewallRules: [{3FCB9FDE-199C-4867-8FEC-DA617EBB0CE4}] => (Allow) C:\Program Files\Opera\57.0.3098.106\opera.exe (Opera Software) ==================== Restore Points ========================= 04-12-2018 09:59:13 Scheduled Checkpoint 12-12-2018 08:17:23 Scheduled Checkpoint 26-12-2018 08:04:29 Scheduled Checkpoint 03-01-2019 09:20:46 Scheduled Checkpoint 10-01-2019 12:44:47 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/07/2019 07:54:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wlmail.exe, version: 16.4.3528.331, time stamp: 0x533a3fce Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x3f780004 Faulting process id: 0x%9 Faulting application start time: 0xwlmail.exe0 Faulting application path: wlmail.exe1 Faulting module path: wlmail.exe2 Report Id: wlmail.exe3 Error: (11/28/2018 10:28:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program sldworks.exe version 15.0.0.9022 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b3c Start Time: 01d48715ba12b368 Termination Time: 21 Application Path: C:\Program Files\SolidWorks\sldworks.exe Report Id: 114e57a0-f309-11e8-9f3c-14dae96f0930 Error: (11/22/2018 11:19:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wlmail.exe, version: 16.4.3528.331, time stamp: 0x533a3fce Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000533a Faulting process id: 0x%9 Faulting application start time: 0xwlmail.exe0 Faulting application path: wlmail.exe1 Faulting module path: wlmail.exe2 Report Id: wlmail.exe3 Error: (11/19/2018 01:17:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: core.exe, version: 2.8.4.40516, time stamp: 0x5b76c0e0 Faulting module name: wsftnmr.dll, version: 1.0.2.258, time stamp: 0x5b76ca45 Exception code: 0xc0000005 Fault offset: 0x0003bd6b Faulting process id: 0x1668 Faulting application start time: 0x01d47ff97fc9b529 Faulting application path: C:\Program Files\Diebold\Warsaw\core.exe Faulting module path: C:\Program Files\Diebold\Warsaw\wsftnmr.dll Report Id: 47469675-ec0e-11e8-ac64-14dae96f0930 Error: (11/19/2018 09:17:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: core.exe, version: 2.8.4.40516, time stamp: 0x5b76c0e0 Faulting module name: wsftnmr.dll, version: 1.0.2.258, time stamp: 0x5b76ca45 Exception code: 0xc0000005 Fault offset: 0x0003bd6b Faulting process id: 0x858 Faulting application start time: 0x01d47fe8b6e13796 Faulting application path: C:\Program Files\Diebold\Warsaw\core.exe Faulting module path: C:\Program Files\Diebold\Warsaw\wsftnmr.dll Report Id: bcc3c5f5-ebec-11e8-ac64-14dae96f0930 Error: (11/15/2018 08:43:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: core.exe, version: 2.8.4.40516, time stamp: 0x5b76c0e0 Faulting module name: wsftnmr.dll, version: 1.0.2.258, time stamp: 0x5b76ca45 Exception code: 0xc0000005 Fault offset: 0x0003bd6b Faulting process id: 0xaa0 Faulting application start time: 0x01d47ccfef5cad3d Faulting application path: C:\Program Files\Diebold\Warsaw\core.exe Faulting module path: C:\Program Files\Diebold\Warsaw\wsftnmr.dll Report Id: 4404cbac-e8c3-11e8-a12a-14dae96f0930 Error: (11/15/2018 08:42:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: core.exe, version: 2.8.4.40516, time stamp: 0x5b76c0e0 Faulting module name: wsftnmr.dll, version: 1.0.2.258, time stamp: 0x5b76ca45 Exception code: 0xc0000005 Fault offset: 0x0003bd6b Faulting process id: 0x1760 Faulting application start time: 0x01d47ccc3d991538 Faulting application path: C:\Program Files\Diebold\Warsaw\core.exe Faulting module path: C:\Program Files\Diebold\Warsaw\wsftnmr.dll Report Id: 2b20354d-e8c3-11e8-a12a-14dae96f0930 Error: (11/15/2018 08:16:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: core.exe, version: 2.8.4.40516, time stamp: 0x5b76c0e0 Faulting module name: wsftnmr.dll, version: 1.0.2.258, time stamp: 0x5b76ca45 Exception code: 0xc0000005 Fault offset: 0x0003bd6b Faulting process id: 0x10c0 Faulting application start time: 0x01d47ccc218e53db Faulting application path: C:\Program Files\Diebold\Warsaw\core.exe Faulting module path: C:\Program Files\Diebold\Warsaw\wsftnmr.dll Report Id: 7aec43d2-e8bf-11e8-a12a-14dae96f0930 System errors: ============= Error: (01/11/2019 07:20:31 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (01/11/2019 07:20:31 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (01/11/2019 07:20:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147014847 = The requested address is not valid in its context. Error: (01/11/2019 07:20:06 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed. Error: (01/11/2019 07:20:06 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed. Error: (01/11/2019 07:20:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: %%-2147014847 = The requested address is not valid in its context. Error: (01/10/2019 05:22:15 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (01/10/2019 11:14:24 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Windows Defender: =================================== Date: 2012-05-25 06:57:39.494 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/WinShow&threatid=14522 Name:BrowserModifier:Win32/WinShow ID:14522 Severity:High Category:Browser Modifier Path Found:containerfile:C:\Program