Ir para conteúdo

dubio

Participante
  • Postagens

    38
  • Desde

  • Última visita

Sobre dubio

  1. Solicitação de análise de logs

    Certo! Agradeço muito pelo auxílio e atenção! Boa noite.
  2. Solicitação de análise de logs

    Boa noite, Só agora consegui responder. Olha, fiz o indicado ontem no modo segurança, mas ele deu uma mensagem dizendo que ocorria um erro durante a desinstalação. No entanto, ao reiniciar em modo normal, percebi que grande parte daqueles processos relacionados ao McAfee desapareceram. Restou somente esse que segue na imagem. Será que há algum problema se ele permanecer? Poderia tentar reinstalar todo o McAfee e desinstalar novamente. De forma geral, o computador está normal. A lentidão resolveu, o chrome está funcionando corretamente. Só fiquei em dúvida quanto ao McAfee. Era o antivírus que eu estava usando (inclusive tinha pago uma licença de 1 ano). Pelo que vi, ele não se mostrou uma boa escolha... Recomenda que eu use algum daqueles sugeridos por você na listagem, certo?
  3. Solicitação de análise de logs

    Boa noite, Fiz o indicado, o OTL fez o processo e reiniciou o computador. No entanto, ao reiniciar ele não abriu novamente. Apareceu somente o arquivo de log que encaminho abaixo: All processes killed ========== OTL ========== Error: No service named McAPExe was found to stop! Unable to delete service\driver key McAPExe. File move failed. C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe scheduled to be moved on reboot. Error: No service named mfemms was found to stop! Unable to delete service\driver key mfemms. File move failed. C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe scheduled to be moved on reboot. Error: No service named mfevtp was found to stop! Unable to delete service\driver key mfevtp. File move failed. C:\Windows\SysNative\mfevtps.exe scheduled to be moved on reboot. Error: No service named mfefire was found to stop! Unable to delete service\driver key mfefire. File move failed. C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe scheduled to be moved on reboot. Service mccspsvc stopped successfully! Service mccspsvc deleted successfully! File move failed. C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe scheduled to be moved on reboot. Service WsAppService stopped successfully! Service WsAppService deleted successfully! C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe moved successfully. Error: No service named mfehidk was found to stop! Unable to delete service\driver key mfehidk. File move failed. C:\Windows\SysNative\drivers\mfehidk.sys scheduled to be moved on reboot. Error: No service named mfefirek was found to stop! Unable to delete service\driver key mfefirek. File move failed. C:\Windows\SysNative\drivers\mfefirek.sys scheduled to be moved on reboot. Error: No service named mfeaack was found to stop! Unable to delete service\driver key mfeaack. File move failed. C:\Windows\SysNative\drivers\mfeaack.sys scheduled to be moved on reboot. Error: No service named mfeavfk was found to stop! Unable to delete service\driver key mfeavfk. File move failed. C:\Windows\SysNative\drivers\mfeavfk.sys scheduled to be moved on reboot. Error: No service named mfewfpk was found to stop! Unable to delete service\driver key mfewfpk. File move failed. C:\Windows\SysNative\drivers\mfewfpk.sys scheduled to be moved on reboot. Error: No service named mfeplk was found to stop! Unable to delete service\driver key mfeplk. File move failed. C:\Windows\SysNative\drivers\mfeplk.sys scheduled to be moved on reboot. Error: No service named mfeelamk was found to stop! Unable to delete service\driver key mfeelamk. File move failed. C:\Windows\SysNative\drivers\mfeelamk.sys scheduled to be moved on reboot. Error: No service named cfwids was found to stop! Unable to delete service\driver key cfwids. File move failed. C:\Windows\SysNative\drivers\cfwids.sys scheduled to be moved on reboot. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page_TIMESTAMP| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy| /E : value set successfully! 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-mfe-ipt\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}\ deleted successfully. File move failed. c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-mfe-ipt\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}\ deleted successfully. File move failed. c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll scheduled to be moved on reboot. C:\Users\Eduardo\AppData\Roaming\Wondershare\DrFoneiOS folder moved successfully. C:\Users\Eduardo\AppData\Roaming\Wondershare\DrFoneforiOS\HMYGSetting folder moved successfully. C:\Users\Eduardo\AppData\Roaming\Wondershare\DrFoneforiOS folder moved successfully. C:\Users\Eduardo\AppData\Roaming\Wondershare folder moved successfully. C:\Windows\SysNative\Tasks\McAfee\McAfee Auto Maintenance Task Agent moved successfully. C:\Windows\SysNative\Tasks\McAfee\McAfee Idle Detection Task moved successfully. ========== FILES ========== C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\Skin\Default folder moved successfully. C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\Skin folder moved successfully. C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\Resources folder moved successfully. C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\Languages folder moved successfully. C:\Program Files (x86)\Wondershare\WAF\2.3.2.220 folder moved successfully. C:\Program Files (x86)\Wondershare\WAF folder moved successfully. C:\Program Files (x86)\Wondershare folder moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\ deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"DefaultConnectionSettings"|hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"SavedLegacySettings"|hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully! ========== COMMANDS ========== Restore point Set: OTL Restore Point [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Eduardo ->Temp folder emptied: 182670740 bytes ->Temporary Internet Files folder emptied: 15851689 bytes ->Java cache emptied: 2443715 bytes ->Flash cache emptied: 1018 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 163697062 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 98074325 bytes Total Files Cleaned = 441,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 09242017_222205 Files\Folders moved on Reboot... File move failed. C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe scheduled to be moved on reboot. File move failed. C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\mfevtps.exe scheduled to be moved on reboot. File move failed. C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe scheduled to be moved on reboot. File move failed. C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\drivers\mfehidk.sys scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\drivers\mfefirek.sys scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\drivers\mfeaack.sys scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\drivers\mfeavfk.sys scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\drivers\mfewfpk.sys scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\drivers\mfeplk.sys scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\drivers\mfeelamk.sys scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\drivers\cfwids.sys scheduled to be moved on reboot. File move failed. c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL scheduled to be moved on reboot. File move failed. c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll scheduled to be moved on reboot. C:\Users\Eduardo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Users\Eduardo\AppData\Local\Microsoft\Windows\INetCache\counters.dat scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\upd\pgs\win_64\bin.upd scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\upd\pgs\dbd\dbd.upd scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\upd\pgs\warsaw.upd scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\upd\global\dbd\dbd.upd scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\upd\global\warsaw.upd scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\upd\cef\mwdbd.upd scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\upd\bb\mwdbd.upd scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\013F54AC16A5B51921E2E77B2C60AAB3.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\19EBB02DCDFC37D57E8C79BDC09047DC.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\46B5C65CFB8C836A109546F58E3A5789.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\4806D58381B52E501E90103C1AE3762F.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\57E95D8E78FCF00E979136B0FD3C9C5A.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\5E3AE455E05417B09ED870D5E29E9276.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\6127054A9159BEEF1BC5485990935FE1.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\886A425515D048A464DA71EF1FF9DF3E.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\AE376FC6A65745405BC1D17D74C674E6.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\D2D3E551312E5413B2744FF3477CA60B.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\DE2E2E18E9B3FF623817593D3B053365.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\EA4B4CD78DEE9A276C07FD9446828D38.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\F170E1DFDB3B824E1833F23FB9EAEF3A.wtcf scheduled to be moved on reboot. File move failed. C:\Windows\temp\Diebold\Warsaw\cd\FD1BA3AC1F3AF009CDF574531C1B93CB.wtcf scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Já fiz também o log do HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:34:46, on 24/09/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.18792) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJB R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=Userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Google Update] C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: aapj.bb.com.br O15 - Trusted Zone: seg.bb.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: cloud.gastecnologia.com.br O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @oem20.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\Windows\system32\DptfPolicyCriticalService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe O23 - Service: McAfee Boot Delay Start Service (McBootDelayStartSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone para iOS (Portuguese)\Library\DriverInstaller\DriverInstall.exe (file missing) O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- End of file - 12505 bytes O computador está bem melhor! Já não apresenta lentidão (somente ao reiniciar e demorou um pouquinho, mas isso já acontecia). No entanto, vi que os processos relacionados ao McAfee continuam ativos. Já o Wondershare foi resolvido, ele não está mais sendo executado.
  4. Solicitação de análise de logs

