clebermd

Novato
  • Total de itens

    24
  • Registro em

  • Última visita

Reputação

0 Neutral

Sobre clebermd

  • Rank
    Novato

Contact Methods

  • ICQ
    0
  1. Continua vindo mensagem do Avast (anexos).
  2. Olá, o Avast é que estava detectando o Alexa quando eu iniciava o computador. Depois que postei, vi em http://www.linhadefensiva.org/forum/forum/11-remoção-de-malware/ a mensagem "ÁREA ENCERRADA. NÃO SERÃO ACEITOS NOVOS TÓPICOS" ,então segui os passos de uma postagem similar no fórum (baixei e rodei nesta sequência os programas: sccleaner , adwcleaner , JRT , ZHPCleaner) e aparentemente o problema foi resolvido.
  3. Bom dia, Ao iniciar o computador (Windows 10), o Avast deu a mensagem de comportamento suspeito do programa "idp.alexa.51" e perguntou qual a ação a tomar - escolhi "corrigir automaticamente". Outras 2 vezes, ligando o computador, ocorreu a mesma situação, então entendo que o Avast não esteja conseguindo eliminar o vírus. Alguma sugestão, por favor? Obrigado, Cleber
  4. Olá Ciro, segue: C:\AdwCleaner\FileQuarantine\C\Program Files\FileViewPro\FileViewPro.exe.vir MSIL/Solvusoft.A potentially unwanted application cleaned by deleting C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\SavePass\c283ea7d-e983-46d6-9b19-c20d5ef0239a.crx.vir JS/Toolbar.Crossrider.J potentially unwanted application deleted C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\SavePass\f0726378-162d-4441-97fa-d1bfe748c5f3.crx.vir JS/Toolbar.Crossrider.E potentially unwanted application deleted C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\SavePass\f0726378-162d-4441-97fa-d1bfe748c5f3.xpi.vir JS/Toolbar.Crossrider.J potentially unwanted application deleted C:\AdwCleaner\FileQuarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir a variant of Win32/Toolbar.Widgi.W potentially unwanted application deleted C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application cleaned by deleting C:\Users\Cleber\Downloads\ccsetup517.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\lib\config.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\lib\context.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\lib\tinifying.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\minibar.functions.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\minibar.min.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\minibar.translations.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\aol.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\dailymotion.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\default_adapter.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\facebook.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\google.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\live.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\meetme.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\skyrock.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\tagged.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\twitter.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\yahoo.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc\1.26.1.1_0\scripts\minibar\adapters\youtube.js Win32/Toolbar.Iminent.I potentially unwanted application cleaned by deleting : obrigado
  5. Ciro, a navegação hoje parece ótima - acredito que a última ação (FRST64 c/ fixlist) tenha solucionado o problema. Muito obrigado! abcs. Cleber
  6. Olá Ciro, Apenas para citar, hoje observei que o Browser parou com a msg no rodapé: "aguardando d3122zpyzs6hru.cloudfront.net" , mas isso tinha sido antes do procedimento de agora com FRST64 + fixlist especificado Segue o log do FRST64 c/ fixlist : Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão:16-05-2016 Executado por Cleber (2016-05-18 16:45:17) Run:1 Executando a partir de C:\Users\Cleber\Desktop Perfis Carregados: Cleber (Perfis Disponíveis: Cleber) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: AutoConfigURL: [s-1-5-21-457408250-4245222922-2887997066-1000] => hxxp://wpad.ecsc.ecorodovias.corp/wpad.dat ManualProxies: 0hxxp://wpad.ecsc.ecorodovias.corp/wpad.dat HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM-x32 -> _tmp URL = Toolbar: HKLM - Sem Nome - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo Toolbar: HKLM - Sem Nome - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Nenhum Arquivo Toolbar: HKU\S-1-5-21-457408250-4245222922-2887997066-1000 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo Handler: livecall - Nenhum Valor CLSID Handler: msnim - Nenhum Valor CLSID R1 Bfilter; C:\windows\System32\drivers\Bfilter.sys [52032 2014-01-21] (Baidu, Inc.) R1 Bfmon; C:\windows\System32\drivers\Bfmon.sys [34624 2014-01-21] (Baidu, Inc.) R1 Bprotect; C:\windows\System32\drivers\Bprotect.sys [128992 2014-01-21] (Baidu, Inc.) U3 BcmSqlStartupSvc; não ImagePath S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X] S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X] EmptyTemp: ***************** Ponto de Restauração criado com sucesso. HKU\S-1-5-21-457408250-4245222922-2887997066-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => valor removido (a) com sucesso. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\_tmp" => chave removido (a) com sucesso. HKCR\Wow6432Node\CLSID\_tmp => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => valor removido (a) com sucesso. HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => valor removido (a) com sucesso. HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => chave não encontrado (a). HKU\S-1-5-21-457408250-4245222922-2887997066-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => valor removido (a) com sucesso. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => chave não encontrado (a). "HKCR\PROTOCOLS\Handler\livecall" => chave removido (a) com sucesso. "HKCR\PROTOCOLS\Handler\msnim" => chave removido (a) com sucesso. Bfilter => Serviço finalizado com sucesso. Bfilter => serviço removido (a) com sucesso. Bfmon => Serviço finalizado com sucesso. Bfmon => serviço removido (a) com sucesso. Bprotect => Não foi possível finalizar o serviço. Bprotect => serviço removido (a) com sucesso. BcmSqlStartupSvc => serviço removido (a) com sucesso. BdApiUtil => serviço removido (a) com sucesso. BdCameraProtect => serviço removido (a) com sucesso. EmptyTemp: => 1.3 GB de dados temporários Removidos. O sistema precisou ser reiniciado. ==== Fim de Fixlog 16:48:14 ==== obrigado, Cleber
  7. Olá Ciro, segue: seguem os 2 logs anexos (colando o texto excedeu o limite e deu erro) Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:16-05-2016 Executado por Cleber (administrador) em CLEBER-NOTEBOOK (17-05-2016 15:30:26) Executando a partir de C:\Users\Cleber\Desktop Perfis Carregados: Cleber (Perfis Disponíveis: Cleber) Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Dropbox, Inc.) C:\Users\Cleber\AppData\Roaming\Dropbox\bin\Dropbox.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil) Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\Run: [Dropbox Update] => C:\Users\Cleber\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.) HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\MountPoints2: G - G:\dlusb_launcherC120.exe HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\MountPoints2: {e92a9b77-ab6c-11e3-b64e-f07bcbf98490} - E:\dlusb_launcherC120.exe HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\MountPoints2: {fefefdcf-62b1-11e3-ac1f-f07bcbf98490} - E:\LaunchU3.exe -a HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [774992 2009-07-26] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-12-18] (Microsoft Corporation) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco) ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-06] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) Startup: C:\Users\Cleber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-13] ShortcutTarget: Dropbox.lnk -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk * ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) AutoConfigURL: [s-1-5-21-457408250-4245222922-2887997066-1000] => hxxp://wpad.ecsc.ecorodovias.corp/wpad.dat Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{514BC158-1B3F-4B21-BEE2-A8FE5DC86F42}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CF99706F-67F0-4DB1-9FF1-2722CD0241DA}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{FFD1385C-1AB8-4F3C-BB64-6641BF766EDE}: [DhcpNameServer] 172.20.10.1 ManualProxies: 0hxxp://wpad.ecsc.ecorodovias.corp/wpad.dat Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-457408250-4245222922-2887997066-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/?gfe_rd=cr&ei=ndX6VuHFMs3K8geu1oGQAQ&gws_rd=ssl HKU\S-1-5-21-457408250-4245222922-2887997066-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-457408250-4245222922-2887997066-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 HKU\S-1-5-21-457408250-4245222922-2887997066-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mail.uol.com.br/?xc=0434c9dad1e822f0fc078cb2aae7b18e#/webmail/0//INBOX/page:1 SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> _tmp URL = SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-457408250-4245222922-2887997066-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-457408250-4245222922-2887997066-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-06] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-23] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-06] (AVAST Software) BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-23] (Oracle Corporation) Toolbar: HKLM - Sem Nome - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo Toolbar: HKLM - Sem Nome - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Nenhum Arquivo Toolbar: HKU\S-1-5-21-457408250-4245222922-2887997066-1000 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo Handler: livecall - Nenhum Valor CLSID Handler: msnim - Nenhum Valor CLSID Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-01-12] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Cleber\AppData\Roaming\Mozilla\Firefox\Profiles\25mpn989.default-1435887137674 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] () FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-23] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-457408250-4245222922-2887997066-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Cleber\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-24] (Citrix Online) FF Plugin HKU\S-1-5-21-457408250-4245222922-2887997066-1000: gastecnologia.com.br/sf/bb64 -> C:\Users\Cleber\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [Nenhum Arquivo] FF Plugin HKU\S-1-5-21-457408250-4245222922-2887997066-1000: gastecnologia.com.br/sf/gas64 -> C:\Users\Cleber\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [Nenhum Arquivo] FF Plugin HKU\S-1-5-21-457408250-4245222922-2887997066-1000: gastecnologia.com.br/sf/uni -> C:\Users\Cleber\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-08-26] (GAS Tecnologia) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Cleber\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-25] (Cisco WebEx LLC) FF SearchPlugin: C:\Users\Cleber\AppData\Roaming\Mozilla\Firefox\Profiles\25mpn989.default-1435887137674\searchplugins\google-avast.xml [2016-04-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-06] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-06] FF HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Cleber\AppData\Local\GAS Tecnologia\GBBD\abn\xpi => não encontrado (a) FF HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Cleber\AppData\Local\GAS Tecnologia\GBBD\uni\xpi FF Extension: Guardião - Itaú 30 horas - C:\Users\Cleber\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-11-18] [não assinado] FF HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Cleber\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => não encontrado (a) Chrome: ======= CHR HomePage: Default -> hxxp://www.uol.com.br/ CHR StartupUrls: Default -> "hxxp://www.uol.com.br/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Rapport) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-05-13] CHR Extension: (Avast Online Security) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-13] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-13] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-13] CHR HKU\S-1-5-21-457408250-4245222922-2887997066-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-457408250-4245222922-2887997066-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-06] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-06] (AVAST Software) S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2014-12-09] (Box, Inc.) S3 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo) S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2382832 2016-05-10] (IBM Corp.) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6348560 2015-10-29] (TeamViewer GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [847072 2015-09-25] (GAS Tecnologia LTDA) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-06] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-06] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-06] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-06] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-06] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-06] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-06] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-06] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-06] (AVAST Software) R1 Bfilter; C:\windows\System32\drivers\Bfilter.sys [52032 2014-01-21] (Baidu, Inc.) R1 Bfmon; C:\windows\System32\drivers\Bfmon.sys [34624 2014-01-21] (Baidu, Inc.) R1 Bprotect; C:\windows\System32\drivers\Bprotect.sys [128992 2014-01-21] (Baidu, Inc.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-05-17] (GAS Tecnologia) R1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-08-26] (GAS Tecnologia) S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia) R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia) R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-05-19] (Glarysoft Ltd) R1 RapportCerberus_1609040; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609040.sys [1157160 2016-05-12] (IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-10] (IBM Corp.) R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-10] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-10] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-10] (IBM Corp.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-16] (Duplex Secure Ltd.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-04] () R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [215168 2010-03-18] (Vimicro Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-08-26] (GAS Tecnologia LTDA) R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-05-16] (GAS Tecnologia) R1 wsddpp; C:\windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia) U3 BcmSqlStartupSvc; não ImagePath S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X] S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] U3 IGRS; não ImagePath U2 IviRegMgr; não ImagePath U2 ReadyComm.DirectRouter; não ImagePath U2 RichVideo; não ImagePath ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-05-17 15:30 - 2016-05-17 15:32 - 00026898 _____ C:\Users\Cleber\Desktop\FRST.txt 2016-05-17 15:29 - 2016-05-17 15:30 - 00000000 ____D C:\FRST 2016-05-17 15:28 - 2016-05-17 15:29 - 02382336 _____ (Farbar) C:\Users\Cleber\Desktop\FRST64.exe 2016-05-16 14:31 - 2016-05-16 14:31 - 00000000 ____D C:\Users\Cleber\AppData\Local\GWX 2016-05-13 18:19 - 2016-05-13 18:19 - 00010870 _____ C:\Users\Cleber\Desktop\Malwarebytes_log_apos_limpeza.txt 2016-05-13 18:18 - 2016-05-13 18:18 - 00010857 _____ C:\Users\Cleber\Desktop\Malwarebytes_log.txt 2016-05-13 16:41 - 2016-05-13 16:41 - 00008316 _____ C:\Users\Cleber\Desktop\ZHPCleaner.txt 2016-05-13 16:30 - 2016-05-13 18:26 - 00000838 _____ C:\Users\Cleber\Desktop\ZHPCleaner.lnk 2016-05-13 16:30 - 2016-05-13 16:41 - 00000000 ____D C:\Users\Cleber\AppData\Roaming\ZHP 2016-05-13 16:29 - 2016-05-13 16:29 - 00004707 _____ C:\Users\Cleber\Desktop\JRT.txt 2016-05-13 15:46 - 2016-05-13 15:46 - 00000000 ____D C:\Users\Cleber\Documents\ProcAlyzer Dumps 2016-05-13 15:27 - 2016-05-13 15:28 - 00001878 _____ C:\Users\Cleber\Desktop\sc-cleaner.txt 2016-05-13 15:20 - 2016-05-13 15:20 - 02258944 _____ C:\Users\Cleber\Desktop\ZHPCleaner.exe 2016-05-13 15:15 - 2016-05-13 15:15 - 03640384 _____ C:\Users\Cleber\Desktop\adwcleaner_5.116.exe 2016-05-13 15:15 - 2016-05-13 15:15 - 01610816 _____ (Malwarebytes) C:\Users\Cleber\Desktop\JRT.exe 2016-05-13 15:14 - 2016-05-13 15:14 - 00003856 _____ C:\Users\Cleber\Desktop\linhadefensiva.txt 2016-05-13 15:11 - 2016-05-13 15:11 - 00464200 _____ (Bleeping Computer, LLC) C:\Users\Cleber\Desktop\sc-cleaner.exe 2016-05-12 18:12 - 2016-05-12 18:12 - 00002345 _____ C:\Users\Cleber\Desktop\FSS.txt 2016-05-12 18:03 - 2016-05-12 18:10 - 00000512 _____ C:\Users\Cleber\Desktop\Dump_Hdd0_DR0.mbr 2016-05-12 17:23 - 2016-05-12 17:23 - 00000000 ____D C:\Users\Cleber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-05-12 16:47 - 2016-05-12 16:47 - 00035588 _____ C:\Users\Cleber\Desktop\ZA-Scan.txt 2016-05-12 16:42 - 2016-05-12 16:42 - 00035588 _____ C:\ZA-Scan.txt 2016-05-12 16:24 - 2016-05-17 14:13 - 00000000 ____D C:\Users\Cleber\AppData\Local\CrashDumps 2016-05-12 14:43 - 2016-05-12 14:43 - 00899584 _____ (Farbar) C:\Users\Cleber\Desktop\FSS.exe 2016-05-12 14:42 - 2016-05-12 14:42 - 00147456 _____ (Eric_71) C:\Users\Cleber\Desktop\MbrScan.exe 2016-05-12 14:39 - 2016-05-12 14:39 - 01370112 _____ C:\Users\Cleber\Desktop\ZA-Scan.exe 2016-05-12 14:38 - 2016-05-12 14:38 - 01370112 _____ C:\Users\Cleber\Downloads\ZA-Scan.exe 2016-05-12 14:38 - 2016-05-12 14:38 - 00000000 ____D C:\zoek_backup 2016-05-12 13:41 - 2016-05-12 13:41 - 00015753 _____ C:\Users\Cleber\Downloads\designer (7).application 2016-05-12 13:03 - 2016-05-12 13:03 - 00502688 _____ (Blackfish Software) C:\Users\Cleber\Downloads\ietabhelper.exe 2016-05-12 13:03 - 2016-05-12 13:03 - 00000000 ____D C:\Users\Cleber\AppData\Local\IE Tab 2016-05-12 12:46 - 2016-05-12 12:46 - 22180536 _____ (Microsoft Corporation) C:\Users\Cleber\Downloads\VisioViewer64bit_pt-br.exe 2016-05-12 12:07 - 2016-05-13 18:26 - 00002179 _____ C:\Users\Cleber\Desktop\Itaú.lnk 2016-05-12 12:07 - 2016-05-12 12:07 - 00000000 ____D C:\Users\Cleber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú 2016-05-11 09:29 - 2016-04-23 14:08 - 00394960 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2016-05-11 09:29 - 2016-04-23 13:24 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2016-05-11 09:29 - 2016-04-23 02:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2016-05-11 09:29 - 2016-04-23 02:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2016-05-11 09:29 - 2016-04-23 02:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2016-05-11 09:29 - 2016-04-23 02:00 - 02893312 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2016-05-11 09:29 - 2016-04-23 02:00 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2016-05-11 09:29 - 2016-04-23 02:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2016-05-11 09:29 - 2016-04-23 02:00 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2016-05-11 09:29 - 2016-04-23 02:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2016-05-11 09:29 - 2016-04-23 01:52 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2016-05-11 09:29 - 2016-04-23 01:51 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2016-05-11 09:29 - 2016-04-23 01:48 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2016-05-11 09:29 - 2016-04-23 01:47 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2016-05-11 09:29 - 2016-04-23 01:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2016-05-11 09:29 - 2016-04-23 01:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2016-05-11 09:29 - 2016-04-23 01:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2016-05-11 09:29 - 2016-04-23 01:46 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2016-05-11 09:29 - 2016-04-23 01:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2016-05-11 09:29 - 2016-04-23 01:36 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2016-05-11 09:29 - 2016-04-23 01:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2016-05-11 09:29 - 2016-04-23 01:27 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2016-05-11 09:29 - 2016-04-23 01:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2016-05-11 09:29 - 2016-04-23 01:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2016-05-11 09:29 - 2016-04-23 01:21 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2016-05-11 09:29 - 2016-04-23 01:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2016-05-11 09:29 - 2016-04-23 01:20 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2016-05-11 09:29 - 2016-04-23 01:11 - 20350464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2016-05-11 09:29 - 2016-04-23 01:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2016-05-11 09:29 - 2016-04-23 01:08 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2016-05-11 09:29 - 2016-04-23 01:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2016-05-11 09:29 - 2016-04-23 01:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2016-05-11 09:29 - 2016-04-23 01:07 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2016-05-11 09:29 - 2016-04-23 01:07 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2016-05-11 09:29 - 2016-04-23 01:07 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2016-05-11 09:29 - 2016-04-23 01:06 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2016-05-11 09:29 - 2016-04-23 01:06 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2016-05-11 09:29 - 2016-04-23 01:05 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2016-05-11 09:29 - 2016-04-23 01:04 - 02285568 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2016-05-11 09:29 - 2016-04-23 01:02 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2016-05-11 09:29 - 2016-04-23 01:01 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2016-05-11 09:29 - 2016-04-23 01:00 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2016-05-11 09:29 - 2016-04-23 00:59 