Files\SolidWorks\sw2007cr.exe;file:C:\Program Files\SolidWorks\sw2007cr.exe->(VFS:netid.exe);file:C:\Windows\system32\wintrust32.exe;process:pid:776;service:WinTrust32 Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2012-05-24 07:50:41.913 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/WinShow&threatid=14522 Name:BrowserModifier:Win32/WinShow ID:14522 Severity:High Category:Browser Modifier Path Found:containerfile:C:\Program Files\SolidWorks\sw2007cr.exe;file:C:\Program Files\SolidWorks\sw2007cr.exe->(VFS:netid.exe);file:C:\Windows\system32\wintrust32.exe;process:pid:312;service:WinTrust32 Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2012-05-23 07:42:10.516 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/WinShow&threatid=14522 Name:BrowserModifier:Win32/WinShow ID:14522 Severity:High Category:Browser Modifier Path Found:containerfile:C:\Program Files\SolidWorks\sw2007cr.exe;file:C:\Program Files\SolidWorks\sw2007cr.exe->(VFS:netid.exe);file:C:\Windows\system32\wintrust32.exe;process:pid:300;service:WinTrust32 Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2012-05-22 13:40:13.540 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/WinShow&threatid=14522 Name:BrowserModifier:Win32/WinShow ID:14522 Severity:High Category:Browser Modifier Path Found:containerfile:C:\Program Files\SolidWorks\sw2007cr.exe;file:C:\Program Files\SolidWorks\sw2007cr.exe->(VFS:netid.exe);file:C:\Windows\system32\wintrust32.exe;process:pid:296;service:WinTrust32 Detection Type:Concrete Detection Source:System Status:Unknown Process Name:C:\Windows\System32\svchost.exe Date: 2012-05-22 13:40:06.333 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/WinShow&threatid=14522 Name:BrowserModifier:Win32/WinShow ID:14522 Severity:High Category:Browser Modifier Path Found:file:C:\Windows\system32\wintrust32.exe;process:pid:296 Detection Type:Concrete Detection Source:System Status:Unknown Process Name:C:\Windows\System32\svchost.exe Date: 2018-07-05 08:37:11.526 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version:1.271.442.0 Previous Signature Version:1.269.1075.0 Update Source:User Signature Type:AntiSpyware Update Type:Delta Current Engine Version:1.1.15000.2 Previous Engine Version:1.1.14901.4 Error code:0x80070666 Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2018-07-05 08:37:11.525 Description: Windows Defender has encountered an error trying to update the engine. New Engine Version:1.1.15000.2 Previous Engine Version:1.1.14901.4 Update Source:User Error Code:0x80070666 Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2015-09-19 23:09:30.179 Description: Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted:Current Error Code:0x80070002 Error description:The system cannot find the file specified. Signature version:0.0.0.0 Engine version:0.0.0.0 Date: 2014-04-23 11:30:18.840 Description: Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted:Current Error Code:0x80070002 Error description:The system cannot find the file specified. Signature version:0.0.0.0 Engine version:0.0.0.0 CodeIntegrity: =================================== Date: 2015-03-11 15:15:28.001 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-11 15:15:27.657 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-11 15:15:27.299 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-11 15:15:26.940 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-11 15:07:01.025 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-11 15:07:00.604 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-11 15:07:00.199 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. Date: 2015-03-11 15:06:59.793 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz Percentage of memory in use: 49% Total physical RAM: 3453.05 MB Available physical RAM: 1744.55 MB Total Virtual: 6904.46 MB Available Virtual: 5121.67 MB ==================== Drives ================================ Drive () (Fixed) (Total:465.66 GB) (Free:387.8 GB) NTFS Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0008C1BC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  7. Bom dia, Salvei o ZA-Scan na área de trabalho, porém não consigo executá-lo de forma alguma (não acontece nada quando mando rodar como administrador). Sobre o malware, rodei por conta própria anteriormente os programas Malwarebytes, ADW e ZHP, sendo que todos detectaram prováveis malwares (já deletei os que apareceram), sendo que no ZHP detectou um tal de Hijacker.Proxy que me deixou mais preocupado, inclusive perguntando durante o scan se eu tinha criado servidores de IP 189.xxx.xxx.xxx (eram 2 IPs na mesma pergunta) que não me recordo os números completos agora. Aguardo orientações de como proceder, obrigado.
  8. É de 125W! Como vejo a temp dos VRMs? OBS.: Coloquei o dedo na placa-mãe com o PC ligado e está muito quente, não dá pra deixar o dedo parado em cima dos componentes.
  9. Boa tarde, Minha placa-mãe anterior da ASUS deu problema e eu comprei uma ASRock N68-S3 FX. Agora a temperatura do processador AMD Phenom II x4 955 BE tá sempre entre 62°C-69°C. Já tentei mexer nas configurações da BIOS mas nada muda. O que eu faço pra arrumar isso? Obrigado!
  10. 0k4m1