    Boa noite! Segue o conteúdo do arquivo OTL.txt. Fiquei em dúvida se também deveria enviar o conteúdo do arquivo Extras.txt. Caso seja necessário, envio na próxima resposta. OTL logfile created on: 24/09/2017 18:27:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eduardo\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18793) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 5,89 Gb Total Physical Memory | 3,97 Gb Available Physical Memory | 67,37% Memory free 11,89 Gb Paging File | 9,53 Gb Available in Paging File | 80,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,30 Gb Total Space | 67,38 Gb Free Space | 36,17% Space Free | Partition Type: NTFS Drive D: | 258,35 Gb Total Space | 135,12 Gb Free Space | 52,30% Space Free | Partition Type: NTFS Computer Name: EDUARDO | User Name: Eduardo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2017/09/24 18:24:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe PRC - [2017/08/31 17:18:54 | 040,257,336 | ---- | M] () -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2017/08/21 04:34:44 | 003,410,384 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe PRC - [2017/04/29 10:05:49 | 000,288,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe PRC - [2016/09/22 22:25:23 | 000,631,520 | ---- | M] (GAS Tecnologia) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe PRC - [2016/08/01 10:35:42 | 002,779,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe PRC - [2016/04/01 02:16:12 | 000,931,864 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2014/05/26 14:47:22 | 000,303,928 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2014/05/15 20:23:42 | 000,406,328 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2014/05/08 15:56:44 | 000,209,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2014/04/02 19:46:10 | 000,058,440 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2014/03/27 18:00:12 | 019,723,888 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2014/03/26 20:24:44 | 000,115,512 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe PRC - [2014/02/26 02:50:24 | 000,323,584 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2014/01/20 08:57:42 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2014/01/20 08:57:08 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2013/11/08 21:08:52 | 000,227,936 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe PRC - [2013/10/23 18:45:30 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2013/10/23 18:44:48 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2013/10/23 18:44:48 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012/05/28 15:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2011/11/21 19:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe ========== Modules (No Company Name) ========== MOD - [2017/09/24 10:08:42 | 001,177,088 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._core_.pyd MOD - [2017/09/24 10:08:42 | 001,067,520 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._controls_.pyd MOD - [2017/09/24 10:08:42 | 000,816,640 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._windows_.pyd MOD - [2017/09/24 10:08:42 | 000,806,912 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._gdi_.pyd MOD - [2017/09/24 10:08:42 | 000,733,696 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._misc_.pyd MOD - [2017/09/24 10:08:42 | 000,088,576 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows.volumes.pyd MOD - [2017/09/24 10:08:42 | 000,077,824 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._html2.pyd MOD - [2017/09/24 10:08:42 | 000,058,880 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows.device_monitor.pyd MOD - [2017/09/24 10:08:42 | 000,017,408 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows.winwrap.pyd MOD - [2017/09/24 10:08:41 | 000,736,256 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pysqlite2._sqlite.pyd MOD - [2017/09/24 10:08:41 | 000,686,080 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\unicodedata.pyd MOD - [2017/09/24 10:08:41 | 000,524,248 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows._lib_cacheinvalidation.pyd MOD - [2017/09/24 10:08:41 | 000,364,544 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pythoncom27.dll MOD - [2017/09/24 10:08:41 | 000,320,512 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32com.shell.shell.pyd MOD - [2017/09/24 10:08:41 | 000,167,936 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32gui.pyd MOD - [2017/09/24 10:08:41 | 000,127,488 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pyexpat.pyd MOD - [2017/09/24 10:08:41 | 000,119,808 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32file.pyd MOD - [2017/09/24 10:08:41 | 000,110,080 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pywintypes27.dll MOD - [2017/09/24 10:08:41 | 000,108,544 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32security.pyd MOD - [2017/09/24 10:08:41 | 000,098,816 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32api.pyd MOD - [2017/09/24 10:08:41 | 000,082,432 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\usb_ext.pyd MOD - [2017/09/24 10:08:41 | 000,038,912 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32inet.pyd MOD - [2017/09/24 10:08:41 | 000,035,840 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32process.pyd MOD - [2017/09/24 10:08:41 | 000,025,600 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32pdh.pyd MOD - [2017/09/24 10:08:41 | 000,024,064 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32pipe.pyd MOD - [2017/09/24 10:08:41 | 000,022,528 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32ts.pyd MOD - [2017/09/24 10:08:41 | 000,020,480 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_yappi.pyd MOD - [2017/09/24 10:08:41 | 000,018,432 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32event.pyd MOD - [2017/09/24 10:08:41 | 000,017,920 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\thumbnails_ext.pyd MOD - [2017/09/24 10:08:41 | 000,017,408 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32profile.pyd MOD - [2017/09/24 10:08:41 | 000,013,824 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\common.time34.pyd MOD - [2017/09/24 10:08:41 | 000,011,264 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32crypt.pyd MOD - [2017/09/24 10:08:41 | 000,010,240 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\select.pyd MOD - [2017/09/24 10:08:41 | 000,007,168 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\hashobjs_ext.pyd MOD - [2017/09/24 10:08:40 | 001,309,696 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_ssl.pyd MOD - [2017/09/24 10:08:40 | 000,918,528 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_hashlib.pyd MOD - [2017/09/24 10:08:40 | 000,218,624 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\PIL._imaging.pyd MOD - [2017/09/24 10:08:40 | 000,129,536 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_elementtree.pyd MOD - [2017/09/24 10:08:40 | 000,088,064 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_ctypes.pyd MOD - [2017/09/24 10:08:40 | 000,046,080 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_socket.pyd MOD - [2017/09/24 10:08:40 | 000,036,864 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_psutil_windows.pyd MOD - [2017/09/24 10:08:40 | 000,027,648 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_multiprocessing.pyd MOD - [2017/09/18 22:18:09 | 007,577,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fd1b666835e77e2661323dac7e0587e1\System.Xml.ni.dll MOD - [2017/09/18 22:18:05 | 002,031,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f2c7f2963e05fa02657aa1c2fbb9c306\System.Xaml.ni.dll MOD - [2017/09/18 22:18:04 | 013,563,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7d9d077eb4ded37dea277f695ba62a9f\System.Windows.Forms.ni.dll MOD - [2017/09/18 22:17:41 | 001,645,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9942224b2cb962890f5e8608a70a5de0\System.Drawing.ni.dll MOD - [2017/09/18 22:17:35 | 000,993,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\9dd4356e776f5ed068d649145fd7c5e6\System.Configuration.ni.dll MOD - [2017/09/18 22:17:34 | 019,825,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2dd3ed728ffeaa38583744a6321d0dd5\PresentationFramework.ni.dll MOD - [2017/09/18 22:17:34 | 000,536,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\eedc58de041994b8b94c590b744fee00\PresentationFramework.Aero2.ni.dll MOD - [2017/09/18 22:17:23 | 012,184,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\d1f1c17c0842a41c91c33567f458ba82\PresentationCore.ni.dll MOD - [2017/09/18 22:17:16 | 004,110,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dbc8949492c79af28c43ccfa13d172ff\WindowsBase.ni.dll MOD - [2017/09/18 22:17:12 | 007,684,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\47535d8f572ae7406856caade371353b\System.Core.ni.dll MOD - [2017/09/18 22:17:06 | 010,336,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\18abf3307fdc21471c4c68baced31c69\System.ni.dll MOD - [2017/08/31 17:18:54 | 040,257,336 | ---- | M] () -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe MOD - [2017/08/30 03:04:22 | 020,518,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5a63cba6fca9851d84db4a2860bf633a\mscorlib.ni.dll MOD - [2014/04/02 19:46:10 | 000,117,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll MOD - [2014/04/02 19:46:10 | 000,037,936 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll MOD - [2014/04/02 19:46:10 | 000,020,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll MOD - [2014/04/02 19:46:10 | 000,018,992 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll MOD - [2013/04/27 10:24:12 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll ========== Services (SafeList) ========== SRV:64bit: - [2017/08/07 19:27:36 | 000,993,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe -- (McAPExe) SRV:64bit: - [2017/08/07 10:25:08 | 006,058,960 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe -- (MBAMService) SRV:64bit: - [2017/07/07 12:16:30 | 001,056,304 | ---- | M] (GAS Tecnologia LTDA) [Auto | Running] -- C:\Program Files\Diebold\Warsaw\core.exe -- (Warsaw Technology) SRV:64bit: - [2017/06/21 17:19:44 | 000,394,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe -- (mfemms) SRV:64bit: - [2017/06/21 17:10:38 | 000,350,160 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2017/06/21 17:06:34 | 000,242,640 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV:64bit: - [2017/05/30 22:21:26 | 002,139,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe -- (mccspsvc) SRV:64bit: - [2017/04/16 05:37:33 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2017/02/22 10:35:46 | 000,641,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2017/02/22 10:35:46 | 000,641,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc) SRV:64bit: - [2017/02/22 10:35:46 | 000,641,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McBootDelayStartSvc) SRV:64bit: - [2017/02/22 10:35:46 | 000,641,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc) SRV:64bit: - [2017/01/12 13:51:17 | 000,361,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc) SRV:64bit: - [2017/01/12 13:51:17 | 000,119,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2017/01/10 18:06:07 | 000,840,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2016/12/24 20:39:34 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:64bit: - [2016/08/22 10:34:40 | 001,628,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2016/06/07 17:32:07 | 002,988,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2016/02/08 13:53:04 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:64bit: - [2016/02/03 12:11:56 | 001,673,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:64bit: - [2015/07/16 15:58:34 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2015/05/30 16:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2015/05/12 10:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2015/05/07 12:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc) SRV:64bit: - [2015/02/20 20:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2014/10/29 00:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2014/10/28 23:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:64bit: - [2014/10/28 23:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2014/10/28 23:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2014/10/28 23:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2014/10/28 23:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2014/10/28 22:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV:64bit: - [2014/10/28 22:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:64bit: - [2014/10/28 22:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:64bit: - [2014/10/28 22:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2014/10/28 22:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2014/10/28 22:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2014/10/28 22:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:64bit: - [2014/10/28 22:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2014/10/28 22:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2014/10/28 22:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2014/10/28 22:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2014/10/28 22:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2014/10/28 22:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2014/10/28 21:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:64bit: - [2014/03/18 00:10:44 | 000,282,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0) SRV:64bit: - [2013/10/17 23:24:42 | 000,148,160 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyCriticalService.exe -- (DptfPolicyCriticalService) SRV:64bit: - [2013/10/17 23:24:42 | 000,126,952 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService) SRV:64bit: - [2013/10/17 23:24:42 | 000,117,704 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService) SRV:64bit: - [2013/10/17 23:24:42 | 000,116,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService) SRV:64bit: - [2013/09/02 18:31:00 | 000,827,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV - [2016/12/15 08:33:56 | 000,440,832 | ---- | M] (Wondershare) [Auto | Stopped] -- C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe -- (WsAppService) SRV - [2016/09/22 22:25:23 | 000,631,520 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\gbpsv.exe -- (GbpSv) SRV - [2016/06/07 17:32:07 | 002,988,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2015/05/07 12:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc) SRV - [2014/10/28 22:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2014/10/28 22:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2014/03/26 20:24:44 | 000,115,512 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2014/03/18 00:10:52 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2014/02/26 03:17:38 | 000,319,104 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2014/02/26 02:50:24 | 000,323,584 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent) SRV - [2014/01/20 08:57:08 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2013/11/08 21:08:52 | 000,227,936 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService) SRV - [2013/10/23 18:45:30 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013/10/23 18:44:48 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2013/10/23 18:44:48 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2013/08/16 05:04:18 | 000,071,680 | ---- | M] (ASUS Cloud Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe -- (Asus WebStorage Windows Service) SRV - [2011/11/21 19:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2010/10/12 14:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2017/09/24 18:28:34 | 000,028,888 | ---- | M] (GAS Tecnologia) [File_System | System | Running] -- C:\Windows\SysNative\drivers\gbpddfac64.sys -- (gbpddfac) DRV:64bit: - [2017/09/24 10:08:20 | 000,101,824 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\farflt.sys -- (MBAMFarflt) DRV:64bit: - [2017/09/24 10:08:16 | 000,045,472 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection) DRV:64bit: - [2017/09/24 10:08:12 | 000,253,888 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2017/09/24 10:07:27 | 000,028,376 | ---- | M] (GAS Tecnologia) [File_System | System | Running] -- C:\Windows\SysNative\drivers\wsddfac.sys -- (wsddfac) DRV:64bit: - [2017/09/23 17:36:18 | 000,192,960 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MBAMChameleon.sys -- (MBAMChameleon) DRV:64bit: - [2017/08/24 11:27:36 | 000,077,440 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mbae64.sys -- (ESProtectionDriver) DRV:64bit: - [2017/07/08 17:14:22 | 000,376,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:64bit: - [2017/07/08 00:16:36 | 000,086,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:64bit: - [2017/06/26 09:25:56 | 000,933,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2017/06/26 09:25:56 | 000,506,352 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2017/06/26 09:25:56 | 000,487,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeaack.sys -- (mfeaack) DRV:64bit: - [2017/06/26 09:25:56 | 000,355,312 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2017/06/26 09:25:56 | 000,253,424 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2017/06/26 09:25:56 | 000,116,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeplk.sys -- (mfeplk) DRV:64bit: - [2017/06/26 09:25:56 | 000,084,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfeelamk.sys -- (mfeelamk) DRV:64bit: - [2017/06/26 09:25:56 | 000,077,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2017/06/19 22:42:05 | 000,047,672 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtliteusbbus.sys -- (dtliteusbbus) DRV:64bit: - [2017/06/19 22:41:55 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus) DRV:64bit: - [2017/05/15 19:09:32 | 000,057,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:64bit: - [2017/03/12 12:04:55 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2017/02/10 11:37:28 | 000,046,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2017/01/12 13:51:18 | 000,274,776 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2017/01/12 13:51:18 | 000,117,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:64bit: - [2017/01/11 14:28:42 | 000,422,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2016/11/07 14:54:54 | 000,025,184 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wsddprm.sys -- (wsddprm) DRV:64bit: - [2016/10/12 18:11:01 | 000,922,968 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS) DRV:64bit: - [2016/09/05 04:47:12 | 000,165,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2016/09/05 04:47:06 | 000,131,712 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2016/06/16 18:43:32 | 000,036,984 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wsddntf.sys -- (wsddntf) DRV:64bit: - [2016/06/08 18:43:00 | 000,025,184 | ---- | M] (GAS Tecnologia) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\wsddpp.sys -- (wsddpp) DRV:64bit: - [2016/03/28 11:41:34 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2016/02/22 23:45:57 | 000,230,712 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\droidcamvideo.sys -- (DroidCamVideo) DRV:64bit: - [2016/02/22 23:45:56 | 000,033,592 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\droidcam.sys -- (DroidCam) DRV:64bit: - [2016/01/26 16:15:40 | 000,072,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:64bit: - [2015/10/11 03:34:30 | 000,468,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2015/09/29 09:24:42 | 000,155,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2015/04/16 03:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2015/03/19 22:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:64bit: - [2015/03/13 01:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2015/03/08 23:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2014/11/10 15:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2014/10/29 00:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2014/10/29 00:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2014/10/28 23:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2014/10/28 23:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc) DRV:64bit: - [2014/10/28 23:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2014/10/28 23:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2014/10/28 23:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2014/10/12 23:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:64bit: - [2014/10/07 03:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2014/08/14 21:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2014/03/31 17:43:00 | 000,071,952 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP) DRV:64bit: - [2014/03/27 18:00:12 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2014/03/18 00:10:32 | 003,729,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2014/03/17 06:57:10 | 000,843,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2014/03/16 23:43:32 | 000,450,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2014/03/13 09:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof) DRV:64bit: - [2014/03/07 03:53:16 | 003,892,224 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr) DRV:64bit: - [2014/03/01 17:32:31 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2014/03/01 17:32:31 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2014/02/26 02:53:02 | 000,598,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2014/02/26 02:53:02 | 000,355,528 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2014/02/26 02:53:02 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2014/02/26 02:53:02 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2014/02/26 02:53:02 | 000,118,984 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2014/02/26 02:53:02 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2014/02/26 02:53:02 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2014/02/26 02:53:02 | 000,035,016 | ---- | M] (Qualcomm Atheros) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2014/02/22 12:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2014/02/11 22:08:26 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Program Files\ASUS\P4G\plctrl.sys -- (plctrl) DRV:64bit: - [2013/12/18 01:39:51 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2013/12/04 15:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2013/10/25 22:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:64bit: - [2013/10/23 18:44:48 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64) DRV:64bit: - [2013/10/17 23:24:40 | 000,494,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager) DRV:64bit: - [2013/10/17 23:24:40 | 000,289,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc) DRV:64bit: - [2013/10/17 23:24:40 | 000,116,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch) DRV:64bit: - [2013/10/17 23:24:38 | 000,145,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram) DRV:64bit: - [2013/10/07 22:47:18 | 000,020,280 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys -- (HIDSwitch) DRV:64bit: - [2013/08/22 16:12:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2013/08/22 10:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:64bit: - [2013/08/22 10:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2013/08/22 09:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:64bit: - [2013/08/22 09:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2013/08/22 09:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2013/08/22 09:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013/08/22 09:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2013/08/22 09:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2013/08/22 09:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2013/08/22 09:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2013/08/22 09:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3) DRV:64bit: - [2013/08/22 09:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:64bit: - [2013/08/22 09:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2013/08/22 09:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2013/08/22 09:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:64bit: - [2013/08/22 09:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2013/08/22 09:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2013/08/22 09:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2013/08/22 09:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2013/08/22 09:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2013/08/22 09:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2013/08/22 09:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2013/08/22 09:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:64bit: - [2013/08/22 09:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2013/08/22 09:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2013/08/22 09:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:64bit: - [2013/08/22 09:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2013/08/22 08:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2013/08/22 08:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2013/08/22 08:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2013/08/22 08:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2013/08/22 08:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2013/08/22 08:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013/08/22 08:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2013/08/22 08:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2013/08/22 08:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2013/08/22 08:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2013/08/22 08:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2013/08/22 08:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013/08/22 08:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2013/08/22 08:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2013/08/22 08:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:64bit: - [2013/08/22 05:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2013/08/12 20:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:64bit: - [2013/08/09 21:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:64bit: - [2013/08/08 23:31:50 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2013/07/30 15:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:64bit: - [2013/07/25 16:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:64bit: - [2013/07/24 03:53:12 | 000,423,128 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPer.sys -- (RTSPER) DRV:64bit: - [2013/06/18 12:05:45 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2013/06/18 11:45:58 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2013/06/18 11:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress) DRV:64bit: - [2012/08/06 00:17:18 | 000,017,280 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2015/08/26 14:35:32 | 000,029,912 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GbPlugin\gbprcm64.sys -- (GBPRCM) DRV - [2015/04/29 11:29:12 | 000,024,792 | ---- | M] (GAS Tecnologia LTDA) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GbPlugin\wsftprp64.sys -- (Warsaw_PP) DRV - [2013/07/02 21:45:52 | 000,019,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009/07/02 22:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&PC=ASJB IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&PC=ASJB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = D0 64 8C FF 29 0A D3 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 12 00 00 00 D3 3E 26 E7 2B 8C B3 5A 91 41 F7 8F 63 8C D7 9D E2 95 02 00 00 00 0E 00 00 00 34 52 78 49 6D 38 30 65 44 69 4D 25 33 64 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eduardo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Eduardo\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2017/09/23 12:30:14 | 000,000,753 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe () O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [Google Update] C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe (Google Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Atheros Communications) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites) O15 - HKCU\..Trusted Domains: bb.com.br ([aapj] * in Trusted sites) O15 - HKCU\..Trusted Domains: bb.com.br ([seg] * in Trusted sites) O15 - HKCU\..Trusted Domains: bb.com.br ([seg] https in Trusted sites) O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites) O15 - HKCU\..Trusted Domains: bb.com.br ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites) O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] https in Trusted sites) O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem2] https in Trusted sites) O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites) O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] https in Trusted sites) O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites) O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbankingpf] https in Trusted sites) O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites) O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: gastecnologia.com.br ([cloud] * in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A0273A4-ACF6-41E3-90F9-F5F34B576E06}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4383C46-0A5F-465B-ABEB-03FFC614105D}: DhcpNameServer = 172.16.0.250 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 90 Days ========== [2017/09/24 18:24:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe [2017/09/23 20:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2017/09/23 20:20:59 | 002,870,984 | ---- | C] (ESET) -- C:\Users\Eduardo\Desktop\esetsmartinstaller_enu.exe [2017/09/23 17:36:17 | 000,101,824 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys [2017/09/22 21:07:30 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\ZHP [2017/09/22 21:07:29 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\ZHP [2017/09/20 23:17:36 | 008,182,736 | ---- | C] (Malwarebytes) -- C:\Users\Eduardo\Desktop\AdwCleaner.exe [2017/09/20 23:13:46 | 001,790,024 | ---- | C] (Malwarebytes) -- C:\Users\Eduardo\Desktop\JRT.exe [2017/09/19 21:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google [2017/09/19 20:32:48 | 000,192,960 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys [2017/09/19 20:32:47 | 000,094,144 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys [2017/09/19 20:32:43 | 000,045,472 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys [2017/09/19 20:32:36 | 000,253,888 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2017/09/19 20:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [2017/09/19 20:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes [2017/09/19 17:18:04 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files (x86)\HijackThis.exe [2017/09/19 16:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2017/08/17 23:19:04 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\dvdcss [2017/08/14 21:53:02 | 000,028,376 | ---- | C] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\wsddfac.sys [2017/08/14 21:53:02 | 000,025,184 | ---- | C] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\wsddprm.sys [2017/08/14 21:53:02 | 000,025,184 | ---- | C] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\wsddpp.sys [2017/08/14 21:52:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\GAS Tecnologia [2017/08/14 21:52:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Diebold ========== Files - Modified Within 90 Days ========== [2017/09/24 18:34:03 | 000,028,888 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\gbpddfac64.sys [2017/09/24 18:24:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe [2017/09/24 10:13:05 | 000,000,093 | ---- | M] () -- C:\Users\Eduardo\AppData\Roaming\sp_data.sys [2017/09/24 10:08:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2017/09/24 10:08:20 | 000,101,824 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys [2017/09/24 10:08:16 | 000,045,472 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys [2017/09/24 10:08:12 | 000,253,888 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2017/09/24 10:07:27 | 000,028,376 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\wsddfac.sys [2017/09/24 10:06:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2017/09/24 10:06:22 | 761,208,831 | -HS- | M] () -- C:\hiberfil.sys [2017/09/23 20:21:00 | 002,870,984 | ---- | M] (ESET) -- C:\Users\Eduardo\Desktop\esetsmartinstaller_enu.exe [2017/09/23 17:36:18 | 000,192,960 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys [2017/09/23 12:30:14 | 000,000,753 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2017/09/23 09:34:40 | 001,309,184 | ---- | M] () -- C:\zoek.exe [2017/09/22 21:07:35 | 000,000,881 | ---- | M] () -- C:\Users\Eduardo\Desktop\ZHPCleaner.lnk [2017/09/22 21:04:03 | 000,094,144 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys [2017/09/22 20:24:11 | 561,008,347 | ---- | M] () -- C:\Windows\MEMORY.DMP [2017/09/22 07:07:25 | 002,894,208 | ---- | M] () -- C:\Users\Eduardo\Desktop\ZHPCleaner.exe [2017/09/21 08:04:00 | 000,118,666 | ---- | M] () -- C:\Users\Eduardo\Desktop\Sem título.jpg [2017/09/20 23:17:45 | 008,182,736 | ---- | M] (Malwarebytes) -- C:\Users\Eduardo\Desktop\AdwCleaner.exe [2017/09/20 23:14:38 | 001,790,024 | ---- | M] (Malwarebytes) -- C:\Users\Eduardo\Desktop\JRT.exe [2017/09/19 20:32:28 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk [2017/09/19 17:17:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\HijackThis.exe [2017/09/18 22:05:18 | 000,369,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2017/08/24 11:27:36 | 000,077,440 | ---- | M] () -- C:\Windows\SysNative\drivers\mbae64.sys [2017/08/20 18:56:56 | 001,799,910 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2017/08/20 18:56:56 | 000,783,224 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat [2017/08/20 18:56:56 | 000,730,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2017/08/20 18:56:56 | 000,161,776 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat [2017/08/20 18:56:56 | 000,138,874 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2017/08/15 21:43:39 | 000,101,560 | ---- | M] () -- C:\Users\Eduardo\Desktop\Horários 2017-2.pdf [2017/07/21 10:40:59 | 000,518,144 | ---- | M] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== Files Created - No Company Name ========== [2017/09/23 09:34:32 | 001,309,184 | ---- | C] () -- C:\zoek.exe [2017/09/22 21:07:35 | 000,000,881 | ---- | C] () -- C:\Users\Eduardo\Desktop\ZHPCleaner.lnk [2017/09/22 20:24:11 | 561,008,347 | ---- | C] () -- C:\Windows\MEMORY.DMP [2017/09/22 07:06:29 | 002,894,208 | ---- | C] () -- C:\Users\Eduardo\Desktop\ZHPCleaner.exe [2017/09/21 08:03:58 | 000,118,666 | ---- | C] () -- C:\Users\Eduardo\Desktop\Sem título.jpg [2017/09/19 21:22:26 | 000,001,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive for PC is now Backup and Sync from Google.lnk [2017/09/19 20:32:28 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk [2017/09/19 20:32:27 | 000,077,440 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys [2017/08/15 21:43:36 | 000,101,560 | ---- | C] () -- C:\Users\Eduardo\Desktop\Horários 2017-2.pdf [2017/08/09 15:41:53 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2017/08/09 15:41:27 | 000,448,629 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2017/01/26 18:39:27 | 000,000,232 | ---- | C] () -- C:\Windows\SysWow64\dllhost.exe.config [2016/06/17 10:13:53 | 000,010,240 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2016/02/22 23:47:04 | 000,000,035 | ---- | C] () -- C:\ProgramData\droidcam-settings [2015/12/14 22:10:39 | 000,000,093 | ---- | C] () -- C:\Users\Eduardo\AppData\Roaming\sp_data.sys [2015/11/15 20:27:23 | 000,000,114 | ---- | C] () -- C:\Users\Eduardo\webutil.32.properties [2014/11/26 22:36:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2013/12/18 14:55:58 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe [2013/12/18 14:55:58 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd ========== ZeroAccess Check ========== [2015/08/18 23:22:47 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2017/08/12 06:30:10 | 022,361,344 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2017/08/12 06:26:18 | 019,789,736 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 22:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 21:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 22:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2016/09/04 19:50:51 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\(84-11-9E-D5-C9-B7) [2015/10/09 18:20:21 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\(C4-42-02-25-FB-29) [2016/10/16 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\amanita-design.samorost3 [2017/06/04 19:46:17 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\avidemux [2017/09/19 17:15:04 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\DAEMON Tools Lite [2017/01/11 20:48:25 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\Garmin [2017/01/26 18:50:50 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\iMobie [2015/08/25 10:25:46 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\RobotSoft [2015/09/07 23:56:40 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\SPORE [2017/09/23 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\uTorrent [2015/07/25 11:54:45 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\WebStorage [2016/03/25 21:43:30 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\WildTangent [2017/01/26 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\Wondershare [2017/09/22 21:20:51 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\ZHP ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\system32\drivers\*.* /90 > < %systemdrive%\drivers\*.exe > < %SYSTEMDRIVE%\*.* > [2015/08/04 12:29:15 | 000,001,024 | ---- | M] () -- C:\.rnd [2013/12/18 01:34:57 | 000,398,356 | RHS- | M] () -- C:\bootmgr [2013/06/18 09:18:29 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT [2017/09/24 10:06:22 | 761,208,831 | -HS- | M] () -- C:\hiberfil.sys [2017/09/24 10:06:25 | 2147,483,647 | -HS- | M] () -- C:\pagefile.sys [2017/09/23 13:00:41 | 000,000,954 | ---- | M] () -- C:\runcheck.txt [2017/09/24 10:06:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2017/09/23 12:43:00 | 000,001,347 | ---- | M] () -- C:\zoek-results.log [2017/09/23 09:34:40 | 001,309,184 | ---- | M] () -- C:\zoek.exe < %LOCALAPPDATA%\*.exe > < %LOCALAPPDATA%\*.txt > < %LOCALAPPDATA%\*.ini > [2017/06/05 15:48:13 | 000,010,240 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini < %LOCALAPPDATA%\*.dll > < %LOCALAPPDATA%\*.dat > [2017/08/22 06:46:28 | 000,083,744 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\GDIPFONTCACHEV1.DAT < %USERPROFILE%\*.exe > < %USERPROFILE%\*.txt > < %USERPROFILE%\*.ini > [2015/07/25 11:48:20 | 000,000,020 | -HS- | M] () -- C:\Users\Eduardo\ntuser.ini < %USERPROFILE%\*.dll > < %USERPROFILE%\*.dat /30 > [2017/09/24 10:05:16 | 003,407,872 | -HS- | M] () -- C:\Users\Eduardo\NTUSER.DAT < C:\Windows\system32\Tasks\*.* /s > [2013/08/22 11:45:54 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2016/01/04 21:11:46 | 000,001,050 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core.job [2016/01/04 21:11:46 | 000,001,050 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d1474daa2cc74b.job [2016/02/01 19:02:41 | 000,001,050 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d15d3c458456cf.job [2016/05/10 21:29:19 | 000,001,050 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d1ab1c28a47df9.job < C:\Windows\system32\Tasks\*.