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2016-05-11 09:29 - 2016-04-23 00:58 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2016-05-11 09:29 - 2016-04-23 00:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2016-05-11 09:29 - 2016-04-23 00:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2016-05-11 09:29 - 2016-04-23 00:51 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2016-05-11 09:29 - 2016-04-23 00:50 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2016-05-11 09:29 - 2016-04-23 00:45 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-11 09:29 - 2016-04-23 00:44 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2016-05-11 09:29 - 2016-04-23 00:43 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2016-05-11 09:29 - 2016-04-23 00:41 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2016-05-11 09:29 - 2016-04-23 00:40 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2016-05-11 09:29 - 2016-04-23 00:39 - 01547776 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2016-05-11 09:29 - 2016-04-23 00:39 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2016-05-11 09:29 - 2016-04-23 00:36 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2016-05-11 09:29 - 2016-04-23 00:33 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2016-05-11 09:29 - 2016-04-23 00:31 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2016-05-11 09:29 - 2016-04-23 00:30 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2016-05-11 09:29 - 2016-04-23 00:30 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2016-05-11 09:29 - 2016-04-23 00:28 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2016-05-11 09:29 - 2016-04-23 00:26 - 13811200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2016-05-11 09:29 - 2016-04-23 00:12 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2016-05-11 09:29 - 2016-04-23 00:09 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2016-05-11 09:29 - 2016-04-23 00:07 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2016-05-11 09:29 - 2016-04-14 10:49 - 00603648 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll 2016-05-11 09:29 - 2016-04-14 10:21 - 00647680 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll 2016-05-11 09:29 - 2016-04-09 04:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2016-05-11 09:29 - 2016-04-09 04:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys 2016-05-11 09:29 - 2016-04-09 03:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2016-05-11 09:29 - 2016-04-09 03:57 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2016-05-11 09:29 - 2016-04-09 03:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll 2016-05-11 09:29 - 2016-04-09 03:54 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2016-05-11 09:29 - 2016-04-09 03:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2016-05-11 09:29 - 2016-04-09 02:49 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2016-05-11 09:29 - 2016-03-09 15:54 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll 2016-05-11 09:29 - 2016-03-09 15:34 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll 2016-05-11 09:28 - 2016-04-23 02:25 - 25816064 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2016-05-11 09:27 - 2016-04-09 04:02 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi 2016-05-11 09:27 - 2016-04-09 04:01 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2016-05-11 09:27 - 2016-04-09 04:01 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2016-05-11 09:27 - 2016-04-09 04:01 - 00154344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2016-05-11 09:27 - 2016-04-09 04:01 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2016-05-11 09:27 - 2016-04-09 03:59 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2016-05-11 09:27 - 2016-04-09 03:59 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2016-05-11 09:27 - 2016-04-09 03:59 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2016-05-11 09:27 - 2016-04-09 03:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 02:52 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe 2016-05-11 09:27 - 2016-04-09 02:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys 2016-05-11 09:27 - 2016-04-09 02:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe 2016-05-11 09:27 - 2016-04-09 02:51 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2016-05-11 09:27 - 2016-04-09 02:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2016-05-11 09:27 - 2016-04-09 02:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2016-05-11 09:27 - 2016-04-09 02:44 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2016-05-11 09:27 - 2016-04-09 02:44 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2016-05-11 09:27 - 2016-04-09 02:44 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2016-05-11 09:27 - 2016-04-09 02:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2016-05-11 09:27 - 2016-04-09 02:43 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2016-05-11 09:27 - 2016-04-09 02:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2016-05-11 09:27 - 2016-04-09 02:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2016-05-11 09:27 - 2016-04-09 02:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2016-05-11 09:27 - 2016-04-09 02:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2016-05-11 09:27 - 2016-04-09 02:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2016-05-11 09:27 - 2016-04-09 02:37 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll 2016-05-11 09:27 - 2016-04-09 02:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 02:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 02:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 09:27 - 2016-04-09 02:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-11 09:24 - 2016-04-09 01:20 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2016-05-11 09:24 - 2016-04-09 00:52 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2016-05-10 10:19 - 2016-05-10 10:19 - 01937165 _____ C:\Users\Cleber\Desktop\SAO CRISTOVAO SAUDE-PF_Março.pdf 2016-05-09 10:48 - 2016-05-09 11:27 - 00000000 ____D C:\HijackThis 2016-05-06 18:57 - 2016-05-06 18:56 - 00398152 _____ C:\windows\system32\aswBoot.exe 2016-05-06 18:56 - 2016-05-06 18:56 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr 2016-05-06 13:58 - 2016-05-06 13:58 - 00000000 ____D C:\Program Files (x86)\ESET 2016-05-06 12:26 - 2016-05-13 18:28 - 00000903 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk 2016-05-06 12:26 - 2016-05-13 18:27 - 00000891 _____ C:\Users\Public\Desktop\Microsoft Fix it Center.lnk 2016-05-06 12:26 - 2016-05-06 12:29 - 00000000 ____D C:\windows\MATS 2016-05-06 12:26 - 2016-05-06 12:29 - 00000000 ____D C:\Program Files\Microsoft Fix it Center 2016-05-06 11:09 - 2016-05-06 11:09 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe 2016-05-06 11:09 - 2016-05-06 11:09 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA 2016-05-06 11:06 - 2016-05-06 11:06 - 05299844 _____ C:\Users\Cleber\Downloads\Fábrica Triunfo.zip 2016-05-06 08:55 - 2016-05-06 12:24 - 00000000 ____D C:\Users\Cleber\AppData\Local\ElevatedDiagnostics 2016-05-05 16:44 - 2016-05-05 16:44 - 46346456 _____ (Microsoft Corporation) C:\Users\Cleber\Downloads\Windows-KB890830-V5.35.exe 2016-05-05 16:33 - 2016-05-05 16:34 - 124634384 _____ (Microsoft Corporation) C:\Users\Cleber\Downloads\msert (32bits).exe 2016-05-05 16:29 - 2016-05-05 16:30 - 14343872 _____ (Microsoft Corporation) C:\Users\Cleber\Downloads\mseinstall.exe 2016-05-05 13:55 - 2016-05-05 13:55 - 01687735 _____ C:\Users\Cleber\Downloads\TPI-Plano_Dashboard v2.pptx 2016-05-05 08:55 - 2016-05-05 08:56 - 01632144 _____ (Microsoft Corporation) C:\Users\Cleber\Downloads\setupconsumerc2rolw (1).exe 2016-05-04 18:33 - 2016-05-04 18:33 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys 2016-05-04 18:32 - 2016-05-05 13:52 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller 2016-05-04 18:32 - 2016-05-05 13:52 - 00000000 ____D C:\ProgramData\RogueKiller 2016-05-04 18:22 - 2016-05-13 15:35 - 00000000 ____D C:\AdwCleaner 2016-05-04 18:21 - 2016-05-04 18:22 - 19779656 _____ C:\Users\Cleber\Downloads\RogueKiller.exe 2016-05-04 18:21 - 2016-05-04 18:21 - 03615296 _____ C:\Users\Cleber\Downloads\adwcleaner_5.115.exe 2016-05-04 17:23 - 2016-05-04 17:25 - 126820632 _____ (Microsoft Corporation) C:\Users\Cleber\Downloads\msert.exe 2016-05-04 17:22 - 2016-05-04 17:22 - 47116504 _____ (Microsoft Corporation) C:\Users\Cleber\Downloads\Windows-KB890830-x64-V5.35.exe 2016-05-04 16:55 - 2016-05-12 15:39 - 00466896 _____ C:\windows\system32\FNTCACHE.DAT 2016-05-04 16:05 - 2016-05-04 16:05 - 00120736 _____ C:\Users\Cleber\AppData\Local\GDIPFONTCACHEV1.DAT 2016-05-04 15:44 - 2016-05-04 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-05-04 15:43 - 2016-05-04 15:43 - 06882192 _____ (Piriform Ltd) C:\Users\Cleber\Downloads\ccsetup517.exe 2016-05-02 17:22 - 2016-05-02 17:21 - 03213048 _____ (Banco Itaú) C:\Users\Cleber\Downloads\DiagnosticoItau.exe 2016-05-02 12:20 - 2016-05-02 12:20 - 00367173 _____ C:\Users\Cleber\Downloads\20160502 Relatório_de_Andamento_de_Projeto.pdf 2016-04-30 14:47 - 2016-04-30 15:13 - 00002508 _____ C:\Users\Cleber\Desktop\analise artigo.txt 2016-04-29 15:01 - 2016-04-29 15:28 - 00000000 ____D C:\Users\Cleber\Documents\DropboxBKP29abr16 2016-04-29 14:59 - 2016-04-29 15:25 - 00000000 ____D C:\Users\Cleber\Documents\GoogleDriveBKP29abr16 2016-04-29 14:04 - 2016-04-29 14:17 - 00000000 ____D C:\Users\Cleber\Documents\tetris 2016-04-29 14:04 - 2016-04-29 14:05 - 00000000 ____D C:\Users\Cleber\Documents\xtetris 2016-04-28 15:16 - 2016-04-28 15:16 - 01632144 _____ (Microsoft Corporation) C:\Users\Cleber\Downloads\setupconsumerc2rolw.exe 2016-04-26 13:45 - 2016-04-26 13:49 - 00000000 ____D C:\Users\Cleber\Documents\Youcam 2016-04-25 09:48 - 2016-04-25 09:48 - 01087483 _____ C:\Users\Cleber\Desktop\INTMAN_2016_103_Original_V1.pdf 2016-04-23 11:33 - 2016-04-23 11:34 - 00738880 _____ (Oracle Corporation) C:\Users\Cleber\Downloads\jxpiinstall.exe 2016-04-22 10:58 - 2016-04-22 10:59 - 00369958 _____ C:\Users\Cleber\Downloads\20160422 Relatório_de_Andamento_de_Projeto.pdf 2016-04-20 14:24 - 2016-04-20 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB 2016-04-20 14:24 - 2016-04-20 14:24 - 00000000 ____D C:\Program Files (x86)\Programas RFB 2016-04-20 14:23 - 2016-04-20 14:23 - 00000000 ____D C:\Users\Cleber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2016 2016-04-20 14:22 - 2016-04-20 14:23 - 25941472 _____ (Receita Federal do Brasil) C:\Users\Cleber\Downloads\IRPF2016Win32v1.2.exe 2016-04-20 14:22 - 2016-04-20 14:23 - 06191735 _____ (Serpro - Serviço Federal de Processamento de Dados) C:\Users\Cleber\Downloads\Receitanet-1.07.exe 2016-04-20 10:59 - 2016-04-20 10:59 - 00020647 _____ C:\Users\Cleber\Desktop\251_71178523_voucher_10000001404546E20160419184605.pdf 2016-04-19 11:52 - 2016-04-19 11:52 - 00018439 _____ C:\Users\Cleber\Downloads\12ba41f9fdba2191826543c31f4a1-2016-DAS_2016040732_493776806.pdf 2016-04-19 11:01 - 2016-04-19 11:01 - 00156459 _____ C:\Users\Cleber\Downloads\S0114440010268680000000000160415.pdf ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-05-17 15:33 - 2015-09-03 15:00 - 00028888 _____ (GAS Tecnologia) C:\windows\system32\Drivers\gbpddfac64.sys 2016-05-17 15:31 - 2014-09-01 09:23 - 00000000 ____D C:\Users\Cleber\AppData\Local\Deployment 2016-05-17 15:30 - 2009-07-14 01:45 - 00016944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-17 15:30 - 2009-07-14 01:45 - 00016944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-17 15:21 - 2013-12-11 21:30 - 00001070 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-17 15:18 - 2015-06-19 17:42 - 00001034 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-457408250-4245222922-2887997066-1000UA.job 2016-05-17 15:18 - 2015-03-24 18:01 - 00000568 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-457408250-4245222922-2887997066-1000.job 2016-05-17 14:13 - 2013-12-11 21:50 - 00002244 _____ C:\Users\Cleber\Documents\Default.rdp 2016-05-17 13:37 - 2015-06-23 17:43 - 00000664 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-457408250-4245222922-2887997066-1000.job 2016-05-17 11:38 - 2014-08-01 13:28 - 00000000 ____D C:\Users\Cleber\AppData\Local\CutePDF Writer 2016-05-17 08:45 - 2015-06-19 17:42 - 00000982 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-457408250-4245222922-2887997066-1000Core.job 2016-05-17 08:32 - 2013-12-11 21:31 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2016-05-16 14:22 - 2013-12-12 11:30 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2016-05-16 14:22 - 2013-12-12 11:30 - 00000000 ____D C:\ProgramData\GbPlugin 2016-05-16 13:40 - 2015-10-27 11:55 - 00000000 ___RD C:\Users\Cleber\Dropbox (CTGI) 2016-05-16 13:39 - 2013-12-12 17:13 - 00000000 ___RD C:\Users\Cleber\Dropbox (Pessoal) 2016-05-16 13:36 - 2013-12-12 11:30 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2016-05-16 13:34 - 2015-11-19 18:54 - 00101080 _____ (GAS Tecnologia) C:\windows\system32\Drivers\wsddfac.sys 2016-05-16 13:33 - 2009-07-14 02:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-05-16 09:10 - 2010-10-07 22:07 - 00706008 _____ C:\windows\system32\prfh0416.dat 2016-05-16 09:10 - 2010-10-07 22:07 - 00147848 _____ C:\windows\system32\prfc0416.dat 2016-05-16 09:10 - 2009-07-14 02:13 - 01635826 _____ C:\windows\system32\PerfStringBackup.INI 2016-05-16 09:10 - 2009-07-14 00:20 - 00000000 ____D C:\windows\inf 2016-05-13 18:33 - 2014-04-22 11:54 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-13 18:28 - 2016-03-23 18:37 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-05-13 18:28 - 2015-12-04 10:12 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2016-05-13 18:28 - 2015-08-03 15:39 - 00002127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2016-05-13 18:28 - 2015-06-03 10:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-13 18:28 - 2015-04-02 13:04 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-05-13 18:28 - 2015-04-02 11:24 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2016-05-13 18:28 - 2014-11-27 09:41 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2016-05-13 18:28 - 2014-11-27 09:41 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2016-05-13 18:28 - 2014-11-18 11:14 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-05-13 18:28 - 2014-02-19 13:18 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2016-05-13 18:28 - 2014-01-23 15:45 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-05-13 18:28 - 2013-12-19 15:48 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2016-05-13 18:28 - 2013-12-11 21:30 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-13 18:28 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-05-13 18:28 - 2009-07-14 01:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2016-05-13 18:28 - 2009-07-14 01:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-05-13 18:28 - 2009-07-14 01:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-05-13 18:28 - 2009-07-14 01:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-05-13 18:27 - 2016-03-23 18:37 - 00001125 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-05-13 18:27 - 2016-02-24 18:21 - 00001951 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk 2016-05-13 18:27 - 2013-12-11 21:22 - 00001349 _____ C:\Users\Cleber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-13 18:27 - 2010-11-04 13:44 - 00002127 _____ C:\Users\Public\Desktop\Lenovo DirectShare.lnk 2016-05-13 18:27 - 2010-11-04 13:43 - 00002079 _____ C:\Users\Public\Desktop\Lenovo PowerDVD 9.lnk 2016-05-13 18:27 - 2009-07-14 02:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-05-13 18:27 - 2009-07-14 01:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-05-13 18:26 - 2016-02-22 18:40 - 00001147 _____ C:\Users\Cleber\Desktop\ViPowER USB2.0 Storage Device - Atalho.lnk 2016-05-13 18:26 - 2013-12-11 21:22 - 00002605 _____ C:\Users\Cleber\Desktop\CyberLink YouCam.lnk 2016-05-13 18:26 - 2013-12-11 21:22 - 00002239 _____ C:\Users\Cleber\Desktop\OneKey Recovery.lnk 2016-05-13 18:26 - 2013-12-11 21:22 - 00001122 _____ C:\Users\Cleber\Desktop\Cyberlink Power2Go.lnk 2016-05-13 18:21 - 2010-11-04 13:45 - 00000000 ____D C:\windows\PCHEALTH 2016-05-13 15:54 - 2014-07-24 12:00 - 00000000 ____D C:\Users\Cleber\AppData\Roaming\IObit 2016-05-12 17:35 - 2015-01-08 08:05 - 00000000 ____D C:\Users\Cleber\AppData\LocalLow\WebEx 2016-05-12 17:23 - 2013-12-12 17:01 - 00000000 ____D C:\Users\Cleber\AppData\Roaming\Dropbox 2016-05-12 15:45 - 2014-12-11 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer 2016-05-12 15:36 - 2014-12-11 17:08 - 00000000 ____D C:\windows\system32\appraiser 2016-05-12 15:26 - 2014-03-29 12:03 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2016-05-12 15:25 - 2016-02-24 19:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-05-12 15:16 - 2014-01-29 09:06 - 00000000 ____D C:\windows\system32\MRT 2016-05-12 14:54 - 2014-01-29 09:06 - 139319312 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2016-05-12 12:47 - 2016-02-24 19:34 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2016-05-12 12:47 - 2016-02-24 19:34 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-05-12 12:20 - 2015-05-25 10:54 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-12 12:07 - 2016-02-29 10:11 - 00000000 ____D C:\Users\Cleber\AppData\Local\Aplicativo Itau 2016-05-11 17:04 - 2015-01-08 08:06 - 00000000 ____D C:\Users\Cleber\AppData\Roaming\webex 2016-05-11 15:34 - 2015-01-08 08:05 - 00000000 ____D C:\Users\Todos os Usuários\WebEx 2016-05-11 15:34 - 2015-01-08 08:05 - 00000000 ____D C:\ProgramData\WebEx 2016-05-11 09:38 - 2015-06-23 17:43 - 00003706 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-457408250-4245222922-2887997066-1000 2016-05-11 09:38 - 2015-03-24 18:01 - 00003610 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-457408250-4245222922-2887997066-1000 2016-05-11 08:16 - 2013-12-11 21:30 - 00004066 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 08:16 - 2013-12-11 21:30 - 00003814 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-11 08:16 - 2013-12-11 21:30 - 00001066 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-11 08:07 - 2009-07-13 23:34 - 00000580 _____ C:\windows\win.ini 2016-05-10 20:35 - 2015-06-18 15:14 - 00215560 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportHades64.sys 2016-05-10 20:35 - 2014-12-11 16:57 - 00470056 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys 2016-05-10 10:47 - 2015-02-09 12:22 - 00009039 _____ C:\Users\Cleber\Desktop\AGENDA.txt 2016-05-06 19:04 - 2016-03-23 18:37 - 00003910 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1458769052 2016-05-06 18:56 - 2014-04-28 21:15 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys 2016-05-06 18:56 - 2014-01-04 09:00 - 00166432 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2016-05-06 18:56 - 2013-12-11 21:29 - 00465792 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2016-05-06 18:56 - 2013-12-11 21:29 - 00287528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys 2016-05-06 18:56 - 2013-12-11 21:29 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2016-05-06 18:56 - 2013-12-11 21:29 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2016-05-06 18:56 - 2013-12-11 21:29 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys 2016-05-06 18:55 - 2016-03-23 18:37 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys 2016-05-06 18:55 - 2013-12-11 21:29 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2016-05-06 18:54 - 2015-11-26 12:16 - 00024288 ____N (AVAST Software) C:\windows\system32\Drivers\ngiodriver_x64 2016-05-06 12:03 - 2015-04-02 11:22 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5 2016-05-06 09:21 - 2015-04-06 09:01 - 00000000 ___SD C:\windows\SysWOW64\GWX 2016-05-06 09:21 - 2015-04-06 09:01 - 00000000 ___SD C:\windows\system32\GWX 2016-05-06 09:06 - 2015-12-03 12:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-05-04 16:57 - 2015-04-18 10:07 - 00000902 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2016-05-04 16:51 - 2013-12-11 21:33 - 01601100 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2016-05-04 16:03 - 2015-04-02 11:24 - 00003328 _____ C:\windows\System32\Tasks\GlaryInitialize 5 2016-05-04 16:02 - 2015-12-10 11:04 - 00002808 _____ C:\windows\System32\Tasks\CCleanerSkipUAC 2016-05-04 16:02 - 2015-04-18 10:07 - 00003842 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2016-05-04 16:00 - 2015-09-01 13:38 - 00000000 ____D C:\Program Files (x86)\7-Zip 2016-05-04 15:54 - 2009-07-14 00:20 - 00000000 ____D C:\windows\system32\NDF 2016-05-03 18:34 - 2014-01-05 21:24 - 00000000 ____D C:\Users\Cleber\AppData\Roaming\Skype 2016-05-03 18:32 - 2015-12-08 15:35 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-05-03 18:32 - 2014-01-05 21:23 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-05-03 18:32 - 2014-01-05 21:23 - 00000000 ____D C:\ProgramData\Skype 2016-05-02 17:25 - 2010-11-04 13:38 - 00000000 ____D C:\Users\Todos os Usuários\Temp 2016-05-02 17:25 - 2010-11-04 13:38 - 00000000 ____D C:\ProgramData\Temp 2016-04-29 19:26 - 2013-12-12 16:52 - 00000000 ___RD C:\Users\Cleber\Google Drive 2016-04-28 13:26 - 2014-04-22 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-04-28 13:26 - 2014-04-22 11:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-04-28 12:53 - 2013-12-12 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-04-26 13:45 - 2013-12-19 16:33 - 00000000 ____D C:\Users\Cleber\AppData\Local\Cyberlink 2016-04-26 12:14 - 2014-04-23 15:42 - 00000000 ____D C:\Users\Cleber\.receitanet 2016-04-23 11:42 - 2013-12-13 18:35 - 00000000 ____D C:\Users\Todos os Usuários\Oracle 2016-04-23 11:42 - 2013-12-13 18:35 - 00000000 ____D C:\ProgramData\Oracle 2016-04-23 11:41 - 2014-08-07 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-04-23 11:41 - 2014-08-07 15:42 - 00000000 ____D C:\Program Files (x86)\Java 2016-04-23 11:39 - 2015-08-31 11:22 - 00000000 ____D C:\Users\Cleber\.oracle_jre_usage 2016-04-23 11:38 - 2015-11-03 14:24 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2016-04-21 15:05 - 2013-12-11 22:00 - 00453288 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2016-04-20 14:24 - 2014-10-03 17:39 - 00000176 _____ C:\windows\REC-NET.INI 