    Confusão com e-mails

    Pessoal, boa noite! Tenho um pequeno problema. Disponho de um domínio (www.empresa.com.br) e do email empresa@empresa.com.br. Porém, todo e-mail enviado para esse endereço é encaminhado para um e-mail do Terra (empresa@terra.com.br). Atualmente, só consigo acessar o e-mail pelo Terra Mail ou pelo Outlook Express. Tenho um grave problema com os inúmeros spams que chegam na conta (por causa do Terra) e gostaria de poder utilizar a interface do Gmail. Tem alguma forma de eu cancelar meu e-mail do Terra e utilizar meu e-mail empresa@empresa.com.br no Gmail? Já pesquisei sobre isso mas estou muito confuso e não estou conseguindo resolver. Grato pela atenção! Edit: informações extras Utilizo serviço de hospedagem do Terra e gostaria de conhecer alternativas melhores. Meu site não chega a 3 MB somando todos os arquivos hospedados.
  11. 0k4m1

    Notebook até R$ 1300

    Olá! Alguém saberia me informar se esse notebook consegue rodar bem o SolidWorks 2007? Grato!
  12. Obrigado, Bcpetronzio e FabioBz! Acho que agora já tenho informações suficientes para escolher um bom monitor! Muito obrigado mesmo! ^^
  13. Obrigado pela explicação, Bcpetronzio! Acredito então que os principais fatores que devo observar são: * tempo de resposta; * tamanho da tela; * resoluções suportadas e as respectivas taxas de atualização; * potência consumida (verifiquei que fica em torno de 20-30W, não é muito). Ah, outra coisa! Tem algo que me irrita muito no meu monitor: ele reflete a luz que entra pela janela e isso atrapalha bastante, principalmente em aplicativos ou jogos de fundo escuro... O que determina a refletividade da tela? Os monitores atuais ainda têm esse problema? Devo observar mais algum fator? Alguém recomenda algum modelo? Valeu!
  14. Obrigado! Ótimo link para comparar os preços e a qualidade dos monitores! Porém, agora fiquei com uma dúvida... Onde posso aprender sobre as vantagens e desvantagens dos monitores de LED em relação aos de LCD?
  15. Alguém poderia me ajudar a escolher um monitor para a minha GPU? Abaixo estão as especificações dela: Por favor me ajudem, tô usando um tubão VGA aqui... D: Valeu!

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×