* /s /64 > [2017/09/24 12:00:20 | 000,003,480 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS Live Update1 [2017/09/24 12:00:20 | 000,003,470 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS Live Update2 [2014/11/26 22:49:56 | 000,003,054 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS P4G [2014/11/26 22:39:59 | 000,003,538 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS Smart Gesture Launcher [2014/11/26 22:51:18 | 000,002,986 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS Splendid ACMON [2014/11/26 22:51:04 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS USB Charger Plus [2014/11/26 22:46:53 | 000,003,562 | ---- | M] () -- C:\Windows\SysNative\Tasks\ATK Package 36D18D69AFC3 [2015/12/01 20:24:09 | 000,002,792 | ---- | M] () -- C:\Windows\SysNative\Tasks\CCleanerSkipUAC [2017/04/29 10:05:56 | 000,003,372 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore [2017/04/29 10:05:57 | 000,003,500 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA [2017/04/28 18:46:17 | 000,003,408 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d1e923f2d93fb3 [2017/04/28 18:46:17 | 000,003,680 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001UA [2017/09/22 06:08:50 | 000,003,068 | ---- | M] () -- C:\Windows\SysNative\Tasks\McAfeeLogon [2017/09/24 14:16:30 | 000,003,598 | ---- | M] () -- C:\Windows\SysNative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1936283034-997287812-3338988641-1001 [2014/11/26 22:52:45 | 000,003,594 | ---- | M] () -- C:\Windows\SysNative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1936283034-997287812-3338988641-500 [2014/11/26 22:49:57 | 000,003,206 | ---- | M] () -- C:\Windows\SysNative\Tasks\P4GIntlCtrl [2014/11/26 22:36:59 | 000,003,138 | ---- | M] () -- C:\Windows\SysNative\Tasks\RtHDVBg [2014/11/26 22:36:58 | 000,003,132 | ---- | M] () -- C:\Windows\SysNative\Tasks\RTKCPL [2016/09/02 23:05:24 | 000,003,912 | ---- | M] () -- C:\Windows\SysNative\Tasks\Update Checker [2017/09/09 20:39:21 | 000,003,352 | ---- | M] () -- C:\Windows\SysNative\Tasks\McAfee\McAfee Auto Maintenance Task Agent [2017/09/09 20:39:21 | 000,002,930 | ---- | M] () -- C:\Windows\SysNative\Tasks\McAfee\McAfee Idle Detection Task [2016/07/20 16:14:27 | 000,004,158 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task [2017/09/23 11:45:02 | 000,003,704 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 [2017/09/23 11:45:01 | 000,003,710 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 [2017/09/19 16:10:47 | 000,003,476 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical [2017/09/19 16:10:48 | 000,003,470 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical [2013/08/22 12:37:37 | 000,004,472 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) [2013/08/22 12:37:37 | 000,003,854 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) [2013/08/22 12:38:14 | 000,002,900 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter [2013/08/22 12:38:32 | 000,003,558 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific [2013/08/22 12:38:14 | 000,003,790 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck [2013/08/22 12:37:55 | 000,002,902 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\AitAgent [2016/01/19 07:12:19 | 000,004,170 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser [2016/01/17 11:56:05 | 000,002,880 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater [2013/08/22 12:38:31 | 000,003,154 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\StartupAppTask [2013/08/22 12:38:48 | 000,002,814 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState [2015/07/25 12:50:06 | 000,003,640 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup [2013/08/22 12:37:41 | 000,003,022 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy [2013/08/22 12:38:52 | 000,002,118 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask [2013/08/22 12:37:21 | 000,004,130 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask [2013/08/22 12:37:21 | 000,003,868 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask [2015/07/25 11:50:00 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam [2013/08/22 12:38:56 | 000,003,028 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan [2013/08/22 12:38:51 | 000,003,178 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM [2013/08/22 12:38:17 | 000,002,934 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator [2013/08/22 12:37:48 | 000,003,316 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask [2013/08/22 12:37:57 | 000,003,182 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip [2013/08/22 12:39:01 | 000,004,450 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan [2013/08/22 12:39:01 | 000,004,012 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery [2013/08/22 12:38:31 | 000,003,266 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag [2017/09/24 18:33:45 | 000,003,782 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh [2013/08/22 12:38:35 | 000,003,170 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled [2015/08/01 23:54:11 | 000,003,696 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup [2015/09/20 19:03:23 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector [2013/08/22 16:12:22 | 000,002,428 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver [2015/08/01 23:54:23 | 000,002,618 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics [2013/08/22 12:38:55 | 000,003,834 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) [2013/08/22 12:37:35 | 000,003,630 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\IME\SQM data sender [2013/08/22 12:39:02 | 000,003,554 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Location\Notifications [2013/08/22 12:37:37 | 000,003,178 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT [2013/08/22 12:38:51 | 000,006,054 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents [2013/08/22 12:38:51 | 000,003,640 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic [2013/08/22 12:38:48 | 000,004,410 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser [2015/07/29 15:37:46 | 000,003,456 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MUI\Lpksetup [2013/08/22 12:38:11 | 000,003,030 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MUI\LPRemove [2015/08/04 12:41:36 | 000,003,324 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MUI\Mcbuilder [2013/08/22 12:38:42 | 000,002,602 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService [2013/08/22 12:37:17 | 000,002,738 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler [2013/08/22 12:38:14 | 000,002,044 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo [2013/08/22 12:38:14 | 000,002,832 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor [2013/08/22 12:38:56 | 000,002,980 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\PI\Secure-Boot-Update [2013/08/22 12:38:56 | 000,002,872 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\PI\Sqm-Tasks [2013/08/22 12:38:58 | 000,003,590 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy [2013/08/22 12:37:16 | 000,003,200 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required [2013/08/22 12:38:57 | 000,003,562 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup [2013/08/22 12:37:49 | 000,002,128 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers [2013/08/22 12:38:41 | 000,003,162 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem [2013/08/22 12:38:36 | 000,005,624 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RAC\RacTask [2013/08/22 12:37:43 | 000,003,248 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Ras\MobilityManager [2015/08/09 19:20:16 | 000,003,750 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE [2013/08/22 12:38:14 | 000,003,326 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Registry\RegIdleBackup [2013/08/22 12:38:57 | 000,004,596 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask [2016/03/09 12:03:01 | 000,003,544 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RemovalTools\MRT_HB [2013/08/22 12:38:47 | 000,002,944 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup [2013/08/22 12:39:00 | 000,003,360 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask [2013/08/22 12:39:00 | 000,003,364 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SettingSync\BackupTask [2013/08/22 12:39:00 | 000,003,462 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask [2013/08/22 12:37:23 | 000,002,236 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\CreateObjectTask [2013/08/22 12:38:57 | 000,002,330 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor [2015/08/01 23:54:13 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh [2015/08/01 23:54:13 | 000,003,014 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload [2013/08/22 12:37:27 | 000,003,512 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance [2013/08/22 12:39:06 | 000,003,036 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task [2013/08/22 12:39:06 | 000,002,768 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task [2017/09/24 18:31:23 | 000,004,680 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask [2015/07/25 11:50:50 | 000,003,842 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon [2013/08/22 11:48:57 | 000,004,480 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork [2013/08/22 12:38:38 | 000,003,590 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask [2013/08/22 12:37:37 | 000,003,214 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate [2013/08/22 12:37:37 | 000,003,284 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance [2017/09/03 00:35:14 | 000,003,858 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask [2013/08/22 12:38:48 | 000,002,798 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SystemRestore\SR [2013/08/22 12:37:32 | 000,002,614 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Task Manager\Interactive [2017/09/24 10:53:21 | 000,004,028 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance [2013/08/22 12:38:35 | 000,004,166 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator [2013/08/22 12:38:35 | 000,003,048 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance [2015/07/25 11:57:24 | 000,004,472 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance [2013/08/22 12:37:53 | 000,002,978 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor [2013/08/22 12:38:35 | 000,002,848 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime [2013/08/22 12:37:21 | 000,002,918 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime [2013/08/22 12:39:01 | 000,003,180 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone [2013/08/22 12:38:56 | 000,004,194 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance [2013/08/22 12:37:18 | 000,001,986 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig [2013/08/22 12:37:49 | 000,003,420 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask [2013/08/22 12:37:17 | 000,002,682 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WDI\ResolutionHost [2017/09/22 21:14:13 | 000,003,590 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance [2017/09/22 21:14:14 | 000,003,566 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup [2017/09/22 21:14:14 | 000,003,546 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan [2017/09/22 21:14:12 | 000,003,584 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification [2013/08/22 12:37:17 | 000,004,004 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting [2013/08/22 12:37:25 | 000,003,290 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange [2013/08/22 12:38:32 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary [2013/08/22 11:47:31 | 000,003,532 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader [2015/08/01 23:53:10 | 000,003,676 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall [2017/09/24 11:11:40 | 000,003,402 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall [2017/09/24 11:11:40 | 000,005,004 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect [2017/09/24 11:11:40 | 000,004,926 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start [2017/09/24 11:11:40 | 000,004,924 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network [2013/08/22 12:37:24 | 000,003,344 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Wininet\CacheTask [2015/08/01 23:54:29 | 000,003,448 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management [2015/08/09 19:18:41 | 000,003,016 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation [2013/08/22 12:38:47 | 000,002,808 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization [2013/08/22 12:38:47 | 000,003,132 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work [2013/08/22 12:38:51 | 000,003,530 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join [2013/08/22 12:39:06 | 000,003,606 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WS\Badge Update [2017/09/22 20:38:51 | 000,005,070 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WS\License Validation [2013/08/22 12:39:06 | 000,003,464 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WS\Sync Licenses [2013/08/22 12:39:06 | 000,003,826 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask [2013/08/22 12:38:32 | 000,003,700 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WS\WSTask < %windir%\tasks\*.* /s > [2016/01/04 21:11:46 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core.job [2016/02/01 19:02:41 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d1474daa2cc74b.job [2016/05/10 21:29:19 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d15d3c458456cf.job [2016/07/28 20:01:17 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d1ab1c28a47df9.job [2017/09/24 10:07:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT < %systemroot%\*.scr > [2014/03/31 21:34:22 | 000,322,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections > "DefaultConnectionSettings" = 46 00 00 00 2C 02 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 78 CF 04 63 03 A8 4C 20 6A D7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes] "SavedLegacySettings" = 46 00 00 00 99 35 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 78 CF 04 63 03 A8 4C 20 6A D7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes] < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations > < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments > < HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s > < HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MEMPROTECT_MODE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] < \FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP > < HKCU\Software\Microsoft\Internet Explorer\Downloads > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings > "CodeBaseSearchPath" = CODEBASE "WarnOnIntranet" = 1 "EnablePunycode" = 1 "MinorVersion" = 0 "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2013/08/22 12:36:44 | 000,000,000 | --SD | M] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones] < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings > "CodeBaseSearchPath" = CODEBASE "WarnOnIntranet" = 1 "EnablePunycode" = 1 "MinorVersion" = 0 "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2013/08/22 12:36:44 | 000,000,000 | --SD | M] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones] < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server > "StartRCM" = 0 "DeleteTempDirsOnExit" = 1 "fSingleSessionPerUser" = 1 "TSUserEnabled" = 0 "RCDependentServices" = CertPropSvcSessionEnv [binary data] "SnapshotMonitors" = 1 "DelayConMgrTimeout" = 0 "NotificationTimeOut" = 0 "PerSessionTempDir" = 0 "AllowRemoteRPC" = 0 "ProductVersion" = 5.1 "fDenyTSConnections" = 1 "InstanceID" = f3adfd05-9bc4-47d2-9c0b-03451f3 "GlassSessionId" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations] < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon > "Userinit" = Userinit.exe, "Shell" = Explorer.exe -- [2016/08/27 15:26:03 | 002,411,048 | ---- | M] (Microsoft Corporation) "VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2014/10/28 22:39:56 | 000,081,920 | ---- | M] (Microsoft Corporation) "DefaultDomainName" = "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services > [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client] < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa > "Bounds" = 0 [binary data] "auditbasedirectories" = 0 "fullprivilegeauditing" = [binary data] "crashonauditfail" = 0 "auditbaseobjects" = 0 "Security Packages" = "" [binary data] "LimitBlankPasswordUse" = 1 "NoLmHash" = 1 "Notification Packages" = scecli [binary data] -- [2014/10/28 22:01:41 | 000,214,016 | ---- | M] (Microsoft Corporation) "Authentication Packages" = msv1_0 [binary data] -- [2016/10/10 18:17:59 | 000,333,656 | ---- | M] (Microsoft Corporation) "LsaPid" = 844 "SecureBoot" = 1 "ProductType" = 3 "disabledomaincreds" = 0 "everyoneincludesanonymous" = 0 "forceguest" = 0 "restrictanonymous" = 0 "restrictanonymoussam" = 1 "SamConnectedAccountsExist" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CentralizedAccessPolicies] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache] < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts > < \UserList > < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN > "AutoHide" = yes "Security Risk Page" = about:SecurityRisk "Extensions Off Page" = about:NoAdd-ons "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon" = 01 00 00 00 [binary data] "ApplicationTileImmersiveActivation" = 1 "AssociationActivationMode" = 0 "Cache_Percent_of_Disk" = 0A 00 00 00 [binary data] "Placeholder_Width" = 1A 00 00 00 [binary data] "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2017/08/15 21:30:44 | 000,815,280 | ---- | M] (Microsoft Corporation) "Placeholder_Height" = 1A 00 00 00 [binary data] "Default_Secondary_Page_URL" = [binary data] "Use_Async_DNS" = yes "Start Page" = about:blank "Local Page" = C:\Windows\SysWOW64\blank.htm "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit" = yes "Enable_Disk_Cache" = yes "TabProcGrowth" = Medium "DoNotTrack" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate] < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon > "Userinit" = Userinit.exe, "Shell" = Explorer.exe -- [2016/08/27 15:26:03 | 002,411,048 | ---- | M] (Microsoft Corporation) "VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2014/10/28 22:39:56 | 000,081,920 | ---- | M] (Microsoft Corporation) "DefaultDomainName" = "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16} [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] < \SpecialAccounts\UserList > < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN > "AutoHide" = yes "Security Risk Page" = about:SecurityRisk "Extensions Off Page" = about:NoAdd-ons "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon" = 01 00 00 00 [binary data] "ApplicationTileImmersiveActivation" = 1 "AssociationActivationMode" = 0 "Cache_Percent_of_Disk" = 0A 00 00 00 [binary data] "Placeholder_Width" = 1A 00 00 00 [binary data] "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2017/08/15 21:30:44 | 000,815,280 | ---- | M] (Microsoft Corporation) "Placeholder_Height" = 1A 00 00 00 [binary data] "Default_Secondary_Page_URL" = [binary data] "Use_Async_DNS" = yes "Start Page" = about:blank "Local Page" = C:\Windows\SysWOW64\blank.htm "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit" = yes "Enable_Disk_Cache" = yes "TabProcGrowth" = Medium "DoNotTrack" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate] < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService > "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2014/10/29 00:17:51 | 000,033,088 | ---- | M] (Microsoft Corporation) "DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268 "ErrorControl" = 1 "Start" = 3 "Type" = 32 "Description" = @%SystemRoot%\System32\termsrv.dll,-267 "DependOnService" = RPCSS [binary data] "ObjectName" = NT Authority\NetworkService "ServiceSidType" = 1 "RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [Binary data over 200 bytes] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance] < net user /c > Contas de usu rio para \\EDUARDO ------------------------------------------------------------------------------- Administrador Convidado Eduardo Comando conclu¡do com ˆxito. < MD5 for: TERMSRV.DLL > [2015/08/31 12:56:24 | 000,198,463 | ---- | M] () MD5=25A73204EB15E84D6B263267BD21536C -- C:\Windows\WinSxS\amd64_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.16384_none_7f5da1d3283b1dd6\termsrv.dll [2015/08/31 12:56:26 | 000,198,463 | ---- | M] () MD5=25A73204EB15E84D6B263267BD21536C -- C:\Windows\WinSxS\amd64_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.16389_none_7f62a34528369c89\termsrv.dll [2017/05/27 13:42:21 | 001,115,136 | ---- | M] (Microsoft Corporation) MD5=76938862B2674EFED79E814CD36E6A08 -- C:\Windows\SysNative\termsrv.dll [2017/05/27 13:42:21 | 001,115,136 | ---- | M] (Microsoft Corporation) MD5=76938862B2674EFED79E814CD36E6A08 -- C:\Windows\WinSxS\amd64_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.18709_none_7fb8fcad27f5e4df\termsrv.dll [2017/09/03 00:23:51 | 000,080,207 | ---- | M] () MD5=B8454CE722617B69853F0DB663D442DB -- C:\Windows\WinSxS\amd64_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.18692_none_7f50a975284531d0\termsrv.dll [2017/08/19 16:18:08 | 000,048,405 | ---- | M] () MD5=C81B1C71D6175A0FC3806F17869D64D5 -- C:\Windows\WinSxS\amd64_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.17415_none_7faa3caf28018a5e\termsrv.dll < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >[/color] Invalid Switch: color] ========== Alternate Data Streams ========== @Alternate Data Stream - 32 bytes -> C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== @Alternate Data Stream - 237 bytes -> C:\Users\Eduardo\SkyDrive:ms-properties @Alternate Data Stream - 10 bytes -> C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt @Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt < End of report >
  5. Solicitação de análise de logs