2016-04-20 14:24 - 2014-04-21 13:27 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry 2016-04-20 14:23 - 2014-04-21 13:27 - 00000000 ____D C:\Arquivos de Programas RFB ==================== Arquivos na raiz de alguns diretórios ======= 2014-07-16 18:33 - 2014-07-16 18:33 - 0015664 _____ () C:\Users\Cleber\AppData\Roaming\unins001.dat 2014-05-09 13:37 - 2014-05-12 15:37 - 0000064 _____ () C:\Users\Cleber\AppData\Roaming\WB.CFG 2015-04-24 18:25 - 2015-04-24 18:25 - 0003584 _____ () C:\Users\Cleber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-20 22:47 - 2015-06-02 14:14 - 0007610 _____ () C:\Users\Cleber\AppData\Local\Resmon.ResmonCfg 2013-12-19 16:00 - 2013-12-19 16:00 - 0000085 ___SH () C:\ProgramData\.zreglib 2014-10-02 11:33 - 2014-10-11 11:57 - 0001534 _____ () C:\ProgramData\ss.ini Alguns arquivos em TEMP: ==================== C:\Users\Cleber\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\windows\explorer.exe => O arquivo é assinado digitalmente C:\windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\windows\system32\services.exe => O arquivo é assinado digitalmente C:\windows\system32\User32.dll => O arquivo é assinado digitalmente C:\windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-05-09 12:25 ==================== Fim de FRST.txt ============================ obrigado e o ADDITION.TXT : Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:16-05-2016 Executado por Cleber (2016-05-17 15:34:26) Executando a partir de C:\Users\Cleber\Desktop Windows 7 Home Basic Service Pack 1 (X64) (2013-12-12 00:22:18) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-457408250-4245222922-2887997066-500 - Administrator - Disabled) Cleber (S-1-5-21-457408250-4245222922-2887997066-1000 - Administrator - Enabled) => C:\Users\Cleber Convidado (S-1-5-21-457408250-4245222922-2887997066-501 - Limited - Enabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) 7z Extractor (HKLM-x32\...\{FA71EF19-3822-44F1-B843-B84CA34266CB}_is1) (Version: - 7zextractor.com) 7-Zip 15.14 (HKLM-x32\...\{23170F69-40C1-2701-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) Any Video Converter 5.5.3 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Aplicativo Itaú (HKLM-x32\...\{15D01D1F-8428-4CED-9783-BBE86AAA3B30}) (Version: 1.0.62 - Banco Itaú) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Box Sync (HKLM\...\{2A8F0A4C-490A-4A13-882C-52B672006586}) (Version: 4.0.6073.0 - Box, Inc.) Box Sync (x32 Version: 4.0.5841.0 - Box Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden Cisco WebEx Meetings (HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix) CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant) ContaCam (HKLM-x32\...\ContaCam) (Version: 5.0.0 - Contaware.com) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.3030 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DataDefractor Solo Enterprise Edition (HKLM\...\{E0562D75-DBF5-43C5-947B-B61D5405B73C}) (Version: 1.1.14 - Interactive Edge, LLC.) Dropbox (HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.) DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - ) eDiving (HKLM-x32\...\eDiving) (Version: - ) Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.0.8 - Lenovo) Enterprise Architect (HKLM-x32\...\{71A2AAC1-8DB5-40B4-AEF5-99C23238D37C}) (Version: 12.0.1210.14 - Sparx Systems) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ETDWare PS/2-x64 7.0.4.18_WHQL (HKLM\...\Elantech) (Version: 7.0.4.18 - ELAN Microelectronics Corp.) Ferramentas de Verificação do Microsoft Office 2013 - Português (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.) Free XPS to PDF Converter (HKLM-x32\...\{81CDCC57-F52D-4824-9725-6DC993F26001}) (Version: 1.1.0 - FreeXPSToPDF.com) Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) Freemake Audio Converter versão 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation) Gadwin PrintScreen (64-Bit) (HKLM\...\{2A271428-D127-40B1-9728-662DAA3472F6}) (Version: 5.3.1.0 - Gadwin Systems) Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Glary Utilities 5.32 (HKLM-x32\...\Glary Utilities 5) (Version: 5.32.0.52 - Glarysoft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GoToMeeting 7.17.0.4911 (HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\GoToMeeting) (Version: 7.17.0.4911 - CitrixOnline) Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.8.0.1 - ) IHMC CmapTools v6.01.01 (HKLM\...\IHMC CmapTools v6.01.01) (Version: 6.0.1.1 - Institute for Human & Machine Cognition) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) IRPF2010 - Declaração de Ajuste Anual e Final de Espólio (HKLM-x32\...\IRPF2010 - Declaração de Ajuste Anual e Final de Espólio) (Version: - ) IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2011) (Version: 1.3 - Receita Federal do Brasil) IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2012) (Version: 1.2 - Receita Federal do Brasil) IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2013) (Version: 1.4 - Receita Federal do Brasil) IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2014) (Version: 1.4 - Receita Federal do Brasil) IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.2 - Receita Federal do Brasil) IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2016) (Version: 1.2 - Receita Federal do Brasil) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation) Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft) Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.10.0415.1 - Vimicro) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden Lenovo PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.00 - CyberLink Corp.) Lenovo PowerDVD 9 (x32 Version: 9.0.2829.00 - CyberLink Corp.) Hidden Lenovo Service Bridge (HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo) Lenovo Solution Center (HKLM\...\{49277B39-D2E8-4342-9CE8-FC080C3FA344}) (Version: 2.8.007.00 - Lenovo Group Limited) Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo) Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mendeley Desktop 1.10.3 (HKLM-x32\...\Mendeley Desktop) (Version: 1.10.3 - Mendeley Ltd.) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 1.1 Language Pack - PTB (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - PTB) (Version: 1.1.40219 - Microsoft Corporation) Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{20E2E968-1498-4B9C-AFF2-5F8C13E46FD7}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Power Query para Excel (x64) (HKLM\...\{810D3F20-5E7D-4312-8C42-33C755AEAD7A}) (Version: 2.29.4217.1861 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2008R2 Integration Services RTM Samples (x64) (HKLM\...\{578354FC-76F7-439C-B435-7171B4743ACE}) (Version: 1.0.0 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project) OfficeAdRemover (HKLM-x32\...\OfficeAdRemover_is1) (Version: - Ondrej Pokorny) Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pacote de Driver do Windows - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) PDF Creator (HKLM\...\PDF Creator) (Version: - ) PDF Editor 4 (HKLM-x32\...\PDF Editor 4) (Version: - ) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.56 - Trusteer) Rapport (x32 Version: 3.5.1609.56 - Trusteer) Hidden Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.) Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados) Rename Expert 5.7.0 (HKLM-x32\...\{C4401B9F-F462-44F3-B96E-390AF4DC0EE6}_is1) (Version: - Gillmeister Software) Rename Master (HKLM-x32\...\Rename Master_is1) (Version: - ) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Streaming Audio Recorder V4.0.3 (HKLM-x32\...\{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1) (Version: 4.0.3 - APOWERSOFT LIMITED) Superprovas 12 (HKLM-x32\...\{A1413134-6AF2-46AD-A9DC-5B382A928AF5}) (Version: 12.1 - Nome de sua empresa:Superprovas) Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.50527 A - TeamViewer) TortoiseSVN 1.8.11.26392 (64 bit) (HKLM\...\{11309CA9-9118-44D6-B345-83C86A5111D5}) (Version: 1.8.26392 - TortoiseSVN) UDPixel.exe (HKLM-x32\...\UDPixel) (Version: - ) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0816-1000-0000000FF1CE}_Office15.PROPLUSR_{A3F244FB-7263-468D-BF1C-AA28E842579D}) (Version: - Microsoft) Visual Studio 2010 Prerequisites - English (HKLM\...\{45DAD85A-A8D6-3E01-B28C-F7791661A717}) (Version: 10.0.30319 - Microsoft Corporation) Warsaw 1.10.0.8776 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.10.0.8776 - GAS Tecnologia) Windows 7 Upgrade Advisor (HKLM-x32\...\{4AEFA609-87D4-4964-B650-03EC904E673E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}) (Version: 14.0.8089.726 - Microsoft Corporation) WinHTTrack Website Copier 3.48-21 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack) XlsToMdb 2.8 (HKLM\...\XlsToMdb_is1) (Version: - Withdata Software) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Cleber\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Cleber\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Cleber\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-457408250-4245222922-2887997066-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {03CAE4CB-D545-4035-8FCE-7E84209D044B} - System32\Tasks\{3E8A22DB-895C-443E-915E-2F706F44ECB1} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+POM+Soft+Lib.exe Task: {0A59E42E-4399-4920-BE3F-51EF8ECE1F64} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2016-01-08] (Lenovo) Task: {0E25CF44-F03B-4948-9395-D125A2EB6525} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-457408250-4245222922-2887997066-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Cleber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms Task: {0F832E4E-44A9-4726-9343-754CF7B4FC4D} - System32\Tasks\{2FA81F4F-3644-449B-AD74-F6097116EE51} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+POM+Soft+Lib.exe Task: {10A5467C-2024-427F-978B-C0BA4ED1B16B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {10C23766-A817-41A0-A909-187F12DC1D1C} - System32\Tasks\{AD7B66FF-DFDF-4FCF-B178-EA23C0901505} => Chrome.exe hxxp://ui.skype.com/ui/0/7.15.73.103.456/pt/go/help.faq.installer?LastError=1618 Task: {11627473-46BD-4618-AF18-7023C42B216C} - System32\Tasks\{7DD2D128-79B9-4B61-8234-97249FA9A122} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+Instr.Resource+CD\setup.exe Task: {18C2B031-3BB8-4C4B-BA9E-D8CE2405B0FF} - System32\Tasks\{ADB686EB-1AC1-4A53-848F-DE0537258242} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+POM+Soft+Lib.exe Task: {320FC5F0-D218-481D-AEA3-7D88E03241EB} - System32\Tasks\{3324DE7A-3EA4-4605-82A4-336ED116A7CA} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+Instr.Resource+CD\setup.exe Task: {3818B232-3F1D-4206-BD73-B78F66CE860A} - System32\Tasks\{F10BFF86-B79F-4A5C-A499-67E890372129} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+POM+Soft+Lib.exe Task: {3C442653-0567-4C27-9EF5-775615D91CF1} - System32\Tasks\{92C171AB-5E70-4054-8035-DC4F645115C1} => pcalua.exe -a C:\Users\Cleber\Downloads\DiagnosticoItau(4).exe -d C:\Users\Cleber\Downloads Task: {3D0BD72F-E567-4302-AA15-8F5D9F01E625} - System32\Tasks\{E36349C4-9B08-43E4-BDC7-C2DE99959DC6} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+POM+Soft+Lib.exe Task: {3EAF052A-284A-4DA1-B823-7AB8A769C6B5} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] () Task: {3F3A7328-D813-49F9-9F72-2459ED3E5895} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] () Task: {416021F4-B5BB-471B-A40C-3DDD40B9856E} - System32\Tasks\SafeZone scheduled Autoupdate 1458769052 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {42C4E9DC-D1C6-4127-AFDD-6F3D937346F8} - System32\Tasks\{C178553C-78C5-4507-BE68-750982D7F245} => pcalua.exe -a C:\Users\Cleber\Downloads\gbpluginabnsetup.exe -d C:\Users\Cleber\Downloads Task: {4FA836C9-E769-49CC-A39E-D5F2220C8C6B} - System32\Tasks\{B0CAD0EE-AB80-427E-971C-2A7BA49AD3B3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.73.105.456/pt/go/help.faq.installer?LastError=1618 Task: {5301F191-EAA6-4197-874D-7060237766E0} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-08-17] (Glarysoft Ltd) Task: {5E9E61CA-AB85-433E-8C59-53FF3B5BE3B9} - System32\Tasks\{17F2A31A-48F2-4A64-AF4F-6D981B27FEA2} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+Instr.Resource+CD\setup.exe Task: {5EB4030D-682E-4346-B7BF-737021FC7BFB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd) Task: {62D293D2-7FE6-481E-AEAC-F26F42CE3F7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {725D5AAE-CB8A-4856-80F1-9088828BCFB9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-457408250-4245222922-2887997066-1000Core => C:\Users\Cleber\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.) Task: {7922D5F7-A032-48D7-AF2F-C582B3AED296} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated) Task: {7F198071-06D3-4CA2-9D49-BD3FA074E938} - System32\Tasks\{A3D8CD9B-6101-49DB-AFD9-EE7624308C54} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+POM+Soft+Lib.exe Task: {814EB9C1-5444-4472-8973-38B44E45C686} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software) Task: {8A7B7959-C8D0-4EA8-86AA-1D1B3B9F6A5D} - System32\Tasks\{CA524A10-4DEA-442D-B893-D2FED623F462} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+POM+Soft+Lib.exe Task: {8B8EC08A-8C4E-4D9E-8B5C-0D6CD0E84143} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {8DC72A7F-269C-4381-9B64-0C3C33AA0E2C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-06] (AVAST Software) Task: {9E8581A8-5211-4BCA-807D-11410E4CE85A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {9EC5FD19-77C6-45B6-9A06-BDD42BAEB4EF} - System32\Tasks\{9CC2AD93-8674-421D-9946-70CEBE0B3EF3} => Chrome.exe hxxp://ui.skype.com/ui/0/7.16.0.101/pt/go/help.faq.installer?LastError=1618 Task: {A1A71940-87D1-4D94-B9B3-20CA0B9F3694} - System32\Tasks\G2MUploadTask-S-1-5-21-457408250-4245222922-2887997066-1000 => C:\Users\Cleber\AppData\Local\Citrix\GoToMeeting\4911\g2mupload.exe [2016-05-11] (Citrix Online, a division of Citrix Systems, Inc.) Task: {A4857992-C2B6-45C7-81BE-2AA2A412D76B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-01-08] (Lenovo) Task: {A93668F6-AD11-4689-8B4B-1093F41F0B44} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {AFAFE9A7-304D-4D29-95F8-7F11FB648424} - System32\Tasks\{148328A6-61EB-4134-B6A4-6D33B1577980} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+POM+Soft+Lib.exe Task: {B555F882-8B59-4553-A417-162896D601C6} - System32\Tasks\{2D0067E4-C6C2-40A5-AED0-D9D3FC281EC5} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+POM+Soft+Lib.exe Task: {BAE67D64-AFA1-40F6-BB72-B8C61D50252B} - System32\Tasks\{2A1F8F6C-E46E-4F87-BA83-FD978D4D4784} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+Instr.Resource+CD\setup.exe Task: {C3834B9F-069F-4CA6-8424-BF1FC4A9A2BF} - System32\Tasks\G2MUpdateTask-S-1-5-21-457408250-4245222922-2887997066-1000 => C:\Users\Cleber\AppData\Local\Citrix\GoToMeeting\4911\g2mupdate.exe [2016-05-11] (Citrix Online, a division of Citrix Systems, Inc.) Task: {CBA0A5DD-77D1-4424-BA6B-C6D8F565325F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {E0F5DB37-E62D-4C93-8DFC-5CAC9BE935FA} - System32\Tasks\avastBCLRestartS-1-5-21-457408250-4245222922-2887997066-1000 => Firefox.exe Task: {E877955B-4BED-413D-8300-C32A7F59764C} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-01-08] (Lenovo) Task: {EB250A8D-C84F-4407-94F9-E5ED3ACBC866} - System32\Tasks\{CDCFE179-ED47-4FE7-9C55-106E52A1C211} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+POM+Soft+Lib.exe Task: {EB979F2A-52F1-4051-B38C-909B097D1A84} - System32\Tasks\{533E10DC-1B99-4604-A526-2DBCFE609D96} => C:\Users\Cleber\Dropbox\PCP\Gaither\8522102376+POM+Soft+Lib.exe Task: {ECE19AF7-2889-4B61-8BAC-F7B8A899D8E6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-457408250-4245222922-2887997066-1000UA => C:\Users\Cleber\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.) Task: {F53E3C67-B9E3-401E-BD5D-3725DFDB41FE} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-08-17] (Glarysoft Ltd) Task: {FE892386-B30C-4C22-ADE0-FEF9F5633727} - System32\Tasks\{9D4E8672-54B3-4235-AA73-B52BFDCDADC5} => pcalua.exe -a "C:\Arquivos de Programas RFB\IRPF2015\IRPF2015.exe" -d "C:\Arquivos de Programas RFB\IRPF2015" (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-457408250-4245222922-2887997066-1000Core.job => C:\Users\Cleber\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-457408250-4245222922-2887997066-1000UA.job => C:\Users\Cleber\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-457408250-4245222922-2887997066-1000.job => C:\Users\Cleber\AppData\Local\Citrix\GoToMeeting\4911\g2mupdate.exe Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-457408250-4245222922-2887997066-1000.job => C:\Users\Cleber\AppData\Local\Citrix\GoToMeeting\4911\g2mupload.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2015-03-19 19:55 - 2015-03-19 19:55 - 00088960 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll 2014-05-09 12:36 - 2011-10-04 22:43 - 00087552 _____ () C:\windows\System32\custmon64i.dll 2014-08-01 13:25 - 2013-10-23 14:24 - 00087600 _____ () C:\windows\System32\cpwmon64.dll 2015-06-19 09:58 - 2011-02-28 19:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll 2015-01-20 21:35 - 2015-01-20 21:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 21:35 - 2015-01-20 21:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-12 17:53 - 2014-03-12 17:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2016-05-06 18:56 - 2016-05-06 18:56 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-06 18:56 - 2016-05-06 18:56 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-05-16 09:09 - 2016-05-16 09:09 - 02906624 _____ () C:\Program Files\AVAST Software\Avast\defs\16051601\algo.dll 2016-05-06 18:56 - 2016-05-06 18:56 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-05-06 18:56 - 2016-05-06 18:56 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-05-17 08:32 - 2016-05-17 08:32 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\16051702\algo.dll 2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2015-04-02 13:04 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-04-02 13:04 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-04-02 13:04 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-05-12 17:23 - 2016-04-19 16:47 - 00034768 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2016-05-12 17:22 - 2016-04-19 16:48 - 00019408 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2016-05-12 17:22 - 2016-04-19 16:47 - 00116688 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2016-05-12 17:23 - 2016-04-19 16:47 - 00093640 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2016-05-12 17:23 - 2016-04-19 16:47 - 00018376 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\select.pyd 2016-05-12 17:23 - 2016-05-06 19:35 - 00019760 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00105928 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-05-12 17:22 - 2016-04-19 16:47 - 00392144 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2016-05-12 17:23 - 2016-05-06 19:35 - 00381752 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2016-05-12 17:23 - 2016-04-19 16:47 - 00692688 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 00020816 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2016-05-12 17:23 - 2016-04-19 16:48 - 00121296 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 01682760 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 00020808 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2016-05-12 17:23 - 2016-05-06 19:35 - 00021840 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 00038696 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\fastpath.pyd 2016-05-12 17:22 - 2016-04-19 16:49 - 00020936 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00024528 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32event.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00114640 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32security.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00124880 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-05-12 17:23 - 2016-05-06 19:35 - 00021832 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00024016 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00175560 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32gui.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00030160 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00043472 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32process.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00028616 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32ts.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00048592 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32service.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 00026456 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00057808 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00024016 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32profile.