    Bom dia, Embora ainda permaneça certa lentidão, o PC teve uma melhora significativa! Já consigo utilizá-lo. Algumas coisas que observei: embora tenha tentado desinstalar o McAfee (durante a desinstalação o PC travou, reiniciei e depois não consegui desinstalar nem pelo painel de controle nem pelo CCleaner) ele continua constando na lista de programas em execução no gerenciador de tarefas. Além disso, aquele processo Wondershare que não sei para que serve, continua inicializando com o PC e usando um monte de memória. Toda vez que inicio preciso finalizá-lo para que o PC não vá ficando lento.
  6. Solicitação de análise de logs

    Boa noite, Segue o log do Eset: C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\2001978e\segundavia01012016 (1).zip VBS/DNSChanger.U trojan deleted C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\2001978e\segundavia01012016 (2).zip VBS/DNSChanger.U trojan deleted C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\2001978e\segundavia01012016 (3).zip VBS/DNSChanger.U trojan deleted C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\2001978e\segundavia01012016.zip VBS/DNSChanger.U trojan deleted C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\20053003\Transaction_Apple_Case (1).pdf PDF/Phishing.A.Gen trojan cleaned by deleting C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\20053003\Transaction_Apple_Case (2).pdf PDF/Phishing.A.Gen trojan cleaned by deleting C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\20053003\Transaction_Apple_Case.pdf PDF/Phishing.A.Gen trojan cleaned by deleting C:\Users\Eduardo\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/OpenCandy.G potentially unsafe application deleted C:\Users\Eduardo\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe a variant of Win32/OpenCandy.G potentially unsafe application deleted
  7. Solicitação de análise de logs

    Boa tarde, Escrevo no celular. Estou executando o Zoek, mas estou em dúvida se esta de fato ocorrendo a execução ou se o script está travado. Desde as 12:54 está parado na mesma situação. Envio em anexo uma foto do que está aparecendo na janela. Tive que executá-lo em modo de compatibilidade com o Windows7, pois quando simplesmente clicava para rodar o script ele não rodava. Só funcionou em modo de compatibilidade.
  8. Solicitação de análise de logs

    Boa noite, O computador está extremamente lento. Não consigo fazer nada, mal abrir o navegador. Tentei desinstalar o MCAFEE antes de passar, mas não sei se deu certo. Durante a desinstalação o computador travou e quando reiniciei já não consegui mais desinstalar (nem pelo painel de controle, nem pro CCleaner). Abrindo o gerenciador de tarefas vi que tinha um processo chamado alguma coisa AppWonderService que estava consumindo quase 5 gb da memória. Não sei o que é. Quando fechei dei uma melhorada na lentidão. Segue o log do ZHP: ~ ZHPCleaner v2017.9.22.166 by Nicolas Coolman (2017/09/22) ~ Run by Eduardo (Administrator) (22/09/2017 21:20:26) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Reparo ~ Report : C:\Users\Eduardo\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Eduardo\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 8.1 Single Language, 64-bit (Build 9600) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (19) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (1) MOVIDO arquivo: C:\Program Files (x86)\DroidCam =>.SUP.Empty ---\\ Registro ( Chaves, Valores, Dados ) (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Resumo dos elementos encontrados na sua estação de trabalho (1) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty ---\\ Dodatkowe oczyszczenie. (21) ~ Chave de registro Tracing Supprimido (21) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Google Chrome) ~ Este navegador está faltando ! (Mozilla Firefox) ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 512 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 1 ~ End of clean in 00h00mn25s ~==================== ZHPCleaner-[R]-22092017-21_20_51.txt ZHPCleaner--22092017-21_17_39.txt
  9. Solicitação de análise de logs