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 00117056 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 00052024 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2016-05-12 17:23 - 2016-04-19 16:47 - 00134608 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2016-05-12 17:22 - 2016-04-19 16:47 - 00134088 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2016-05-12 17:22 - 2016-04-19 16:48 - 00240584 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2016-05-12 17:23 - 2016-05-06 19:35 - 00020800 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-05-12 17:23 - 2016-05-06 19:35 - 00021824 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd 2016-05-12 17:23 - 2016-05-06 19:35 - 00019776 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd 2016-05-12 17:23 - 2016-05-06 19:35 - 00020800 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 00024392 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2016-05-12 17:22 - 2016-04-19 16:50 - 00036296 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\librsync.dll 2016-05-12 17:22 - 2016-05-06 19:34 - 00020280 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2016-05-12 17:23 - 2016-05-06 19:35 - 00023376 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00350152 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2016-05-12 17:23 - 2016-05-06 19:35 - 00022352 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 00084280 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-05-12 17:22 - 2016-05-06 19:34 - 01826096 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2016-05-12 17:23 - 2016-04-19 16:48 - 00083912 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\sip.pyd 2016-05-12 17:22 - 2016-05-06 19:35 - 03928880 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 01971504 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 00531248 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2016-05-12 17:22 - 2016-05-06 19:35 - 00132912 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2016-05-12 17:22 - 2016-05-06 19:35 - 00223544 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2016-05-12 17:22 - 2016-05-06 19:34 - 00207672 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2016-05-12 17:23 - 2016-04-19 16:49 - 00060880 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\win32print.pyd 2016-05-12 17:23 - 2016-05-06 19:35 - 00024904 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-05-12 17:22 - 2016-05-06 19:35 - 00546096 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2016-05-12 17:22 - 2016-05-06 19:35 - 00357680 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2016-05-12 17:22 - 2016-04-19 16:51 - 00017864 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\libEGL.dll 2016-05-12 17:22 - 2016-04-19 16:51 - 01631184 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2016-05-12 17:22 - 2016-04-19 16:53 - 00697304 _____ () C:\Users\Cleber\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-12-29 19:01 - 2015-12-29 19:01 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-05-12 16:12 - 2016-05-12 16:12 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5e0daeb618ec1050c6b7f95c5620e53f\IsdiInterop.ni.dll 2010-11-04 13:00 - 2010-03-03 17:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2016-05-13 10:26 - 2016-05-11 08:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll 2016-05-13 10:26 - 2016-05-11 08:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll 2016-05-13 10:26 - 2016-05-11 08:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [762] AlternateDataStreams: C:\windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434] AlternateDataStreams: C:\Users\Cleber\Downloads\Concessionaria (1).xlsx:com.dropbox.attributes [168] AlternateDataStreams: C:\Users\Cleber\Downloads\Concessionaria.xlsx:com.dropbox.attributes [168] AlternateDataStreams: C:\Users\Cleber\Documents\tetris:com.dropbox.attributes [168] AlternateDataStreams: C:\Users\Cleber\Documents\xtetris:com.dropbox.attributes [166] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Existem ainda 7866 sites a mais. IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\bb.com.br -> aapj.bb.com.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\google.com -> www.google.com IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\google.com.br -> www.google.com.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\itau.b.br -> www.itau.b.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\itau.com.br -> hxxps://bankline.itau.com.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\itau.com.br -> bankline.itau.com.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\santander.com.br -> www.santander.com.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\santanderempresarial.com.br -> www.santanderempresarial.com.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\santandernet.com.br -> www.santandernet.com.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\santandernetibe.com.br -> www.santandernetibe.com.br IE trusted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\triunfo.com -> intranet.triunfo.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-457408250-4245222922-2887997066-1000\...\123simsen.com -> www.123simsen.com Existem ainda 7867 sites a mais. ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2016-05-02 17:25 - 00450769 ____N C:\windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com Existem ainda 15463 mais linhas. ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-457408250-4245222922-2887997066-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cleber\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: RapportMgmtService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: vpnagent => 2 MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BoxSync => "C:\Program Files\Box\Box Sync\BoxSync.exe" -m MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized MSCONFIG\startupreg: ContaCam => C:\Program Files (x86)\ContaCam\ContaCam.exe MSCONFIG\startupreg: Diebold - Warsaw => C:\Program Files\Diebold\Warsaw\core.exe MSCONFIG\startupreg: DoUSBC120 => "C:\Users\Cleber\AppData\Local\Temp\dlusb_launcherC120.exe" MSCONFIG\startupreg: GoogleChromeAutoLaunch_52D1B007D725BE55364882108568F0F5 => "C:\Users\Cleber\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MinhaBox.br => C:\Program Files (x86)\Minhateca.com.br Box\MinhaBox.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{0E6405E2-DFB6-4039-8EDB-286C207FE0A0}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{DF0132CB-A1E2-4BB6-A889-3547C616530D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD9\PowerDVD9.EXE FirewallRules: [{44ABAECB-B6F9-4269-B3F2-F8B1BC45404E}] => (Allow) svchost.exe FirewallRules: [{23AF6D83-D89B-45D1-B133-0C00B75A8FB9}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [TCP Query User{E012723C-0BD0-46FC-8034-98293019BA25}C:\users\cleber\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\cleber\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [uDP Query User{E798BF8D-6227-479B-8B44-1C8C5C1D03C6}C:\users\cleber\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\cleber\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{10ABD94B-39F7-4B02-BB2A-311E1A1C20E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{84723C81-3989-4F04-916C-FB8F055B904D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C5DB97AC-CF0D-43A7-B452-F40EE953F4BF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{C2CC504B-AEDB-43BB-8794-1CBD003EF909}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{0731EA59-6CE7-421E-810F-F80FF28E5BC9}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe FirewallRules: [uDP Query User{57EAA979-4086-40C0-A9D3-4495DEA9814C}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe FirewallRules: [{321D1AD7-CFFC-429B-9571-C687D531E0E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5B5CF1DE-7F4D-41F4-BEA6-D7AE2D44B332}] => (Allow) LPort=2869 FirewallRules: [{DD9E482D-3F44-476B-95D3-A7E523663498}] => (Allow) LPort=1900 FirewallRules: [{A086E069-0736-43BB-9E92-7254CD11499D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6CB8616D-BC99-42DA-A305-AB2911690D68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6E38421F-05F1-48E0-AF93-01B173B829D9}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{CB35E945-7B9D-4534-A16A-C75714FD308E}] => (Allow) C:\Users\Cleber\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{ABBE4B28-F901-4885-B3F3-6AA3D0775DDB}] => (Allow) C:\Users\Cleber\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{F84F7364-FD24-4F90-8803-C953749A1DC3}] => (Allow) LPort=3306 FirewallRules: [{93BFD50D-F756-4C72-B346-737B61DA4B65}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{FBC4FFE2-B938-460B-BD3D-79B596ED5875}] => (Allow) C:\Program Files (x86)\ContaCam\ContaCam.exe FirewallRules: [{0F6623FF-4639-45B7-B0AB-DD44943D1352}] => (Allow) C:\Program Files (x86)\ContaCam\ContaCam.exe FirewallRules: [{F8217BF0-2452-4B74-B3B8-08AFA8BD37DA}] => (Allow) C:\Program Files (x86)\ContaCam\microapache\mapache.exe FirewallRules: [{8E723613-CCBE-41A2-BB1F-FE208BB92C7E}] => (Allow) C:\Program Files (x86)\ContaCam\microapache\mapache.exe FirewallRules: [{3E6317EC-5E6F-47BF-BA7F-92DDC137AE27}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe FirewallRules: [{DE0D18B9-E209-44BF-8483-EF6C42597888}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe FirewallRules: [{CC4D7013-9E89-4811-9A2A-A05B3C12CBE1}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll FirewallRules: [{4BFC9A43-AB25-4755-8B29-A6249F5D9569}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll FirewallRules: [TCP Query User{AB0F352D-87C6-4E4E-A481-8151B0870E94}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files\ihmc cmaptools\jre\bin\javaw.exe FirewallRules: [uDP Query User{14E965E5-BF88-463F-B165-0F20C7FDB5CB}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files\ihmc cmaptools\jre\bin\javaw.exe FirewallRules: [{0CFD7283-C95E-42C0-8251-A00DEB212FBD}] => (Block) C:\program files\ihmc cmaptools\jre\bin\javaw.exe FirewallRules: [{71D10AD5-CC45-4CAC-A90B-3594FE6353DB}] => (Block) C:\program files\ihmc cmaptools\jre\bin\javaw.exe FirewallRules: [TCP Query User{B4A5040C-E908-44D7-83CF-E852DDAF2983}C:\Program Files (x86)\ContaCam\microapache\mapache.exe] => (Block) C:\Program Files (x86)\ContaCam\microapache\mapache.exe FirewallRules: [uDP Query User{5636095F-3837-489C-BF1D-F00C161FA9ED}C:\Program Files (x86)\ContaCam\microapache\mapache.exe] => (Block) C:\Program Files (x86)\ContaCam\microapache\mapache.exe FirewallRules: [{803FF5B3-16FA-4B8A-A198-461185196329}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0D6B1479-A630-409E-92C8-C97DF65F709B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9E9D389F-46E7-45DA-B5E9-FA2304DE30D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{504B7E04-533D-48C7-9C73-3B82639FCFEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{6BE12EFD-84F5-4746-BBB4-7193F3144741}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{2DE0B17E-D5EB-4C6F-88FA-A39DB1D06F45}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4A8F1FB1-DDCE-4682-9E90-0DEB59DD2C74}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B30615BF-E362-4E94-B057-CC7965284D1E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{D7236B2F-A086-477F-9751-0CECE292BBC7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{DDC61D15-4F7C-418F-9219-7FDDF305B793}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{0FD545F9-2D9A-4D91-BCF2-AFE7746DBAEC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{160C0123-8802-487B-BAB0-11918DA61F58}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{4DCD7043-AE6C-4301-81AA-2D580392AB2D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{A4849A91-EF96-40B2-B368-86AE40261463}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{7591CFB7-353C-4967-A50D-A8F548ED3F3D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{32631DD0-77FE-44AF-B0E5-EC041AF5C7BC}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [uDP Query User{205B2421-5D98-4D44-9FA7-0757DAD6EBC9}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [{1099428E-9236-478E-A6AB-F53CA4677D2E}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [{1F6D3519-10A8-491B-8C51-CA0EE9604D68}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe FirewallRules: [{E5668660-2098-4179-8F50-68A13DB1AE9F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Pontos de Restauração ========================= 12-04-2016 16:22:50 Ponto de Verificação Agendado 15-04-2016 08:32:37 Windows Update 15-04-2016 17:00:10 