    Bom dia, Seguem os logs. O computador está insuportavelmente lento! Para reiniciar, abrir qualquer programa etc. Por isso só consegui mandar hoje. AdwCleaner # AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 21 02:44:16 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 8.1 Single Language (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C1].txt - [780 B] - [2015/12/13 12:19:32] C:/AdwCleaner/AdwCleaner[S1].txt - [1358 B] - [2015/12/13 12:18:35] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ########## JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 8.1 Single Language x64 Ran by Eduardo (Administrator) on 20/09/2017 at 23:56:28,09 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\ProgramData\mntemp (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21/09/2017 at 0:04:06,04 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HiJackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:16:29, on 21/09/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.18792) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJB R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=Userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Google Update] C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" O4 - HKUS\S-1-5-21-1936283034-997287812-3338988641-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017022041818\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart (User '?') O4 - HKUS\S-1-5-21-1936283034-997287812-3338988641-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017022041818\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR (User '?') O4 - HKUS\S-1-5-21-1936283034-997287812-3338988641-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017022041818\..\Run: [Google Update] C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe (User '?') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: aapj.bb.com.br O15 - Trusted Zone: seg.bb.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: cloud.gastecnologia.com.br O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: ClientAnalyticsService - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @oem20.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\Windows\system32\DptfPolicyCriticalService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe O23 - Service: McAfee Boot Delay Start Service (McBootDelayStartSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone para iOS (Portuguese)\Library\DriverInstaller\DriverInstall.exe (file missing) O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- End of file - 14615 bytes
  10. Solicitação de análise de logs

    Cheguei do trabalho e estou tentando, mas o computador está extremamente lento. Demorou muito para ligar a o mesmo para abrir o navegador. Estou acessando so celular e aguardando para tentar baixar os programaseus indicados.
  11. Solicitação de análise de logs

    Seguem os logs: MBAM: Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 19/09/17 Hora da análise: 20:35 Arquivo de registro: 35e03eaa-9d93-11e7-b87e-5cc9d3f3c715.json Administrador: Sim -Informação do software- Versão: 3.2.2.2029 Versão de componentes: 1.0.188 Versão do pacote de definições: 1.0.2845 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 8.1 CPU: x64 Sistema de arquivos: NTFS Usuário: EDUARDO\Eduardo -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 320013 Ameaças detectadas: 1 Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 11 min, 36 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 1 Trojan.Floxif, C:\USERS\EDUARDO\DOWNLOADS\CCSETUP533_SLIM.EXE, Nenhuma ação do usuário, [8822], [436381],1.0.2845 Setor físico: 0 (Nenhum item malicioso detectado) (end) HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:25:58, on 19/09/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.18792) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\SysWOW64\WerFault.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\ASUS\APRP\aprp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJB R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=Userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Google Update] C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: aapj.bb.com.br O15 - Trusted Zone: seg.bb.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: cloud.gastecnologia.com.br O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: ClientAnalyticsService - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @oem20.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\Windows\system32\DptfPolicyCriticalService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe O23 - Service: McAfee Boot Delay Start Service (McBootDelayStartSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone para iOS (Portuguese)\Library\DriverInstaller\DriverInstall.exe (file missing) O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- End of file - 14427 bytes
  12. Solicitação de análise de logs