Windows Update 19-04-2016 09:00:58 Windows Update 22-04-2016 11:14:02 Windows Update 26-04-2016 08:45:13 Windows Update 29-04-2016 09:29:16 Windows Update 03-05-2016 09:40:18 Windows Update 04-05-2016 16:47:23 Windows Update 05-05-2016 17:14:02 Windows Update 06-05-2016 09:20:22 Windows Update 10-05-2016 08:37:18 Windows Update 11-05-2016 07:52:59 Windows Update 11-05-2016 18:29:00 Installed Rapport 12-05-2016 14:49:43 Windows Update 12-05-2016 15:43:00 Installed Rapport 12-05-2016 18:21:24 Windows Update 13-05-2016 15:52:00 JRT Pre-Junkware Removal 13-05-2016 18:35:29 Windows Update 17-05-2016 08:48:11 Windows Update ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (05/17/2016 03:22:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa IEXPLORE.EXE versão 11.0.9600.18315 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 1ac8 Hora de Início: 01d1b068c5cb9ba7 Hora de Término: 11 Caminho do Aplicativo: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Id do Relatório: Error: (05/17/2016 03:20:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa IEXPLORE.EXE versão 11.0.9600.18315 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 1cec Hora de Início: 01d1b068a5283cbf Hora de Término: 13 Caminho do Aplicativo: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Id do Relatório: Error: (05/17/2016 02:13:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: iexplore.exe, versão: 11.0.9600.18315, carimbo de hora: 0x571aea6f Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.23418, carimbo de hora: 0x5708a857 Código de exceção: 0xc0000374 Deslocamento com falha: 0x00000000000bf262 Identificação do processo com falha: 0xea4 Hora de início do aplicativo com falha: 0xiexplore.exe0 Caminho do aplicativo com falha: iexplore.exe1 FCaminho do módulo de falhas: iexplore.exe2 Identificação do Relatório: iexplore.exe3 Error: (05/17/2016 10:54:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa IEXPLORE.EXE versão 11.0.9600.18315 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 19a4 Hora de Início: 01d1b040fb340301 Hora de Término: 16 Caminho do Aplicativo: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Id do Relatório: Error: (05/14/2016 12:23:18 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: ) Description: Microsoft Word: Rejected Safe Mode action : O Word não conseguiu iniciar da última vez. Se o iniciar em modo de segurança, poderá corrigir o problema, mas algumas funcionalidades poderão ficar desativadas neste modo. Deseja iniciá-lo em modo de segurança?. Rejected Safe Mode action : Microsoft Word. Error: (05/12/2016 05:09:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Data.Services.Client, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 Error: (05/12/2016 04:22:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: DaS_21.exe, versão: 2.1.0.4, carimbo de hora: 0x540c90b2 Nome do módulo de falhas: KERNELBASE.dll, versão: 6.1.7601.23418, carimbo de hora: 0x5708a89c Código de exceção: 0xe0434352 Deslocamento com falha: 0x000000000001a06d Identificação do processo com falha: 0x5e4 Hora de início do aplicativo com falha: 0xDaS_21.exe0 Caminho do aplicativo com falha: DaS_21.exe1 FCaminho do módulo de falhas: DaS_21.exe2 Identificação do Relatório: DaS_21.exe3 Error: (05/12/2016 04:22:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplicativo: DaS_21.exe Versão do Framework: v4.0.30319 Descrição: O processo foi terminado devido a uma exceção sem tratamento. Informações da Exceção: System.ArgumentOutOfRangeException em System.Console.SetWindowSize(Int32, Int32) em DriverAndServicesOut.Program.Main(System.String[]) Error: (05/12/2016 04:21:58 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.JScript, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020 Error: (05/12/2016 02:37:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa OTL.exe versão 3.2.69.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 1714 Hora de Início: 01d1ac7463e7c09a Hora de Término: 16 Caminho do Aplicativo: C:\Users\Cleber\Dropbox (Pessoal)\Softwares de limpeza\OTL.exe Id do Relatório: Erros de Sistema: ============= Error: (05/17/2016 03:17:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço NlaSvc. Error: (05/17/2016 10:53:57 AM) (Source: Tcpip) (EventID: 4199) (User: ) Description: O sistema detectou um conflito de endereço entre o endereço IP 192.168.60.12 e o sistema que possui o endereço de hardware de rede 1C-AA-07-D5-DC-C8. Como resultado desse conflito, as operações de rede nesse sistema podem ser interrompidas. Error: (05/16/2016 01:47:14 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: O seguinte alerta fatal foi gerado: 10. O estado do erro interno é 10. Error: (05/16/2016 01:47:14 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: O seguinte alerta fatal foi gerado: 10. O estado do erro interno é 10. Error: (05/16/2016 01:46:11 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: O seguinte alerta fatal foi gerado: 10. O estado do erro interno é 10. Error: (05/16/2016 01:46:11 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: O seguinte alerta fatal foi gerado: 10. O estado do erro interno é 10. Error: (05/16/2016 01:46:11 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: O seguinte alerta fatal foi gerado: 10. O estado do erro interno é 10. Error: (05/16/2016 01:46:11 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: O seguinte alerta fatal foi gerado: 10. O estado do erro interno é 10. Error: (05/16/2016 01:37:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: %%2 Error: (05/16/2016 01:36:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: %%2 ==================== Informações da Memória =========================== Processador: Intel® Core i3 CPU M 370 @ 2.40GHz Percentagem de memória em uso: 75% RAM física total: 3894.85 MB RAM física disponível: 948.65 MB Virtual Total: 7787.89 MB Virtual disponível: 3691.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:254.14 GB) (Free:48.51 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:25.54 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 74E7F881) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12) ==================== Fim de Addition.txt ============================
  8. Olá Ciro, O acesso à internet melhorou mas ainda fica, às vezes parado com a mensagem no rodapé do Chrome "Processando solicitação" ou "Aguardando securepubads.g.doubleclick.net "quando acesso a página da UOL (com a página aparentemente já carregada, mas sem liberar o cursos), aí preciso fechar a aba do Chrome e abrir outra para carregar novamente. Seguem os logs: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Shortcut Cleaner 1.4.0 by Lawrence Abrams (Grinler) "http://br.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy), ,[c2a78352dbbea591ecaf5a0e0cf856aa] Setores físicos: 0 (Nenhum item malicioso detectado) (end) ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- obrigado, Cleber
  9. Olá Ciro Seguem os logs das 3 ferramentas. obrigado, Cleber ZA-Scan.txt MbrScan.log FSS.txt
  10. , Há alguns dias o Chrome (tbém Firefixo e IE) trava ao tentar acessar sites usuais (www.uol.com.br etc.) e fica exibindo mensagens como "aguardando o cache" ou "aguardando tracker.bt.uol.com.br" ou "aguardando f.i.uol.com.br" . Rodei anti-vírus Avast, anti-vírus Spybot e Malwarebytes e adware removal TSA e BDPUAR sem resolver o problema. Rodei agora o Hijackthis que baixei do linhadefensiva.org e obtive o log anexo. Agradeço a ajuda. Cleber M. Duranti hijackthis.log
  11. Problema resolvido ! Obrigado, José Melo abs Cleber
  12. Seguem os logs do Combofix (anexo) e Hijackthis após a execução do procedimento indicado. Logfile of HijackThis v1.99.1 Scan saved at 18:24:46, on 11/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe C:\Arquivos de programas\ShrewSoft\VPN Client\dtpd.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\ShrewSoft\VPN Client\iked.exe C:\Arquivos de programas\ShrewSoft\VPN Client\ipsecd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe D:\Documents and Settings\clebermd\Meus documentos\downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing) O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file) O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll (file missing) O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.bancoreal.com.br O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} (ICWMInstallObj Class) - https://cpc.on.intercall.com/confmgr/instal...ICWMInstall.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{465942EE-B20E-4F4B-A776-7DCDDFC915C8}: NameServer = 143.107.253.3,143.107.51.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Arquivos de programas\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: ShrewSoft DNS Proxy Daemon (dtpd) - Unknown owner - C:\Arquivos de programas\ShrewSoft\VPN Client\dtpd.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: ShrewSoft IKE Daemon (iked) - Unknown owner - C:\Arquivos de programas\ShrewSoft\VPN Client\iked.exe O23 - Service: ShrewSoft IPSEC Daemon (ipsecd) - Unknown owner - C:\Arquivos de programas\ShrewSoft\VPN Client\ipsecd.exe ComboFix.txt
  13. Quando tento acessar www.bancoreal.com.br ocorre timeout (mensagem: "O Internet Explorer não pode exibir a página da Web"). No momento da tentativa de acesso, o arquivo hosts (que não estava presente em C:\WINDOWS\SYSTEM32\DRIVERS\etc) é criado novamente com o conteúdo: 200.149.20.17 wwws.realsecureweb.com.br # GbPlugin 200.208.15.105 www.bancoreal.com.br # GbPlugin Isso é devido mesmo a algum malware ou é algo do sistema de segurança do banco? Segue novo log do Hijackthis. Logfile of HijackThis v1.99.1 Scan saved at 17:22:24, on 10/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe C:\Arquivos de programas\ShrewSoft\VPN Client\dtpd.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\ShrewSoft\VPN Client\iked.exe C:\Arquivos de programas\ShrewSoft\VPN Client\ipsecd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Internet Explorer\iexplore.exe D:\Documents and Settings\clebermd\Meus documentos\downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O1 - Hosts: 200.149.20.17 wwws.realsecureweb.com.br # GbPlugin O1 - Hosts: 200.208.15.105 www.bancoreal.com.br # GbPlugin O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file) O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.bancoreal.com.br O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} (ICWMInstallObj Class) - https://cpc.on.intercall.com/confmgr/instal...ICWMInstall.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{465942EE-B20E-4F4B-A776-7DCDDFC915C8}: NameServer = 143.107.253.3,143.107.51.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Arquivos de programas\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: ShrewSoft DNS Proxy Daemon (dtpd) - Unknown owner - C:\Arquivos de programas\ShrewSoft\VPN Client\dtpd.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: ShrewSoft IKE Daemon (iked) - Unknown owner - C:\Arquivos de programas\ShrewSoft\VPN Client\iked.exe O23 - Service: ShrewSoft IPSEC Daemon (ipsecd) - Unknown owner - C:\Arquivos de programas\ShrewSoft\VPN Client\ipsecd.exe