    Boa tarde, Há algum tempo minha máquina vem apresentando lentidão excessiva. Alguns problemas na execução do chrome. Eu utilizei alguns pendrives em outros computadores em que havia aquele vírus que adiciona um atalho no pendrive. No entanto, formatei o pendrive e o problema não apareceu novamente no pendrive quando o utilizei no meu computador. Segue o Log para análise e desde já agradeço pela disponibilidade. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:20:01, on 19/09/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.18792) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJB R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=Userinit.exe O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Google Update] C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: aapj.bb.com.br O15 - Trusted Zone: seg.bb.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: cloud.gastecnologia.com.br O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: ClientAnalyticsService - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @oem20.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\Windows\system32\DptfPolicyCriticalService.exe (file missing) O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe O23 - Service: McAfee Boot Delay Start Service (McBootDelayStartSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone para iOS (Portuguese)\Library\DriverInstaller\DriverInstall.exe (file missing) O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- End of file - 14292 bytes
  13. Boa noite, Após as férias, realizei os procedimentos. Seguem os logs abaixo: Zoek: Zoek.exe v5.0.0.1 Updated 31-December-2015Tool run by Eduardo on 04/01/2016 at 14:55:39,29.Microsoft Windows 8.1 Single Language 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Eduardo\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 04/01/2016 14:57:52 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfullyC:\Users\Eduardo\AppData\Local\PackageStaging deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not foundC:\PROGRA~2\GUM3831.tmp deletedC:\HijackThis.exe deletedC:\PROGRA~3\SetStretch.VBS deletedC:\PROGRA~3\{EB5F5A55-037A-4E47-806B-2C8AA9374701} deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted"C:\ProgramData\droidcam-settings" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [23/11/2015 11:53][HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [23/11/2015 11:53] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsfheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[02/12/2015 10:37] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensionslmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Drive App Launcher - Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh ==== Chromium Fix ====================== C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage deleted successfullyC:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfullyC:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_m.softonic.com.br_0.localstorage deleted successfullyC:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_m.softonic.com.br_0.localstorage-journal deleted successfullyC:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_search.emaildefendsearch.com_0.localstorage deleted successfullyC:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_search.emaildefendsearch.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&PC=ASJBHKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&PC=ASJBHKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Reset Google Chrome ====================== C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfullyC:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfullyC:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfullyC:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --show-app-list ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_documentC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheetC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentationC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe -tab aboutC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee LiveSafe – Internet Security.lnk - ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 1"C:\Users\Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Eduardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe ==== Reset IE Proxy ====================== Value(s) before fix:"ProxyEnable"=dword:00000000 Value(s) after fix:"ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Eduardo\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Eduardo\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Eduardo\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\Eduardo\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=82 folders=2 106738800 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\Eduardo\AppData\Local\Temp will be emptied at rebootC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\Eduardo\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 04/01/2016 at 21:53:30,14 ====================== HijackThis: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 21:57:49, on 04/01/2016Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v11.0 (11.00.9600.18123)Boot mode: Normal Running processes:C:\Program Files (x86)\ASUS\Splendid\ACMON.exeC:\PROGRA~2\GbPlugin\GbpSv.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\HijackThis.exeC:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJBR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=Userinit.exeO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dllO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dllO4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartO4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORO4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: www.bancobrasil.com.brO15 - Trusted Zone: www14.bancobrasil.com.brO15 - Trusted Zone: www2.bancobrasil.com.brO15 - Trusted Zone: www.bb.com.brO15 - Trusted Zone: http://www.bb.com.brO15 - Trusted Zone: imagem.caixa.gov.brO15 - Trusted Zone: internetbanking.caixa.gov.brO15 - Trusted Zone: internetbankingpf.caixa.gov.brO15 - Trusted Zone: www.caixa.gov.brO15 - Trusted Zone: http://www.caixa.gov.brO18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dllO18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dllO20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dllO20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dllO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exeO23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exeO23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exeO23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @oem20.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing)O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing)O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\Windows\system32\DptfPolicyCriticalService.exe (file missing)O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing)O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exeO23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exeO23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exeO23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exeO23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exeO23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exeO23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeO23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exeO23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeO23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exeO23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exeO23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe --End of file - 13145 bytes Quanto à situação do PC, ele está melhor. Não está mais lento e a maioria dos arquivos da pasta apareceu novamente. Acredito que esteja tudo em ordem, confere? Agradeço muitíssimo pela atenção.
  14. Bom dia, Seguem os logs. Obrigado! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.1 (11.24.2015)Operating System: Windows 8.1 Single Language x64 Ran by Eduardo (Administrator) on 13/12/2015 at 10:26:40,14~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 2 Successfully deleted: C:\Users\Eduardo\AppData\Roaming\sp_data.sys (File) Successfully deleted: C:\Program Files (x86)\GUT3842.tmp (File) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 13/12/2015 at 10:41:22,97End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.024 - Relatório criado 13/12/2015 às 10:19:32# Atualizado 07/12/2015 por Xplode# Banco de dados : 2015-12-12.1 [servidor]# Sistema operacional : Windows 8.1 Single Language (x64)# Usuário : Eduardo - EDUARDO# Executando de : C:\Users\Eduardo\Desktop\AdwCleaner.exe# Opção : Limpar# Apoio : http://toolslib.net/forum ***** [ Serviços ] ***** ***** [ Pastas ] ***** ***** [ Arquivos ] ***** ***** [ DLLs ] ***** ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Registro ] ***** ***** [ Navegadores ] ***** ************************* :: Chaves "Tracing" excluídas:: Configurações Winsock restauradas ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [702 bytes] ########## Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:09:43, on 13/12/2015Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v11.0 (11.00.9600.18123)Boot mode: Normal Running processes:C:\PROGRA~2\GbPlugin\GbpSv.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJBR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=Userinit.exeO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dllO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dllO4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartO4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORO4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: www.bancobrasil.com.brO15 - Trusted Zone: www14.bancobrasil.com.brO15 - Trusted Zone: www2.bancobrasil.com.brO15 - Trusted Zone: www.bb.com.brO15 - Trusted Zone: http://www.bb.com.brO15 - Trusted Zone: imagem.caixa.gov.brO15 - Trusted Zone: internetbanking.caixa.gov.brO15 - Trusted Zone: internetbankingpf.caixa.gov.brO15 - Trusted Zone: www.caixa.gov.brO15 - Trusted Zone: http://www.caixa.gov.brO18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dllO18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dllO20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dllO20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dllO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exeO23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exeO23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exeO23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @oem20.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing)O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing)O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\Windows\system32\DptfPolicyCriticalService.exe (file missing)O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing)O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exeO23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exeO23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exeO23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exeO23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exeO23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exeO23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeO23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exeO23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeO23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exeO23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exeO23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe --End of file - 12722 bytes
  15. Boa noite, Demorei para responder, pois a semana foi agitada. Segue o log do MBAM: Malwarebytes Anti-Malwarewww.malwarebytes.org Data da verificação: 11/12/2015Hora da verificação: 23:07Arquivo de registro: log.txtAdministrador: Sim Versão: 2.2.0.1024Banco de dados de malware: v2015.12.11.06Banco de dados de rootkit: v2015.12.07.01Licença: GratuitaProteção contra malware: DesabilitadoProteção contra website malicioso: DesabilitadoAutoproteção: Desabilitado Sistema operacional: Windows 8.1CPU: x64Sistema de arquivos: NTFSUsuário: Eduardo Tipo de verificação: Verificação da ameaçaResultado: ConcluídoObjetos verificados: 323028Tempo decorrido: 18 min, 26 seg Memória: HabilitadoInicialização: HabilitadoSistema de arquivos: HabilitadoArquivos compactados: HabilitadoRootkits: HabilitadoHeurística: HabilitadoPUP: HabilitadoPUM: Habilitado Processos: 0(Nenhum item malicioso detectado) Módulos: 0(Nenhum item malicioso detectado) Chaves de registro: 0(Nenhum item malicioso detectado) Valores de registro: 0(Nenhum item malicioso detectado) Dados de registro: 0(Nenhum item malicioso detectado) Pastas: 0(Nenhum item malicioso detectado) Arquivos: 0(Nenhum item malicioso detectado) Setores físicos: 0(Nenhum item malicioso detectado) (end) E o log do Hijack: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 23:28:59, on 11/12/2015Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v11.0 (11.00.9600.17840)Boot mode: Normal Running processes:C:\PROGRA~2\GbPlugin\GbpSv.exeC:\Program Files (x86)\ASUS\Splendid\ACMON.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\SysWOW64\DllHost.exeC:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_55.1.43.0_x86__v10z8vjag6ke6\HP.AiORemote.exeC:\HijackThis.exeC:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJBR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=Userinit.exeO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dllO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dllO4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartO4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORO4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: www.bancobrasil.com.brO15 - Trusted Zone: www14.bancobrasil.com.brO15 - Trusted Zone: www2.bancobrasil.com.brO15 - Trusted Zone: www.bb.com.brO15 - Trusted Zone: http://www.bb.com.brO15 - Trusted Zone: imagem.caixa.gov.brO15 - Trusted Zone: internetbanking.caixa.gov.brO15 - Trusted Zone: internetbankingpf.caixa.gov.brO15 - Trusted Zone: www.caixa.gov.brO15 - Trusted Zone: http://www.caixa.gov.brO18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dllO18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dllO20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dllO20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dllO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exeO23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exeO23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exeO23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @oem20.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing)O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing)O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\Windows\system32\DptfPolicyCriticalService.exe (file missing)O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing)O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exeO23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exeO23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exeO23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exeO23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exeO23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exeO23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeO23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exeO23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeO23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exeO23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exeO23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe --End of file - 13004 bytes Obrigado!
×